We have had lot of issues with Time sync on members servers. If the time is not in sync with the domain controller, you may see issues but those errors and problem may not directly point to Time issues.
Once such scenario that I ran in to, in my environment, there are different time source,
- My root domain is syncing with parent company
- My primary child domain is syncing properly with root domain
- DMZ, and resource domain time are syncing with Vmware, and external source.
To add more complication to the existing problem,
- Partly my resource domain servers are in DMZ as well
- I have windows 2000 and windows 2003 servers
The best thing about resolving the problem is that, I don’t have to restart the server after making the changes. So i can make changes immediately and restart the time service without any downtime
- To prepare myself to resolve the problem is that, I need a report of all the servers which are not synching with the DC’s or domain. The script from Time Sync report from member servers and create a .txt file called server.txt and add all the servers in your organization in the same path where you have this .ps1 folder
- I need to segregate the list of servers based on their operating system
- Then I need to find their location (DMZ, site) to identify the nearest DC that I can contact
Finally, I could sort about 200 computers which are not syncing with DC’s. I tweaked the script and run the script to do a mass change. Of course, windows 2000 and windows 20003 must be treated differently (fortunately I just had 10 servers of this nature, so I did it individually)