<div>
<div class="content wysiwyg-content">
I have a small W2k3 domain with no internet connectivity. It has 4 DC's and 45 XP work stations. Time sync is working fine with all the workstations and DC's get their time from the PDC emulator. The PDC gets its time from the BIOS. Since the PDC can not connect to an authoritative time source on the Internet I just manually set it's clock. If I manually change the time on the PDC by about ten minute to get it closer to &quot;real&quot; time will that cause an authentication problem &nbsp;with the clients and KERBEROS since they will be temporairly out of sync with the server until the next time they &quot;sync up&quot; or will they adjust to the PDC's time before any authentication problems would arise?<br />
Thanks
</div>
</div>


I have a small W2k3 domain with no internet connectivity. It has 4 DC's and 45 XP work stations. Time sync is working fine with all the workstations and DC's get their time from the PDC emulator. The PDC gets its time from the BIOS. Since the PDC can not connect to an authoritative time source on the Internet I just manually set it's clock. If I manually change the time on the PDC by about ten minute to get it closer to "real" time will that cause an authentication problem  with the clients and KERBEROS since they will be temporairly out of sync with the server until the next time they "sync up" or will they adjust to the PDC's time before any authentication problems would arise?
Thanks

Will manually changing time on a PDC Emulator break kerberos?

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.