Very recently a Navy Time Server had pushed out an incorrect time to users whom were misconfigured with W32TM and ended up causing havoc on their Windows domains. I'm proposing a modification to the BPA which tells Admins to point to a single time source to inform the user that they should configure multiple time sources in the /manualpeerlist option.
Much of my recommendation comes from the following URL: http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers
I have validated with the debug log for W32TM that it does indeed follow a proper clock selection algorithm which would provide significantly more redundancy and accurate time to a Windows AD Environment.
Recommendation:
Configure your /manualpeerlist option with 5 geographically distinct time sources at a minimum, with the possibility of utilizing more as-needed.
w32tm /config /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org time.windows.com" /update