“Is there a way I can configure the Windows Time settings via Group Policy and have it only apply to the domain controller that holds the PDC FSMO role?” This is a wonderful question to pose and there are very good reasons why this should be done:
- If you decide to move the PDC emulator role to another domain controller, you do not want to have to go through the trouble of making all of the registry changes again.
- If the PDC emulator fails, and you have to bring up a new server, you may forget to add the settings back, resulting in a time sync issue in your domain.
We have a feature in Group Policy to help us that you may have read about on this blog, and that is WMI filtering.
Windows Management Instrumentation (WMI) is a powerful feature in Windows that we can leverage to provide us very detailed information about computers in our environment. We can use WMI via a script to remotely manage machines, as well as gather information about machines in our domain for inventory purposes.