I want to set up an NTP Time Server on my DHCP server.
Doable. And, it's a more than a good idea to set up a time server. Windows
authentication can fail if the authenticating client's clock is too far
adrift.
It is just a member server running 2000 and not a DC.
Doable, but not worth doing. Start with "Basic Operation of the Windows Time
Service" at
http://support.microsoft.com/?id=224799, and follow the link at the bottom
to "How to Configure an Authoritative Time Server in Windows 2000",
http://support.microsoft.com/?id=216734 and then the link at the bottom of
that to the Microsoft white paper "The Windows Time Service"
http://www.microsoft.com/windows2000/docs/wintimeserv.doc.
The first article mentions, in 2a - b, that the Windows client running
W32Time, a fully compliant implementation of SNTP, determines network
latency with its authenticating domain controller, determines correct local
time, and adjusts it. I'm guessing that the latency is calculated during
authentication, and since workstation time is used in authentication, this
is so close to costing nothing in the default configuration as to be
essentially free. Say some time-sensitive operation "goes wrong" on your
member server. Is it worth the extra trouble to figure out a nonstandard
configuration? Suppose you have a time clock or security system that uses
system time, and this becomes evidence in a lawsuit. You really want to
explain getting clever in a court of law, or would you rather say that this
system's time is kept in sync by a well-known, well understood protocol, per
your vendors default configuration, used by most of the business networks
around the world?
Is it possible to set up this server to sync with an internet time server
and set all my other servers, including DCs and PDCs, to sync with it?
Sure. Neo makes a good point. There is no reason you cannot have your FSMO
get its time from an internal server, which gets its time from an external
time server, rather than going directly to an external time server. I know
of shops that use border routers or firewalls for this. You can even
purchase small devices that pick up the U.S. government radio broadcast
signal, and provide time service tick your FSMO, so this private time server
is all your FSMO needs. You can't get much less latency than a radio signal
and a device that does nothing else.
For an external server, I generally encourage admins to see if their service
provider will tell provide them with a time server on the service provider's
network, since public time servers just get hammered. What I have read is
that one is generally advised to choose an external time server that is
reasonably close, geographically, for the public time server. The same
reasoning makes sense for internal time servers on a large LAN or on a WAN,
and probably why the Microsoft implementation chose as a default the
authenticating DC. You want your internal time servers to be a devices that
have minimal internal latency, and as little external / network latency as
you can get.
Should I also push out a time server address with DHCP?
You can. But, again, there is no reason to do so for Windows. But if you
have non-Windows systems that use DHCP, they can get their time server
address thus.
