Manage Domain Time
Another important dependency that AD has is the accuracy of the time on the systems in the forest. The Kerberos authentication protocol used by AD uses the time values on the systems during the authentication sequence to ensure that network credentials aren't reused in replay attacks. By default, the time is allowed to be skewed by 5 minutes in either direction—5 minutes early or 5 minutes late. The time comparison occurs with Universal Time Coordinates, so the time zone of the clients and servers don't affect the authentication sequence if the time is set correctly.
To aid in keeping the time close in computers across the forest, Windows offers a time-synchronization system. This system is based on the Network Time Protocol ...
Get Automating Active Directory® Administration with Windows PowerShell® 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
