I am configuring the Server holding PDC role as time server for all computers in the domain. This PDC server will be getting time from externel sources. Now I need to configure rest of computers in the domain to sync time from PDC. The challenge is that we have 1800 client computers located in different sites and in multiple OU's. All the domain controllers in one OU and member server in yet another OU. I was thinking to deploy this change using group policy but there is problem... if I deploy GPO at domain level, PDC will also get affected. If I go by OU or site, they are so many and also the domain controller OU holding all other DC's along with PDC.
How can I do this effectively to make sure all the machines except PDC is pointing towards PDC for time sync.
Note: At present the computers have "time.windows.com,0x1" with type "NT5DS"...not sure what this registry means?
Any help will be greatly appreciated