question

MilanChaudhari-8256 avatar image
0 Votes"
MilanChaudhari-8256 asked ·

Date and time setting

Hi All,

I have a domain controller running on windows server 2019, all the clients are on windows 10. I want to force date and time through GPO on all clients, but unable to do so. The option on the server for changing date and time is grayed out.
75481-capture01.png


I tried also the group policy object
75482-capture02.png



Can anybody please help me changing the server time permanently and propagate the same date and time to all workstations.

Thanks in advance.

windows-server
capture01.png (14.7 KiB)
capture02.png (18.8 KiB)
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MilanChaudhari-8256,
Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know.
Thanks for your time and have a nice day!

Best Regards,
Daisy Zhou

0 Votes 0 ·

Hello @MilanChaudhari-8256,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.


Best Regards,
Daisy Zhou

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered ·

Some general info
- All domain members should use NT5DS domain time.
- Desktops and member servers sync with any domain controller.
- Domain controllers sync with PDC emulator (one per domain)
- PDC emulator in child domain can sync with any domain controller in parent domain.
- PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

--please don't forget to Accept as answer if the reply is helpful--



·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered ·

Hello @MilanChaudhari-8256,

Thank you for posting here.

We see Time Synchronization in an AD DS Hierarchy as below:
75630-time1.png

Reference:
How the Windows Time Service Works
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773013(v=ws.10)?redirectedfrom=MSDN


Method 1: Use registry configuration method

We can configure time synchronization via registry as below:

===PDC===

If the PDC is a virtual machine, set the first one entry. Don’t set this one entry if it’s not a virtual machine.

HLM\SYSTEM\CurrentControlSet\services\w32time\TimeProviders\VMICTimeProvider
Name: Enabled
Type: REG_DWORD
Data:0

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Key Name: AnnounceFlags
Type: REG_DWORD (DWORD Value )
Data: 0x5


Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Key Name: Type
Type: REG_SZ(String Value)
Data: NTP


Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Key Name: NtpServer
Type: REG_SZ(String Value)
Data: Peers (For example: time.windows.com,0x9)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Key Name: Enabled
Type: REG_DWORD
Data: 1

===other DCs & Clients & member servers===
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Key Name: Type
Type: REG_SZ(String Value)
Data: NT5DS


Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Key Name: AnnounceFlags
Type: REG_DWORD (DWORD Value )
Data: 0xa


Method 2: Use group policy configuration method

We can also configure time synchronization via GPO as below:


===Apply to the primary domain controller (PDC)===
Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Client

Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client==>Type is "NTP"


===Apply to other domain controllers & clients===
Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client==> Type is "NT5DS"


Time Synchronization in Active Directory Forests
https://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx

Tip:
1. Make sure that the UDP port 123 is open.
2. Be able to ping the NTP time server.


Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.



Best Regards,
Daisy Zhou



time1.png (48.2 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.