Share via

How do I configure an NTP server in group policy?

Zring Abdulrazzaq Rasool 20 Reputation points
2024-07-29T13:43:47.1166667+00:00

I have tried to synchronize the time on all clients with our on-premise server, it doesn’t work.

Windows for business Windows Server User experience Other
0 comments
Accepted answer
  1. Anonymous
    2024-07-29T14:35:30.04+00:00

    Hello Zring Abdulrazzaq Rasool,

    Thank you for posting in Q&A forum.

    When a PC (client) is joined to a Windows domain, it typically automatically synchronizes the time with the domain controller. This time synchronization is a built-in feature of the Windows Time Service (W32Time).

    However, there are some important points to consider:

    1.Default behavior: By default, clients in a Windows domain will use the domain hierarchy to synchronize the time. The workstations will synchronize the time with the domain controller.

    2.GPO: Although the default behavior is usually sufficient, you can create and configure GPOs to apply specific time synchronization settings if necessary. This could be useful in environments with strict time-accuracy requirements or specific configurations.

    3.Time source for the domain: The Primary Domain Controller (PDC) emulator must be configured to synchronize the time with a reliable external time source.

    Other domain controllers and member computers will then synchronize the time with the PDC emulator or their domain controllers. In most cases, no additional configuration through GPO is required for basic time synchronization, but it is recommended that you ensure that the PDC emulator is set to use an external reliable time source to maintain accurate time throughout the domain.

    The following are the registry settings on PDC and other computers.

    ===PDC===

    HLM\SYSTEM\CurrentControlSet\services\w32time\TimeProviders\VMICTimeProvider

    Name: Enabled

    Type: REG_DWORD

    Data:0

     

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

    Key Name: AnnounceFlags

    Type: REG_DWORD (DWORD value)

    Data: 0x5

     

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

    Key Name: Type

    Type: REG_SZ(string value)

    Data: NTP

     

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

    Key Name: NtpServer

    Type: REG_SZ(string value)

    Data: Peer (time.windows.com.0x9)

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

    Key Name: Enabled

    Type: REG_DWORD

    Data: 1

     

    Note: If the PDC is a virtual machine, set the first one, and if it is not a virtual machine, do not set this one.  

     

    ===Other DCs and clients===

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

    Key Name: Type

    Type: REG_SZ(string value)

    Data: NT5DS

     

    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

    Key Name: AnnounceFlags

    Type: REG_DWORD (DWORD value)

    Data: 0xa

     

    The following are the GPO settings on PDC and other computers.

    ===PDC===

    Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Client should be enabled

    User's image

    Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client should be enabled with “NTP” as Type and the NTP server(s) to use set as NtpServer (You can add multiple NTP servers by separating them with a white space)

    User's image

    ===Other domain controllers, member servers and Workstation===

    Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client should be enabled with “NT5DS” as Type

    User's image

    For more information, please refer to the links below.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/configure-authoritative-time-server

    https://learn.microsoft.com/zh-cn/archive/blogs/nepapfe/its-simple-time-configuration-in-active-directory

    https://learn.microsoft.com/en-us/archive/technet-wiki/18573.time-synchronization-in-active-directory-forests

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 49,640 Reputation points MVP Volunteer Moderator
    2024-07-29T14:34:28.7933333+00:00

    If you are operating in an Active Directory environment, this would be automatic (the domain controller hosting the PDC Emulator role is the time source server - although this does not rely on NTP but Windows Time service) - more at https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings?tabs=config

    If you want to use NTP, follow https://serverspace.us/support/help/how-to-set-an-ntp-server-group-policy/?utm_source=google.com&utm_medium=organic&utm_campaign=google.com&utm_referrer=google.com

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.