Microsoft: Time Configuration in Microsoft Active Directory

Let's see how time should be configured in Active Directory:

• In Active Directory, we use the Windows Time service for clock synchronization: W32Time
• All member machines synchronize with any domain controller
• In a domain, all domain controllers synchronize from the PDC Emulator of that domain: using NT5DS (which simply means: follow the domain hierarchy and get you your PDC emulator)
  The PDC Emulator of a domain should synchronize with any domain controller of the parent domain: using NTP
• The PDC Emulator of the root domain in a forest should synchronize with an external time server (could be clock device, a router, another standalone server, an internet time server…)

You can configure the time by using W32TM. Here are the steps for you to configure the time of your domain controller / PDC.
1a.  Run the following command on the PDC emulator: 
       w32tm /config /manualpeerlist:timeserver /syncfromflags:manual /reliable:yes /update
       (where timeserver is a –space delimited– list of your time source servers)

1b.  Once done, restart W32Time service by running the following commands:
       net stop w32time
       net start w32time
  
2a. To point the domain controllers to the PDC, run the following command on all other DCs (that
      are not PDC): 
      w32tm /config /syncfromflags:domhier /update

2b.  Once done, restart W32Time service by running the following commands:
       net stop w32time
       net start w32time

To check the source time server, please run the following commands:
w32tm /query /status


Reference:
“It’s Simple!” – Time Configuration in Active Directory
http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx