This information was taken from the VMWare white paper Virtualizing a Windows Active Directoy Domain Infrastructure
Using Windows Time Service for Synchronization
The first option is to use the Windows Time Service and not VMware Tools synchronization for the forest root PDC Emulator. This requires configuring the forest PDC emulator to use an external time source. The procedure for defining an alternative external time source for this â€œmaster time server is as follows:
- Modify Registry settings on the PDC Emulator for the forest root domain: In this key:
â€¢ Change the Type REG_SZ value from NT5DS to NTP. This determines from which peers W32Time will accept synchronization. When the REG_SZ value is changed from NT5DS to NTP, the PDC Emulator synchronizes from the list of reliable time servers specified in the NtpServer registry key.
â€¢ Change the NtpServer value from time.windows.com,0x1 to an external stratum 1 time sourceâ€”for example, tock.usno. navy.mil,0x1.
This entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list can use either fully-qualified domain names or IP addresses. (If DNS names are used, you must append ,0x1 to the end of each DNS name.)
In this key:
â€¢ Change AnnounceFlags REG_DWORD from 10 to 5.
This entry controls whether the local computer is marked as a reliable time server (which is only possible if the previous registry entry is set to NTP as described above). Change the REG_DWORD value from 10 to 5 here.
- Stop and restart the time service:
net stop w32time net start w32time
- Manually force an update: w32tm /resync /rediscover
Microsoft KB article # 816042 provides detailed instructions for this process.