One of the crucial parts in modern IT world is proper time and date. While it may seem that 30 seconds or even 5 minutes is not a big deal it actually matters. Modern certificates, systems and many security features require proper time verification. In Active Directory based environment all computers, servers are by default to sync time from main domain controller. While this is great it also means main domain controller actually has to to have proper time. And this is where you need to make sure it's always up to date. Solution to this is synchronizing active directory with external time source.
To make sure your Primary Domain Controller (PDC) is always up to date when it comes to time you have to:
Find your PDC (I assume you know one, but just in case…)
[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().RootDomain.PdcRoleOwner.Name
Find out your current configuration
# Get current time settings
w32tm /query /status
Change your time settings to multiple trusted NTP servers:
# Set time settings
w32tm.exe /config /manualpeerlist:"0.europe.pool.ntp.org 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org" /syncfromflags:manual /reliable:YES /update
# Update configuration
w32tm.exe /config /update
# Restart Time service
Restart-Service w32time
Verify if the settings were updated properly. If the answer is incorrect try multiple times. It may take a moment or two to process things.
# Get current time settings
w32tm /query /status
Finally confirm output
PS C:\Windows\system32> w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0418354s
Root Dispersion: 7.8054506s
ReferenceId: 0x8AC9876C (source IP: 138.201.135.108)
Last Successful Sync Time: 1/24/2018 5:10:56 PM
Source: 2.europe.pool.ntp.org
Poll Interval: 6 (64s)
If you're located elsewhere it's quite easy to find multiple other NTP sources such as US based: “0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org”