Changing the Time on the PDC Emulator in Windows 2003

Hi,

Simple question, we run 2 Domains A & B, they have 2 way trusts to link them together.

The time on Domain A is 7 minutes out of wack with the rest of the world and the time on Domain B is about 10 minutes out and I want to correct it.  Not to fussed about having to set up an external time clock and am quite happy to every now and then manually update it.

Everything I read seems to be basically 'change the time on the PDC Emulator) and everything will be A OK.  However I am a bit wary of this as I did a time change a few years back on network running Windows 2003 Domain (sigle Domain, no forest) last thing in the evening and the next day came back to authentication problems (users couldn't access folders) and replication problems (sysvol etc...).  Wound up rebooting every Domain Controller on the Network.  May have been a conincidence but...

Has anyone actually changed the Time on the PDC Emulator, particularly in an environment with 2 Domains Trusting each other?

Thanks.
duncanjhamillAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

knightfoxCommented:
yepp..

you need to hook your PDC emulator up to an external time source, or.. run an internal time server which gets its time from an external time source, time.windows.com theere are lots or them.. its important that all your DC's are looking at the same especially in a trust enviroment, kerberos is a time sensitive protocol.  

This article should give you a little backround

http://support.microsoft.com/kb/816042

Personally I would allow your firewall for NTP outbound on port 123 UDP, or configure an internal time server

http://nts.softros.com/server.html

either way you will need to allow 123.

/Fox
0
LauraEHunterMVPCommented:
Don't just change the time on the PDCe manually - use the 816042 KB article to allow the PDCe to change its time gracefully in order to avoid authentication problems. I.e., if your PDCe is 7 minutes "off", the instructions in the KB will allow the PDCe to -gradually- correct its time to be in sync with an external provider or an internal time clock in order to allow the rest of the domain to remain in sync. If the PDCe suddenly goes more than 5 minutes skewed from the rest of the domain, no-one will be able to authenticate.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
duncanjhamillAuthor Commented:
Thanks, will refer to the article and let you know when I have made the changes.
0
ChiefITCommented:
I found a little free utility that will synch your PDCe with an outside Time server without openning up port 123 on your firewall. It uses the HTTP port.

It is a little program called Symmtime. This program is already configured with a number of time sources to choose from and will synch your PDCe system clock with an outside time source. Some sources are .gov time servers.

Symmtime was created by a group called Symmetricom. They manufacture time servers for huge domains and government services. I use their software to synch up to my time servers and it keeps my time right on target.

Symmetricom has two FREE utilities that are VERY easy to install and setup. One is called LMcheck and the other is Symmtime. There is a third utility, that encorporates all these functions into one, called Domain Time II. It get's a little spendy though.  

Symmtime: (Free)
http://www.symmetricom.com/resources/downloads/symmtime/

LMcheck:
http://www.symmetricom.com/resources/downloads/lmcheck-software/

Domain Time II: (Overview)
http://dtdocs.ntp-systems.com/software/domaintime/instructions/tools/utils.asp
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.