time in domain controlers

As long as the computers are in the same domain, they should all time synch with the PDC in the domain, which is responsible for Domain Timekeeping.  Kerberos security for the domain is dependent on systems being relatively in synch (plus/minus 5 mins).  The PDC will be an external NTP Client to time.windows.com    and be an internal NT5DS time server for your domain.

You can check time synch on the 2nd server by checking the Event Viewer:System and look for w32time entries.  Believe it tries to synch/update the local time against the PDC every 3 hrs, as long as the server hasn't be pointed to some other time source (externally).  By default it should be using NT5DS  for it's time protocol, check in the registry:  HKLM\system\currentcontrolset\services\w32time\parameters   under the "Type" key.  It'll either be NT5DS or NTP.  NTP will configure it to use an external time source noted under the NtpServer registry key.

You can force a time synch by issuing:   net time /DOMAIN:{yourdomain} /SET

Hope this helps.

in ntp server parameter in the registry of the dc that is not pdc ,should it be the pdc server ip/dns name or should it be the "time.windows.com,0x9 ?

If the "Type" key above is set to NT5DS, it will ignore the NTP Server entry and query time synch against the PDC emulator in your domain.

Take a look here for explanation of the registry entries for w32time:
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

so,if version parameter is set to NT5DS ,it doesn't matter what is configured in the ntp server parameter because it will get it time sync from the pdc?did i understand correctly?

Yessir!  Just curious, is your client currently in synch with your domain?

yes, i configured gpo for that