We are experiencing a problem where the time is getting changed to 120.8 days
in the past on all of our 2003 domain controllers.  Has anyone else
experienced this problem?  We are not sure if it is a hacker or a virus that
is doing it.  We have set the domain controllers to get their time from an
NTP server, which has helped.  Suggestions of things to check would be
appreciated.

David W <David W@discussions.microsoft.com> wrote:
I can't speak to the hacker or virus part, esp with this minimal info, but
note that all your servers & workstations need to get their time only from
the DC with the PDC emulator role.  Don't set up anyone to point to another
NTP server.

Hello David,

In a domain the PDCEmulator is the time source and should sync with an external
time source. All DC's sync with that one and all member servers and workstations
use one available DC for time sync. So make sure that domain internal no
firewall is blocking port 123 UDP and also that the PDCEmulator can sync
with an external time source.

To configure a client computer for automatic domain time synchronization

w32tm /config /syncfromflags:domhier /update

After that run:
net stop w32time
net start w32time

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Show quoteHide quote

PDCe should be getting its time externally

Fsmo list
netdom query fsmo

Setup PDCe (Follow this exactly as described)
http://support.microsoft.com/kb/816042

Troubleshooting time on a PDCe
http://technet.microsoft.com/en-us/library/bb727060.aspx

Set debug logging
http://support.microsoft.com/kb/816043/en-us


Show quoteHide quote

Hi David,

First let me tell you that I don't agree with having any DC syncing with
external time sources, instead you should use a reliable time server source
(which is a different thing).

By default, Time sync works like this:
- Workstations sync their time with the DC that they used to logon.
- The DCs sync their time with the PDCe in their domain.
- All PDCs sync their time with the Root PDCe.
- The Root PDCe should sync his time with a reliable time source server.

These are the defaults, but they can be changed (not recommended of course).
The question is... What DC are those workstations (where you're having
problems) syncing with? Check that DC and make sure that has the correct
time, and it's in sync with the Domain PDCe, if this is not true, then that
DC must be using another (probably) un-trusted time server. If the DC has
the correct time settings, then look at the workstations and check if are
using the correct DC or if are configured to use other (probably) un-trusted
time server.
Show quoteHide quote

Domain renaming
applying computer settings
add exchange tabs to AD consol
Virtualized a child DC - need to recover due to USN rollback
Event ID 1669
seemingly simple question: Customized Signature in MS Outlook 2007
New AD installation issue
local policy
User Account Lockout
AD newbie Question