asked on Changing Domain Controller time
Hi All,
I have a single forest single domain structure with 70 domain controllers throughout different locations. There are more than 10000 clients in the domain. It has been observed that the DC's are running 6 mins late than the usual time and due to which some critical application are facing problems. I need to achieve the below mentioned things.
1. Need to explain why the time is deffered to the management
2. Need to correct the issue but I think I cannot do it in one day because kerberos time skew issue might occur as it is more than 5 mins.
Thanks and Regards
I have a single forest single domain structure with 70 domain controllers throughout different locations. There are more than 10000 clients in the domain. It has been observed that the DC's are running 6 mins late than the usual time and due to which some critical application are facing problems. I need to achieve the below mentioned things.
1. Need to explain why the time is deffered to the management
2. Need to correct the issue but I think I cannot do it in one day because kerberos time skew issue might occur as it is more than 5 mins.
Thanks and Regards
Active Directory
Last Comment
JRoyse
You would need to setup your current PDC emulator to get it's time from an external time source.
TigerMatt has a great article on this. http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Once you have this DC running with a proper external time source then your other DCs and clients will update through the domain hierarchy.
TigerMatt has a great article on this. http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Once you have this DC running with a proper external time source then your other DCs and clients will update through the domain hierarchy.
ASKER
We do not have option to sync with external time server at this time. PDC is configured to sync the time with hardware clock. I need to change the time manually in PDC but reducing 6 mins at a time might create problem.
Kindly suggest.
Kindly suggest.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/27/configuring-and-managing-the-windows-time-service-part-1.aspx This is a four part series so the other parts are there on Jorge's blog
Check to make sure your time is setup properly. Since it is a single forest/domain your PDCe should be set to configure with an external/reliable source and then the time hiearchy shoudl take over from there.
Thanks
Mike