Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Checking and Synchronizing Domain Controllers' Time Settings
Using the Net Time and W32tm commands, you can make sure the time settings on your domain machines and domain controllers are accurate.
Jan De Clercq
April 3, 2014
1 Min Read
Q: Time is a crucial security control to protect against certain attacks (e.g., replay attacks) in the Kerberos authentication protocol. How can I check my system's current time settings against the time on a domain controller (DC) in the domain? How can I check a DC's time against an external time source? And how can I synchronize the time on a Windows system?
A: To force a computer to synchronize its time with a specific DC, you can run the Net Time command:
net time \ /set /yIn this command, you must replace with your DC's hostname or IP address.
To check your DC's current time settings against an external time server such as time.windows.com, you can run the following W32tm command:
w32tm /stripchart /computer:time.windows.com /dataonlyThe output of this command will specify whether the time on your system is ahead (indicated with a + sign) or behind (indicated with a - sign).
To synchronize the DC's current system time with an external time server such as time.windows.com, you can use the W32tm command:
W32tm /resync /computer:time.windows.com /nowaitAbout the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
