Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain time change - potential issues? 2

Status
Not open for further replies.
GeorgeTuk

GeorgeTuk

IS-IT--Management
Jan 11, 2009
110
GB
Hi guys,

As you may know me from before a quick appraisee. Basically inhereited a dog of a network from a external "consultant" which has a number of issues which you guys have really helped with so thank you.

Now the domain time is about 11 mins behind GMT, I have never seen this before and wonder what is the best way of changing the whole domain back to the correct time? I realise it is not a massive issue but now we are a much bigger company and it looks a bit unprofessional when email time stamps are wrong etc.

Also is there any likely negative effects, services stopping and the like?

Thanks again for the continued help.

George
 
Sort by date Sort by votes
Discussed here many times. Configure the DC that holds the PDC emulator role to sync with an external time source. Then configure your firewall to only allow time sync traffic to/from that server.

The assumption here is that all machines are Windows based, and domain joined.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
I'd add to make your changes late at night when the creation of emails and files is likely to be none. That way you don't end up with files that were created in the future.

If your system are responsible for any manufacturing processes then this can be a serious issue for you. If however you are just doing file/print/email then should not be an overly big deal.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
You could also make the change gradually. The end result should a sync with an external time source, but if 11 miuntes at once scares you, change your PDC Emulator's clock 2-3 minutes a night for a few nights, and once you are at about real time, then start syncing to an external clock.

Doing it in small increments can help to avoid authentication issues that can occur when a client/server time difference is too large.

Thanks,
Andrew

[medal] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
Just so you know, there is a 5 minute skew in Kerberos, if any of your clients fall outside of that 5 minutes (and by this I mean are 5 minutes different from the PDC Emulator) the Kerberos sessions will fail and they will need to re logon (once their clocks are sync'd) and that's 5 minutes fast or slow.

If you're going to do it all at once be prepared to have the workstations powered off because by having the machines powered off you will force them to do a time sync when they power on.

You can stop the mail server from processing mail at that time and just do it in small steps (no more than 4 minutes) Leave it for 8 hours (because if the Windows Time service sees 3 consecutive time syncs that are correct it increases the time sync from 45 mins to 8 hours).



Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
I don't think it is necessary to have the workstations powered off, you simply need to force them to sync. That can be done with a reboot or with a NET TIME /DOMAIN:DOMAIN /SET command.

Reboot can be accomplished remotely.
Code: 
'==========================================================================
'
' NAME: RebootWSfromList.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 7/6/2004
' COPYRIGHT © 2004, All Rights Reserved
'
' COMMENT: reboots a list of remote computers.
'
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
'==========================================================================
'==========================================================================

On Error Resume Next

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set WSHShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("wslist.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close
For Each strComputer In RemotePC
   Set OpSysSet = GetObject("winmgmts:{impersonationLevel=impersonate,(RemoteShutdown)}//" & strComputer).ExecQuery("select * from Win32_OperatingSystem where Primary=true")
       for each OpSys in OpSysSet
           OpSys.Reboot()
        next
Next

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
I ended up creating an internal time server, which synchronises with various stratum 2 servers. I then configured all workstations and servers to update from it using NTP every 15 or so minutes. I'm exceptionally anal when it comes to time.

Pat's recommendation should do you fine.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer
 
Upvote 0 Downvote
That's basically what Windows already has built in - internal time server capable of synching to multiple external time sources and having clients synch from it.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Aye, I didn't have much luck with clients synchronising with the domain controller as they logged in, so I used the in-built client to sync them with the new time server.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer
 
Upvote 0 Downvote
I am going to try the little by very little method over a number of weeks as there is not an issue at the moment it just looks a bit amateur.

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
894
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
698
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
208
ADB100
ADB100
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
527
fredmartinmaine
fredmartinmaine
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
180
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top