Re: is it possible to change time on a few Servers?
From: Gautam Anand (gautam_at_hotpop.com)
Date: 10/04/04
- Next message: Dan: "Re: How to Authenticate to local server."
- Previous message: Tom: "Re: Using CSVDE to create a full mailbox-enabled user..."
- In reply to: Ziek: "Re: is it possible to change time on a few Servers?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 5 Oct 2004 00:59:29 +0530
The AD, for security measures, relies on the times being in Synch on
all Machines (no matter what their role) for them to participate in
the domain. It allows for a skew of 5 mins I think. Anything more than
that and you would see all a lot of authentication errors on the
machines with mis-matched dates.
"The Windows Time service is essential to the successful operation of
Kerberos authentication and, therefore, to Active Directory–based
authentication. Any Kerberos-aware application, including most
security services, relies on time synchronization between the
computers that are participating in the authentication request. Active
Directory domain controllers must also have synchronized clocks to
help ensure accurate data replication."
http://support.microsoft.com/default.aspx?scid=224799
http://support.microsoft.com/default.aspx?scid=kb;en-us;258059
http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeserv.asp
-- Gautam Anand e: gautam at hotpop dot com --------------------------------- "Ziek" <ziek@nomail.org> wrote in message news:%23Smy6bkqEHA.2588@TK2MSFTNGP12.phx.gbl... | what if I don't use this tool, what happens? | | These are not DC's that I am tampering with, just a few member servers. | What could happen? | | | "Simon Geary" <simon_geary@hotmail.com> wrote in message | news:OYY0Yf$pEHA.592@TK2MSFTNGP11.phx.gbl... | > Check out Time Machine: http://www.solution-soft.com/timemachine.shtml | > | > Do not change the time on any servers without using this software or | > something similar, it will break Kerberos authentication. | > | > "Ziek" <ziek@nomail.org> wrote in message | > news:eiRrPO%23pEHA.1296@TK2MSFTNGP12.phx.gbl... | > >I have several servers, that for testing purposes , need to have their | time | > > changed to something like 6 months ahead of now.. | > > | > > These servers are part of the Active Directory, but they are not DCs. | > > | > > Is this possible? | > > | > > Any side effects? | > > | > > | > | > | |
- Next message: Dan: "Re: How to Authenticate to local server."
- Previous message: Tom: "Re: Using CSVDE to create a full mailbox-enabled user..."
- In reply to: Ziek: "Re: is it possible to change time on a few Servers?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
