Announcement

Collapse
No announcement yet.

Change Time to Isolated Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Change Time to Isolated Domain

    Hello to averyone,

    I have an isolated (from internet) domain (2003 DCs) with almost 100 clients.
    I have not ntp server in my lan, and I want to reconfigure the PDC time because is 30 minutes ahead from the real time.
    If I change it from the PDC clock I'll have a problem with the clients?
    Or I have to do it granularly (-3 minutes per day)?
    I dont have sql or exchange or other servers...

    Thanks in advance
    Alex



  • #2
    As I recall, you can change it in one operation and the clients will rapidly converge on the new time - there is a MaxOffset registry entry that says how much of a change is allowed. There is a very good article: https://support.microsoft.com/en-gb/...ge-time-offset which should help you get it right
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Hi Ossian,

      Thank you very much for your detailed answer.

      My only wonder after this, is if I change manually the time (30 minutes backwards) on PDC (from Windows or BIOS),
      the time change on additional DC, servers and clients will be done smoothly or I will have to restart all these? (I want to avoid access denies to resources etc)

      Comment


      • #4
        If your domain is set up with the normal, default settings for domain clients, the time change on the primary DC should propagate all other domain machines on it's own. As long as all machines are withing the default 5 min offset between their own time and the DC's, you shouldn't have any issues. Bear in mind that the client time changes won't be immediate when you change the DC's clock. As for how to verify the domain settings, have a read on 'w32tm' commands to query/alter the time settings on all your DCs. The PDC should be your time source, and any other DCs should be time sources for the domain but getting their updates from the Primary. All other domain members should have the default settings unless you've got customised client build or GP settings that change this.

        Once you get your PDC settings how you want, the simplest way to sync everything is to reboot the rest. A simple script can be set to restart all your client workstations, and servers could be restarted manually or by a scheduled task in the wee hours (max 5 minutes out of service.)
        *RicklesP*
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **

        Comment


        • #5
          OK thank you for your answer

          Comment

          Working...
          X