Checking and Synchronizing Domain Controllers' Time Settings
Q:
Time is a crucial security control to protect against certain attacks
(e.g., replay attacks) in the Kerberos authentication protocol. How can I
check my system's current time settings against the time on a domain
controller (DC) in the domain? How can I check a DC's time against an
external time source? And how can I synchronize the time on a Windows
system?
A: To force a computer to synchronize its time with a specific DC, you can run the Net Time command:
To check your DC's current time settings against an external time server such as time.windows.com, you can run the following W32tm command:
To synchronize the DC's current system time with an external time server such as time.windows.com, you can use the W32tm command:
A: To force a computer to synchronize its time with a specific DC, you can run the Net Time command:
In this command, you must replace <DC_name_or_IP> with your DC's hostname or IP address.net time \\<DC_name_or_IP> /set /y
To check your DC's current time settings against an external time server such as time.windows.com, you can run the following W32tm command:
The output of this command will specify whether the time on your system is ahead (indicated with a + sign) or behind (indicated with a - sign).w32tm /stripchart /computer:time.windows.com /dataonly
To synchronize the DC's current system time with an external time server such as time.windows.com, you can use the W32tm command:
W32tm /resync /computer:time.windows.com /nowait
