Re: Changing Time Issue / Password Question
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 18:14:22 -0400
NTP is built into windows, you don't need to do anything with that. At the root of the forest you want to point the PDC and any other DCs that could become the PDC to point at a dependable external source. If you want, you can even disable that and just let the PDC (or possible replacement) just use its own internal clock.
Either way, it doesn't let you muck with time in an AD domain, you do not want to be pushing the date way forward or way back as it can cause processes to get confused.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
mp wrote:
Joe is right, the kerberos authentication scheme has a time component to it such that the clocks need to be pretty close together for the tickets/authentication/etc to work.
I've only heard about, but never implemented setting up an NTP server and then letting that set time for your ADC and the clients. In theory you have excellent control over time. In practice, I don't know how AD or the clients would behave. Another alternative is to find a free NTP server.
.
- References:
- Changing Time Issue / Password Question
- From: bigdogg
- Re: Changing Time Issue / Password Question
- From: Joe Richards [MVP]
- Re: Changing Time Issue / Password Question
- From: mp
- Changing Time Issue / Password Question
- Prev by Date: Re: Changing Time Issue / Password Question
- Next by Date: Re: Win2k - Account Operator not working properly
- Previous by thread: Re: Changing Time Issue / Password Question
- Next by thread: Re: Can group policy prevent changing IP address?
- Index(es):
Relevant Pages
|
