Change Time to Isolated Domain

Home Forums Microsoft Networking and Management Services Active Directory Change Time to Isolated Domain

This topic contains 4 replies, has 4 voices, and was last updated by  I HATE UUUUU30 10 months, 1 week ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts

  • alexandros
    Member
    #167403

    Hello to averyone,

    I have an isolated (from internet) domain (2003 DCs) with almost 100 clients.
    I have not ntp server in my lan, and I want to reconfigure the PDC time because is 30 minutes ahead from the real time.
    If I change it from the PDC clock I’ll have a problem with the clients?
    Or I have to do it granularly (-3 minutes per day)?
    I dont have sql or exchange or other servers…

    Thanks in advance
    Alex


    Ossian
    Moderator
    #191929

    As I recall, you can change it in one operation and the clients will rapidly converge on the new time – there is a MaxOffset registry entry that says how much of a change is allowed. There is a very good article: https://support.microsoft.com/en-gb/help/884776/how-to-configure-the-windows-time-service-against-a-large-time-offset which should help you get it right

    #386655

    Hi Ossian,

    Thank you very much for your detailed answer.

    My only wonder after this, is if I change manually the time (30 minutes backwards) on PDC (from Windows or BIOS),
    the time change on additional DC, servers and clients will be done smoothly or I will have to restart all these? (I want to avoid access denies to resources etc)


    Anonymous
    #372095

    If your domain is set up with the normal, default settings for domain clients, the time change on the primary DC should propagate all other domain machines on it’s own. As long as all machines are withing the default 5 min offset between their own time and the DC’s, you shouldn’t have any issues. Bear in mind that the client time changes won’t be immediate when you change the DC’s clock. As for how to verify the domain settings, have a read on ‘w32tm’ commands to query/alter the time settings on all your DCs. The PDC should be your time source, and any other DCs should be time sources for the domain but getting their updates from the Primary. All other domain members should have the default settings unless you’ve got customised client build or GP settings that change this.

    Once you get your PDC settings how you want, the simplest way to sync everything is to reboot the rest. A simple script can be set to restart all your client workstations, and servers could be restarted manually or by a scheduled task in the wee hours (max 5 minutes out of service.)

    #386656

    OK thank you for your answer

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.