gpupdate Configure Domain Controller to synchronize time with external NTP server (ca.ntp.pool.org)
UDP port 123 must be open on firewall to allow NTP traffic in and out from this DC.
From DC command prompt type "telnet portquiz.net 123" to test if the port 123 traffic can go out.

8 Steps total
Step 1: Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.
If you have multiple domain controller and don't know which DC holds PDC role then use following command:
netdom /query fsmo

Step 2: Type following commands on elevated command prompt
Step 3: w32tm /config /manualpeerlist:"0.pool.ntp.org,0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org,0x1"

0.uk.pool.ntp.org,0x1 1.uk.pool.ntp.org,0x1 2.uk.pool.ntp.org,0x1 3.uk.pool.ntp.org,0x1

Configure external time sources

Step 4: w32tm /config /reliable:yes
Make this DC a reliable time source for the clients.

Step 5: net stop w32time && net start w32timenet stop w32
restart w32 time server, now DC should synchronize time with  pool.ntp.org time servers.

If the DC is not synchronizing time with the external NTP server then che event logs (Event Viewer >> System). Normally event id 47 which means it is unable to reach the external NTP server, check the firewall to make sure port 123 is open.

Step 6: Some helpful w32tm commands:
Force synchronizing the time asap
w32tm /resync /nowait

Check NTP configuration
w32tm /query /configuration

w32tm /query /source
Display time source

w32tm /query /peers
Display list of all configured NTP servers and their status

w32tm /query /status
Display time service status i.e whether it is getting time from local cmso clock/external NTP server

w32tm /resync /rediscover

Step 7: Force domain computers to synchronize the time with the DC; use elevated command prompt
w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Step 8: Following commands will reset the time service to default.
net stop w32time
w32tm /unregister
w32tm /register
net start w32time