I have a Server 2008 R2 domain controller running in VM on Hyper-V that is 7 minutes fast which I need to fix. I understand that this maybe down to the DC running in VM's.
What I would like to know is how I can correct it?
I believe I can setup the DC to use a public/internet NTP server, but I don't know any or have any idea how to do. Also according to a few forums I may experience problems if the time is changed on the DC and that time is more than 3 minutes.
If anyone can help I would be very grateful!
On the domain controller holding the PDC Emulator flexible single-master operations (FSMO) role in the forest root domain of your Active Directory forest should have an external-to-the-forest time source specified. On every other DC, time synchronization should be handled by the "Windows Time" service automatically. The DCs in each domain will sync with their domain's PDC Emulator role-holder, and the PDC Emulator role-holders in each domain will synchronize with the forest root PDC Emulator role-holder.
Per this document from Microsoft, be sure that you've disabled time synchronization in Host Integration Services.
Follow the procedure here to locate the DC in your domain that holds the PDC Emulator role. If you have a single-domain environment, then the PDC Emulator role-holder should have an external-to-the-forest time source configured.
Microsoft offers some more detailed guidance here, but the gist of setting an external-to-the-forest time source is using the "NET TIME" command, run on the forest root PDC Emulator role-holder, to specify the NTP server:
Be sure that you can resolve the NTP server's name and that your firewall passes NTP (UDP port 123).
In addition to setting up SNTP/Windows Time, You also need to disable time syncronization under integration services. If you don't, you'll have conflicts as to what is setting the time, the Hyper-V Host or the Windows Time service.
Here's an article describing the process. You might also want to take a look at Ben Armstrong's article The Domain Controller Dilemma. One of the comments specifically mentions DC's under Hyper-V and time syncronization.