Are there any issues with a virtualized domain controller being PDC and therefor the time source?

Hi,

Your Host will need to configure external time source(VMWare or Hyper-V). At the same time, your Forest root server (PDC role holder) should act as NTP server which will contact the external time source as well and keep the same time across domain.

Since your DC (PDC role holder) is getting time from externally, you need to disable the time settings in Vspehere console, otherwise it will try to get the time from ESX host which is not a recommended method. You can find the settings here;

Open Vsphere console>>Select the VM (your DC)>>Right click and Edit settings>>Options>>Click on VMWare tools>>In the right hand side untick "Syncronise guest time with host"

My EE article deals with this question: Some Hyper-V Hardware and Software Best Practices. There are a number of links in that section to my blog posts that include the w32tm CMD commands to run to configure things.

The PDCe needs to poll an external time source. Whether that's NTP.Org or a RaspberryPi GPS time server on-premises it's up to you. The other DCs and systems need to pull their time from the PDCe (or other DC if necessary).

Active Directory security and many services depend on time. If the time is out of sync, bad things happen. Especially if things go beyond the 5 minute mark.

I have many DCs running in VM environment for years without any issues. As one of the member mentioned, disable time sync from underlying Host server and configure external source.

Here is MS link for things to consider.

https://support.microsoft.com/en-za/help/888794/things-to-consider-when-you-host-active-directory-domain-controllers-i

Disabling time-sync with the host was the ticket I was looking for.  Thank you.