NTP Group policy

I am configuring the Server holding PDC role as time server for all computers in the domain. This PDC server will be getting time from externel sources. Now I need to configure rest of computers in the domain to sync time from PDC. The challenge is that we have 1800 client computers located in different sites and in multiple OU's. All the domain controllers in one OU and member server in yet another OU. I  was thinking to deploy this change using group policy but there is problem... if I deploy GPO at domain level, PDC will also get affected.  If I go by OU or site, they are so many and also the domain controller OU holding all other DC's along with PDC.
How can I do this effectively to make sure all the machines except PDC is pointing towards PDC for time sync.

Note: At present the computers have "time.windows.com,0x1" with type "NT5DS"...not sure what this registry means?

Any help will be greatly appreciated

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Malli BoppeCommented:
You don't need a group policy.Just configure the PDC to the external time source and all the other computers in the domain would automatically reciave the time from PDC.
mjasco8Author Commented:

Thanks for reply. I had used same article to configure PDC registry for exrternal time server.
All other computer are looking up for "time.windows.com,0x1" for time sync, which I beleive is external time source again. These machines should be looking up for PDC for time sync, there should be PDC address in resgistry for these machines - correct?
Malli BoppeCommented:
I don't think so.By default all machines are configured to time.windows.com.As long as the computers are in the domain the heiracy would flow for time.If the machine is just by iteself it will use the time.windows.com.
mjasco8Author Commented:
Let me provide more details because I still having trouble in getting correct time from the correct servers
PDC Emulator registry settings:
NTPServer = x.x.x.x Ip server for NIST (three servers listed)
Type- NTP
This part on PDC works perfectly - no errors
All other machines in the domain including domain controllers, member servers and workstations registry settings:
We have issues here (not with all the machines but few of them have big offset in time)
1. Not all the machines lookup for time from the PDC, they just pick any other server in the domain and I don't figure what criteria they are using to pick the time server.
2. Few machine pick the print server as time source and other pick another domain controller as time server which is not PDC. All have same registry settings and then why this behavior?

Important - how can I make sure that all the server only and only look for the PDC as the time source and how to verify that.


Malli BoppeCommented:
Read my link again. Workstation would sync time from local dc and all the dc's would sync time from PDC.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.