asked on

time services

I discovered that the time on our AD/DC is out of sync (or faster by about 5-6 minutes)...obviously this caused the time on all our client machines to be faster too.

I would like to know can I adjust to the correct time via the clock on the taskbar on my AD/DC..?
if so, which AD/DC should I change..and how to change ,how to take immediate effected for all client

Rich Weissler

I'm sure you've already discovered, the overwhelming documentation around is for changing your domain to use an external time source. Workstations get their time from domain controllers, domain controllers get their time from the PDC emulator, and without an external time source, the PDC gets it's time from it's hardware BIOS clock.

If you aren't configuring an external time source, then -- yes, you should be able to modify the time on the PDC Emulator. But, five to six minutes is a HUGE time gap which will absolutely cause trouble if you modify it all at once. How time sensitive is your network? Can you make 15 to 30 second changes on the PDC Emulator every night before you leave for the day? In any event, I wouldn't try to make changes larger than 120 seconds at a go. Once you make the (small) change on the PDC Emulator, the other systems in the network will attempt to slowly bring themselves into sync.

warriorsTeah

ASKER

So is mean that do not change 6min in one time it will have trouble ?

ASKER CERTIFIED SOLUTION

MSCruz

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Rich Weissler

6 minutes out-of-sync will cause problems for machines in the domain as well... kerberos authentication will start failing with differences of five minutes, for example.

Setting up NTP to keep the clocks in sync in the future isn't a bad idea as well... but I would strongly suggest nudging your PDC emulator's clock over several iterations to something pretty close to correct before enabling an external timesync.