• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Changing the Time on the PDC Emulator in Windows 2003


Simple question, we run 2 Domains A & B, they have 2 way trusts to link them together.

The time on Domain A is 7 minutes out of wack with the rest of the world and the time on Domain B is about 10 minutes out and I want to correct it.  Not to fussed about having to set up an external time clock and am quite happy to every now and then manually update it.

Everything I read seems to be basically 'change the time on the PDC Emulator) and everything will be A OK.  However I am a bit wary of this as I did a time change a few years back on network running Windows 2003 Domain (sigle Domain, no forest) last thing in the evening and the next day came back to authentication problems (users couldn't access folders) and replication problems (sysvol etc...).  Wound up rebooting every Domain Controller on the Network.  May have been a conincidence but...

Has anyone actually changed the Time on the PDC Emulator, particularly in an environment with 2 Domains Trusting each other?

2 Solutions

you need to hook your PDC emulator up to an external time source, or.. run an internal time server which gets its time from an external time source, time.windows.com theere are lots or them.. its important that all your DC's are looking at the same especially in a trust enviroment, kerberos is a time sensitive protocol.  

This article should give you a little backround


Personally I would allow your firewall for NTP outbound on port 123 UDP, or configure an internal time server


either way you will need to allow 123.

Don't just change the time on the PDCe manually - use the 816042 KB article to allow the PDCe to change its time gracefully in order to avoid authentication problems. I.e., if your PDCe is 7 minutes "off", the instructions in the KB will allow the PDCe to -gradually- correct its time to be in sync with an external provider or an internal time clock in order to allow the rest of the domain to remain in sync. If the PDCe suddenly goes more than 5 minutes skewed from the rest of the domain, no-one will be able to authenticate.
duncanjhamillAuthor Commented:
Thanks, will refer to the article and let you know when I have made the changes.
I found a little free utility that will synch your PDCe with an outside Time server without openning up port 123 on your firewall. It uses the HTTP port.

It is a little program called Symmtime. This program is already configured with a number of time sources to choose from and will synch your PDCe system clock with an outside time source. Some sources are .gov time servers.

Symmtime was created by a group called Symmetricom. They manufacture time servers for huge domains and government services. I use their software to synch up to my time servers and it keeps my time right on target.

Symmetricom has two FREE utilities that are VERY easy to install and setup. One is called LMcheck and the other is Symmtime. There is a third utility, that encorporates all these functions into one, called Domain Time II. It get's a little spendy though.  

Symmtime: (Free)


Domain Time II: (Overview)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now