If you have ever come across a situation where your Domain Controller (DC) is syncing properly to its ntp source, but the time is incorrect, the likelihood is that you are operating a virtual server environment and your Primary Domain Controller (PDC) is a virtual machine.

The issue

This Microsoft article Virtual Active Directory Domain Controller explains clearly, uner the heading “Time Service” that you must remove the sync between the virtual machine and the host.

Time service
For virtual machines that are configured as domain controllers, it is recommended that you disable time synchronization between the host system and guest operating system acting as a domain controller. This enables your guest domain controller to synchronize time from the domain hierarchy.

To disable the Hyper-V time synchronization provider, shut down the VM and clear the Time synchronization check box under Integration Services

Thinking about it, this makes perfect sense. With the option ticked, the PDC is set to get its time from the host, and if the host is part of the domain, it in turn is set to get its time from the nearest DC, who also in turn get their time from the PDC. A cyclic loop where no one gets the time from an external ntp source.

Un-tick the “Time synchrnoization” option from hyper v manager

