We have setup where we have a main site and a warm DR site. Both sites are connected via a site-2-site vpn and both sites have 2 domain controllers.
All DC are 2016 and we are a vmware shop.
Recently, we started to noticed major time drifts. We thought this was due to time.nist.a being deprecated.
We updated the peers on all the DCs to go to new time servers
I feel the problem is we have peers set on all the domain controllers and that we need to do the following
PDC - set primary and secondary NIST server
all other DC, Set Primary as the PDC with time.nist.giv as a fall back encase the server is down.
Please let me know your feedback or if you have a similar setup.