I think the worst part about being in a small and previously questionably-run IT environment is that the expectation is that things will be bought once and work forever. It's not a matter of whether I could have upgraded these seven-year-old machines, but whether I would have to explain myself if something fails on an old machine we just spent money upgrading.
I wouldn't blame it on IT. You see, I have tried here too to make the best of things. I try (but apparently fail) to pass the message that you need to replace old stuff, because of the increased failure rate. Case in point, I have now been waiting for three weeks for our only PoE enabled switch to come back from warranty repairs. In any shop, you'd get the budget to buy a second asap, or even better before such a thing happens. Right now, only two people can use the phone and only because I had two power bricks for their IP phones. I think that's unacceptable, my boss doesn't seem to care. As long as there are no absolutely unavoidable costs that make him look bad in the reports. (Hey, would it hurt to give me a budget for stuff like this? But noooooo!). So, I just stopped asking. If something breaks, it's easier to ask for money.
As best as I can tell, several years ago it was automatically syncing to somewhere, but it had been years since that stopped working...
You can sync Windows machines by both NTP and by Samba (Not sure, it's the "net time" command, it seems to suggets ntp these days but it definitely wasn't in the NT4 days). I'd suggest NTP to one of the first-level stratum servers with your domain controller and make that a second-level stratum machine for the rest of your machines. NTP servers are best not virtualized. Just get a small cheap dedicated machine for this, or so.