Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Changing the date/time on Windows 2003 member server!

Hello,

I am currently designing a 2003 Active Directory infrastructure and I have the following potential issue.

I will have some member servers in the Domain that will run SQL and other apps that Testers\Developers will want me to change the time and date on, to test triggered date and time events.

As far as I understand the time on a member server is synchronised with a DC and each DC is sync'd with the PDC emulator.

I believe that the Windows Time Service (W32Time) can be stopped on a server to prevent a it synchronising its time.  However I am worried this will cause problems as kerberos works on a time being correct.

My question is:-

If I change the date and time on member (with SQL), without changing the rest of the domain will it still be able to service requests from clients with the correct time?

Thanks
0
gnfreeman
Asked:
gnfreeman
  • 4
  • 2
  • 2
2 Solutions
 
rhandelsCommented:
Hi,

My two cents.. If this is a production server, don't change the time. I do know that syncing the AD will go wrong and a lot of other stuff also goes wrong. I do beleive there must be a time differnce of a maximum of 10 minutes, else sync doesn't work. So my guess is that it won't work, servicing request.

0
 
gnfreemanAuthor Commented:
If that is the case I would need a seperate forest/domain for a Test/Dev environment?
0
 
SembeeCommented:
I always isolate test/development environments from the main network - usually as far as firewalling it off from production. I don't trust developers and will not allow them to change anything as key as the time on a production domain.

You are looking at two solutions.

1. Physical seperate test/development domain.
2. Virtual test/development domain - using something like VMWARE.

Remember that these two domains cannot have a trust either - as the time difference will also break that.

Simon.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
rhandelsCommented:
I Agree with SImon about the test domain... Always try to have one, it's very important. specially if something fails..
0
 
gnfreemanAuthor Commented:
Your comments are much appreciated.
Is the date/time issue definately a problem with the trusts as well?
0
 
rhandelsCommented:
I'm not quite sure, maybe Simon is aware of this problem. Only thing i know is not to do this within a working environment...
0
 
SembeeCommented:
I believe trusts use Keberos authentication, which means if the time is out by more than five minutes the trusts break.
I have been there and seen it with my own eyes. Get the clocks in sync and everything is fine.

Simon.
0
 
rhandelsCommented:
>>I believe trusts use Keberos authentication<<

If you use 2003 with forest trust or two way trusts, i'm 100% sure it uses Kerberos authentication.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now