Microsoft has posted a fix for an issue that saw Windows Domains travel back in time to the year 2000.
The issue causes Active Directory replication errors, Kerberos authentication failure and issues for other time-sensitive operations and data such as DHCP leases, DNS records, object life cycles and date-driven password changes on computer accounts.
For 51 minutes between 21:07:32 to 21:58:56 universal time, the server gave out the year 2000 instead of 2012. The error has since then been rectified, but USNO recommends that anyone using NTP should get their times from three different sources at minimum.
This lets time keeping software use redundant data to identify and ignore incorrect time sources.
Microsoft also advises to use several time sources, but also to configure Windows Time Service to protect it against large offsets.
This can be done by editing Registry entries and deployed by using the Global Policy Object Editor.