Found an interesting issue; I thought we'd be safe allowing VMware tools to update the guest time on our VMs; it turns out that in a domain setting this is a bad idea. If anything happens to the VMware clock, things go badly. This is true even though I configured VMware to pulls its time via NTP from pool.ntp.org. I found that VM clock times were drifting and this was causing havoc with domain and authentication services. When you have problems with those basic services, many other strange unexplained problems will arise. The best way to handle the situation is to configure AD to distribute time as it it designed to and to totally turn off VMware tools time synchronization unless you need it for a specific reason.

Note that part of AD domain services is a basic time service that all member computers get their time from by default without any configuration

Here are the details on how to configure AD properly:

1. Configure NTP to a reliable outside source only on your domain operations master PDC; if you don't know which DC that is, just open users and computers on a DC and right click the domain name in the tree to get a list of your operations masters.
2. You can also configure this for redundancy by implementing an outside clock source on another DC(which I did on a different DC)
3. Use this command to see how far your domain tie is off: w32tm /stripchart /computer:pool.ntp.org /samples:3 /dataonly
4. Use this command to set your external NTP source clock: w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:manual /reliable:yes /update
5. I did this on my PDC emulator and on the highest priority DC in our second site (for redundancy)
6. All other domain member computers (servers and workstations) will automatically get their time set via AD
7. If other machines don't sync within a few minutes, make sure each of them has the "windows time service" running; restarting this service will also hasten the process of updating clocks.

 Please note that pool.ntp.org is a free/public and reliable NTP source that is comprised of multiple geographically distributed time servers.