Hello @Milan Chaudhari ,
Thank you for posting here.
We see Time Synchronization in an AD DS Hierarchy as below:
Reference:
How the Windows Time Service Works
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773013(v=ws.10)?redirectedfrom=MSDN
Method 1: Use registry configuration method
We can configure time synchronization via registry as below:
===PDC===
If the PDC is a virtual machine, set the first one entry. Don’t set this one entry if it’s not a virtual machine.
HLM\SYSTEM\CurrentControlSet\services\w32time\TimeProviders\VMICTimeProvider
Name: Enabled
Type: REG_DWORD
Data:0
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Key Name: AnnounceFlags
Type: REG_DWORD (DWORD Value )
Data: 0x5
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Key Name: Type
Type: REG_SZ(String Value)
Data: NTP
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Key Name: NtpServer
Type: REG_SZ(String Value)
Data: Peers (For example: time.windows.com,0x9)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Key Name: Enabled
Type: REG_DWORD
Data: 1
===other DCs & Clients & member servers===
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Key Name: Type
Type: REG_SZ(String Value)
Data: NT5DS
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Key Name: AnnounceFlags
Type: REG_DWORD (DWORD Value )
Data: 0xa
Method 2: Use group policy configuration method
We can also configure time synchronization via GPO as below:
===Apply to the primary domain controller (PDC)===
Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Client
Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client==>Type is "NTP"
===Apply to other domain controllers & clients===
Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client==> Type is "NT5DS"
Time Synchronization in Active Directory Forests
https://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
Tip:
- Make sure that the UDP port 123 is open.
- Be able to ping the NTP time server.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou