How do I synchronise time on a client with the server time?

If you properly configure the time service on the forest root primary domain controller all other DC's and their clients in that AD forest will synchronise with their default settings. No additional policies, scripts, or mucking around for any domain server, member, or client. See the MS Technet Article How the Windows Time Service Works. Edit: the old windows 2003 article How the Windows Time Service Works has been taken down.

If you're not sure which of your domains is the forest root domain, it will be the domain with the domain controller(s) with the FSMO roles of "Schema Master" and "Domain Naming Master" role holders. Then you need to identify the DC in that root domain that holds the "PDC emulator" role. In most domains all 3 of those FSMO roles will be on the same server which will typically be the first server in the forest to be setup.

Look at the MS page Configure the Windows Time service on the PDC emulator in the Forest Root Domain. It basically says to run a command like the following on that server so it can be marked as having a good time source that all other domain machines can sync with.

w32tm /config /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" /reliable:yes /update

This will make your server use the following internet NTP servers

  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org

Setting the /reliable:yes switch will allow all other servers and clients to default to sync with this server on a regular basis through the AD forest hierarchy. This way all other servers and clients can be left with their default settings. There is also a requirement that the time difference between current time on a device trying to sync and the forest root time server be less than 5 minutes for it to succeed. Note this may require a bit of time and the restart of some services like netlogon, though waiting for the next server restart for maintenance will be fine too.

I typically also set DHCP option 42 "NTP Servers" to specify a local DC or 2 to be a local NTP server for the DHCP clients/devices who are not domain members. DHCP option 4 "Time Servers" doesn't normally work as it seems to be old, deprecated and usually doesn't do anything.