My organization time is off by 10 mins and I'm looking to update it on the PDC and make it sync with an external NTP source. However I'm wondering as the time update is more than 5 minutes does it effect Kerberos authentication in anyway on my domain computers? Will there be any problems in the time update propagation from PDC to DC's and then to domain computers?

Hello, However I'm wondering as the time update is more than 5 minutes does it effect Kerberos authentication in anyway on my domain computers? By default, if the time difference is more that 5 minutes then this will cause Kerberos failures but this depends of the applied Kerberos policy. Will there be any problems in the time update propagation from PDC to DC's and then to domain computers? It is recommended to make member servers / client computers sync time with the PDC Emulator and make the PDC Emulator sync time with a public NTP server. To configure an NTP client: http://www.ehow.com/how_5981545_configure-windows-ntp-client.html This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hello, However I'm wondering as the time update is more than 5 minutes does it effect Kerberos authentication in anyway on my domain computers? By default, if the time difference is more that 5 minutes then this will cause Kerberos failures but this depends of the applied Kerberos policy. Will there be any problems in the time update propagation from PDC to DC's and then to domain computers? It is recommended to make member servers / client computers sync time with the PDC Emulator and make the PDC Emulator sync time with a public NTP server. To configure an NTP client: http://www.ehow.com/how_5981545_configure-windows-ntp-client.html This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer