In our environment (which has been reliable thus far), I configure all Domain Controllers to synchronize their time with an external source.
I use the w32tm command, you have to run it twice, one to set the config, and one to commit the change.
At a command prompt:
- First, modify the config; You are telling the windows time service here to sync from a manual peer list, and that the server specified is reliable. In my case I use pool.ntp.org - this is a pool of free NTP servers on the internet.
w32tm /config /syncfromflags:MANUAL /manualpeerlist:pool.ntp.org /reliable:YES
Then run a second command to notify the windows time service that the config has changed and to commit it.
w32tm /config /update
Once this is done on all domain controllers, their time will be "synchronized" to the same time source (and an accurate one at that). By default, all member servers and computers look to the closest domain controller for their time updates. This should keep ALL your PCs up to date. You can also point other devices (routers, switches, WAPs, etc) to your domain controllers as an NTP source.
Hope this information can help you
Best wishes
Vicky