I apologize for the delay in response, I really wanted to try to get it without asking for additional help.
I checked the configuration of xenserver and when I had originally set it up I used the NS domain controller as the ntp server and configured the DC to use ntp pool since both xen servers running are attached to the domain of the virtualized NS-dc. (Although this may not be the best way to approach this my goal was to run a pair of xenservers with NS as a guest acting as firewall, Domain controller, etc since out of my Internet provider I the VM of NS locked in to facing the internet via MAC address)
-- wanted to give information on original setup --
Prior to any changes on xen I checked the clock drift from NS to xen as you suggested and it was several minutes out. I then changed the ntp settings on xen to use ntp pool and restarted everything. Now for the past 24 hours the clockdrift between the two hasn't changed at -47 seconds which I thought was within tolerances? However none of the changes have corrected the "Account Provider refused connection" error when trying to add a user, but when checking the domain accounts module it shows that LDAP and join is OK. Also, the clock on NS it good now as it's pulling from ntp pool and not the host OS.
Thank you again for your help. I'm lost on where to proceed. Now that the clocks are correct on both the guest and host, is there anyway I can force change the clock on the account provider module?