Q: Time is a crucial security control to protect against certain attacks (e.g., replay attacks) in the Kerberos authentication protocol. How can I check my system's current time settings against the time on a domain controller (DC) in the domain? How can I check a DC's time against an external time source? And how can I synchronize the time on a Windows system?
A: To force a computer to synchronize its time with a specific DC, you can run the Net Time command:
In this command, you must replace
To check your DC's current time settings against an external time server such as time.windows.com, you can run the following W32tm command:
The output of this command will specify whether the time on your system is ahead (indicated with a + sign) or behind (indicated with a - sign).
To synchronize the DC's current system time with an external time server such as time.windows.com, you can use the W32tm command: