I have a single DC test environment at home and I am running on old hardware. One machine’s clock had gained 3 hours. That machine happened to be the domain controller. I am running Server 2012 R2 on all machines so i used powershell to run the following commands:
Check how far off the system time is from the ntp server at time.windows.com:
w32tm /stripchart /computer:time.windows.com /samples:5 /dataonly
Tell the system it is okay to sync its time with time.windows.com
w32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:yes /update
Force the system to sync its clock
All other servers/computers in the domain sync their time with the Domain Controller that holds the PDC emulator role. This should fix time issues across the domain if run on the correct DC.
Hope you find this helpful!
PS. Traditionally you can use the command:
NET TIME /DOMAIN:<domainname> /set /y
to sync domain members with the DC holding the PDC role.
If that fails, you can force a sync to another server with either of these commands:
NET TIME \\<MACHINENAME> /SET /Y
NET TIME \\<IP Address> /SET /Y