Share via

Windows 2008 R2 DC Time Drift - Windows 2019 DC promotion

Coopie 101 Reputation points
2020-09-23T17:16:34.63+00:00

Hi all

Just started at new company, they've got an isolated Forest\Domain setup for a specific client with 1 very old Physical Windows 2008 R2 server in it, acting as DC\File and Print.
It's 15 mins drifted from the real world because it was never synced with an external time source and has no external internet, and very little other access to the Corporate setup. Sensitive work.

This server is completely isolated aside from very few open ports like smb, print and some rdp.
There are then 3 separate, collaborating companies with holes poked in various firewalls to get file and print access, mapped with batch files and remembered passwords.

I've sent 2 new Physical servers up to the site for this environment, Windows 2019, and have added them as members to the domain for now. They've synced up with the Windows 2008 R2 PDC, no issues there, but as expected are 15 mins out from the real world.

Can I just manually change the time on the current Windows 2008 PDC, via the OS tools like time or the gui clock, and then resync the 2 members...or do I need to change the clock time in a more intelligent way?

This time drift issue hasn't caused any problems for end users, because they do not directly log into this domain, they just map drives and printers, and far as I can tell the password auth hasn't been affected for years.

BUT, next week I want to promote one of those Windows 2019 Servers to a DC as a first step to adding redundancy up there....and I don't want any strange occurrences due to the time drift. Once I get the 2 new servers standing up as DC's i'll be working on setting up an external trust design here to improve this environment.

I don't "expect" any issues with AD when I promote the new DC because the time drift within the isolated Forest\Domain is not subject to any external influence...but even so....I'd rather have it set correctly.

Any thoughts folks?
Coop

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,613 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
0 comments
Accepted answer
  1. Hannah Xiong 6,266 Reputation points
    2020-09-24T03:28:57.627+00:00

    Hello,

    Thank you so much for posting here.

    PDC emulators in separate, independent forests need to be synchronized with the same globally correct time in order to provide for accurate time stamping on e-mail, log files, etc.

    Since it is an isolated domain and not synced with an external time source and has no external internet, we could manually change the time via OS tools like time or the gui clock and then resync the member servers.

    But it is hard to guarantee that the time drift won't happen again. If possible, it is suggested that we could set it to sync with external time source.

    Thanks. For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest