As we all know, time sync on domain joined computers is essential. The following details configuration of the Domain Controllers to sync with a trusted time source via NTP.
I always recommend configuring the PDC Emulator to sync with a known good NTP source, then all other DCs be configured as Domain Heirs. This configuration ensures that all of the DCs have the same time source, which in turn flows to all client PCs.
If the DC is configured with the Hyper-V time provider (as is the case with Azure VMs), this should be disabled before configuring NTP sync.
To disable the Hyper-V time provider, enter the following from an administrative command prompt:
reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0
netdom query pdcw32tm /config /manualpeerlist:"au.pool.ntp.org,0x1;1.au.pool.ntp.org,0x1" /syncfromflags:MANUALw32tm /config /reliable:yesnet stop w32time && net start w32timew32tm /config /syncfromflags:domhier /updatenet stop w32time && net start w32timew32tm /resync /nowaitw32tm /query /statusw32tm /query /peersw32tm /query /sourcew32tm /query /configurationnet stop w32timew32tm /unregisterw32tm /registernet start w32time