Domain Controller/Active Directory Time is 5 minutes slow
Set your Domain Controller to sync with an Internet time source (if you have more than one Domain Controller then do this on the one holding the PDC emulator role).
w32tm /config /manualpeerlist:"pool.ntp.org" /reliable:yes /update
Replace pool.ntp.org
with your preferred NTP source.
It's safe to do this while people are logged on. The time on your domain computers will eventually re-sync and correct themselves. If you want to do this quickly on a machine then just restart the Windows Time service.
Related videos on Youtube
ssin
Updated on September 18, 2022Comments
-
ssin almost 2 years
Our Domain Controller/Active directory Windows 2008 server is running 5 mins slow, so all the client PCs are also showing the slower time.
Is it safe to change the time on the server? And while the users are still logged on?
Also whats the best way to make sure the time is always correct/synced?
Thanks S
-
jojojoj almost 12 yearsI would be careful about making a change of 5 minutes or greater all at once. If clock is off by more than 5 min, kerberos auth will fail. If your DC syncs, and it's several hour until workstations sync, there will probably be kerberos issues. Would suggest manually correcting DC time by 2 minutes, wait a day. Correct DC by another 2 minutes, wait a day. Then setup NTP sync on the DC.
-
Chris McKeown almost 12 years+1 good point there.