Will manually changing time on a PDC Emulator break kerberos?

Posted on 2008-11-14
Last Modified: 2012-05-05
I have a small W2k3 domain with no internet connectivity. It has 4 DC's and 45 XP work stations. Time sync is working fine with all the workstations and DC's get their time from the PDC emulator. The PDC gets its time from the BIOS. Since the PDC can not connect to an authoritative time source on the Internet I just manually set it's clock. If I manually change the time on the PDC by about ten minute to get it closer to "real" time will that cause an authentication problem  with the clients and KERBEROS since they will be temporairly out of sync with the server until the next time they "sync up" or will they adjust to the PDC's time before any authentication problems would arise?
Question by:jmatheso
    LVL 59

    Accepted Solution

    There should be no problems adjusting the time of the PDC to reflect the correct time. The clients will sync with the time the PDC has. You can still wait after hours to change the time of the PDC. If a problem does arise which it shouldn't you can run this command w32tm /resync to resync the affected clients.
    LVL 15

    Expert Comment

    dariusq is correct.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now