Hi @mizzle,
It sounds like ONTAP is not synchronized with the Domain Controller, check out this guide to diagnose https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/How_to_configure_and_troubleshoot_NTP_in_ONTAP_9_using_CLI
The diag command "systemshell -node local "sudo ntpq -pn" " will show you the current sync status. NTP (the protocol) may be marking your domain controller as Stratum 16 and potentially as a "falseticker" (the second unlikely if you have a single NTP source).
Provide your output to <systemshell -node local "sudo ntpq -pn"> (sanitized of course)
* NTP will keep in sync when it is working, this is different to SNTP which is a sync on schedule arrangement.
Personally I would be looking to use a network device (firewall or switch) as your NTP server, even if its in free-run. Also there are so many cheap GPS clocked NTP servers (you can get one brand new for EUR 100 / $110 USD)....... they are not super accurate, but great for your use case.