Will manually changing time on a PDC Emulator break kerberos?

Posted on 2008-11-14
Medium Priority
Last Modified: 2012-05-05
I have a small W2k3 domain with no internet connectivity. It has 4 DC's and 45 XP work stations. Time sync is working fine with all the workstations and DC's get their time from the PDC emulator. The PDC gets its time from the BIOS. Since the PDC can not connect to an authoritative time source on the Internet I just manually set it's clock. If I manually change the time on the PDC by about ten minute to get it closer to "real" time will that cause an authentication problem  with the clients and KERBEROS since they will be temporairly out of sync with the server until the next time they "sync up" or will they adjust to the PDC's time before any authentication problems would arise?
Question by:jmatheso
LVL 59

Accepted Solution

Darius Ghassem earned 500 total points
ID: 22964357
There should be no problems adjusting the time of the PDC to reflect the correct time. The clients will sync with the time the PDC has. You can still wait after hours to change the time of the PDC. If a problem does arise which it shouldn't you can run this command w32tm /resync to resync the affected clients.
LVL 14

Expert Comment

ID: 22965053
dariusq is correct.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question