The Windows Time service (W32Time) uses the Network Time Protocol (NTP) to help synchronize time across a network. NTP is an Internet time protocol that includes the algorithms necessary for synchronizing clocks and is required by the Kerberos authentication protocol in order to ensure that all computers within an enterprise use a common time.
NTP is a more accurate time protocol than the Simple Network Time Protocol (SNTP) that is used in some versions of Windows; however W32Time continues to support SNTP to enable backward compatibility with computers running SNTP-based time services, such as Windows 2000. NTP uses UDP port 123 for communications. Further details of the Windows Server 2003 implementation may be found in the Windows Server 2003 Technical Reference.
Within an Active Directory forest, the domain controller holding the PDC emulator operations master role in the forest root domain is the head of a hierarchical structure for time synchronisation throughout the forest, and would typically be configured to synchronise with a known time source – either a hardware device, or an Internet time server (in the past I have used the United States Naval Observatory servers tick.usno.navy.mil and tock.usno.navy.mil). This configuration may be established using the following command syntax:
net time /setsntp[:ntp server list]
Best practice would indicate that multiple time sources be configured, by DNS name (rather than IP address); however even when correctly configured W32Time errors may be exhibited in the event logs. Microsoft has confirmed this as a problem in Windows Server 2003 and Microsoft knowledge base article 830092 discusses the problem. A hotfix is available from Microsoft Product Support Services (PSS).