How do I synchronise time on a client with the server time?

windows-server-2003 windows-server

If you properly configure the time service on the forest root primary domain controller all other DC's and their clients in that AD forest will synchronise with their default settings. No additional policies, scripts, or mucking around for any domain server, member, or client. See the MS Technet Article How the Windows Time Service Works. Edit: the old windows 2003 article How the Windows Time Service Works has been taken down.

If you're not sure which of your domains is the forest root domain, it will be the domain with the domain controller(s) with the FSMO roles of "Schema Master" and "Domain Naming Master" role holders. Then you need to identify the DC in that root domain that holds the "PDC emulator" role. In most domains all 3 of those FSMO roles will be on the same server which will typically be the first server in the forest to be setup.

Look at the MS page Configure the Windows Time service on the PDC emulator in the Forest Root Domain. It basically says to run a command like the following on that server so it can be marked as having a good time source that all other domain machines can sync with.

w32tm /config /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org" /reliable:yes /update

This will make your server use the following internet NTP servers

  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • 3.pool.ntp.org

Setting the /reliable:yes switch will allow all other servers and clients to default to sync with this server on a regular basis through the AD forest hierarchy. This way all other servers and clients can be left with their default settings. There is also a requirement that the time difference between current time on a device trying to sync and the forest root time server be less than 5 minutes for it to succeed. Note this may require a bit of time and the restart of some services like netlogon, though waiting for the next server restart for maintenance will be fine too.

I typically also set DHCP option 42 "NTP Servers" to specify a local DC or 2 to be a local NTP server for the DHCP clients/devices who are not domain members. DHCP option 4 "Time Servers" doesn't normally work as it seems to be old, deprecated and usually doesn't do anything.

Related

Do I need to create 2.4 & 5GHz networks manually with dual-band Airport Extreme?
How can one shut down a computer from the windows 8.1 setup?
Keeping HDD files in virtual memory without changing paths to files
How can I get read/write access to NFS share of Synology NAS?
Does "What Have You Say" Mean the same as "What Have You"?
Is there any difference between “a ... sense of purpose” and “a sense of ... purpose”?
"Location" vs. "locality" [closed]
Whether you need the word 'to' in the sentence - Which place do you want to go to?
Virtually is like almost or practically? [closed]
Is "learning yourself" the same as "learning by yourself"?
Word for introducing people without knowing their names
Is "X is known difficult to implement" correct?