Mobile Devices
By default all devices tied to a domain use the domain controller as their time source. While acceptable for devices like workstations which have continuous access to the domain, this arrangement becomes problematic for mobile devices as there may be extended periods of time where connectivity to the DCs are unavailable.
To correct this issue, we can create a GPO that tells Windows to use both the domain controllers and an external time source such as the NTP Pool Project for our timekeeping.
ℹ️
If you’d prefer that the NTP time sources are only used when the DCs are unavailable, change the 0x8 at the end of each NTP time source to 0xB.
GPO Configuration
Create a new GPO with the following settings.
- Browse to
Computer >> Administrative Templates >> System >> Windows Time Service >> Time Providers. - Enable
Enable Windows NTP Client. - Enable
Configure Windows NTP Clientand configure with the following settings:
| Field | Value |
|---|---|
| NTPServer | 0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8 |
| Type | AllSync |
| CrossSiteSyncFlags | 2 |
| ResolvePeerBackOffMinutes | 15 |
| ResolvePeerBackoffMaxTimes | 7 |
| SpecialPollInternal | 3600 |
| EventLogFlags | 0 |
- Link the GPO against the OU containing your mobile devices.