I have an Active Directory domain, with a domain controller running on Samba on Linux.
I noticed that my Windows clients are having clock drift. I think this is because they really want the domain controller to offer a time synchronization service. But since I never set up a time server on the domain controller, that isn't happening.
Now, Samba doesn't seem to include a time server feature, and I would rather not add another service to the things I need to maintain. I am perfectly happy with everyone in the domain, including the DC, individually syncing up with time.windows.com. But if I go in the default domain policy or in gpedit.msc on an individual client and make the Configure Windows NTP Client and Enable Windows NTP Client objects, they don't seem to take effect, and my client's time source stays stuck at "Local CMOS Clock".
How can I configure Group Policy in an Active Directory domain to make clients get their time directly from an Internet NTP server, instead of from a domain controller?
I found this answer that gives a command line procedure that it claims lets you escape the domain time hierarchy for an individual host, but I am interested in doing it for all the clients in the domain (and also the DC, though that is Samba and unlikely to obey the policy).
