So, I have this friend *cough* who had a domain controller that needed a new motherboard. Due to the excitement of the hardware vendor’s tech forgetting to reattach the RAID, then the server no longer recognizing its network cards, and then the tech realizing that he forgot to replace the fan shroud, um, my… friend… kind of forgot to check the system time. It was a long week (which included parental death).
(The system time was 12 hours fast, so it looked right at a glance.)
This was Saturday. The system time situation was discovered Sunday on my… um… friend’s workstation. (If the time is wrong on the domain controller, that wrong time propagates across the entire network. This is to prevent Kerberos issues. If this had happened during the week, people would have randomly lost their ability to log on or connect to network shares until the times on workstations and servers were synchronized. To the wrong time, since the domain controller is the official source. Yeah. And that’s the optimistic scenario.)
Since I’m not fooling anyone, I’ll take responsibility for the fix.
- Fixed the time on the domain controller. (Date/time control panel followed by “w32tm /resync” to get the precise time from an internet time server.)
- Did search-and-replace on a list of computers from dsquery to strip it down to nothing but computer names, and saved the list as control.txt.
- Ran this simple script.
FOR /F %%L IN (%controlfile%%) DO (
w32tm /resync /computer:%%L
I’m a little embarrassed to post my five-liner to my blog, but there you are. Ten minute fix.