logo

Dynamic Host Configuration Protocol (DHCP)

IT administrators have been working with and around Active Directory since the introduction of the technology in Windows 2000 Server. Windows 2000 Server was released on February 17, 2000 but many administrators began working with Active Directory in late 1999 when it was released to manufacturing (RTM) on December 15, 1999.

DHCP is another network service that is used by Windows Server.

DHCP Authorization

In an AD DS environment, DHCP servers must be authorized before they can lease IP addresses to clients on a network. DHCP servers are authorized by their IP addresses, and will be checked against AD DS to verify that it is authorized to lease IP addresses. If an unauthorized DHCP server detects an authorized DHCP server, the unauthorized DHCP server will stop leasing addresses to clients.

In an AD DS environment, the DHCP service must be installed on a server that is a member of the domain, or it cannot be authorized.

Installing and running the DHCP service on a stand-alone server is supported, but must be on a separate network or VLAN than any authorized DHCP server.

To authorize a DHCP server, the administrator must be a member of the Enterprise Admins built-in security group. However, the right to authorize DHCP server may be delegated to other administrators within the domain.

To authorize a DHCP by using it’s FQDN, the FQDN must not exceed 64 characters. If the FQDN is more than 64 characters, it must be authorized by using an IP address.

DHCP and DNS

DHCP can be integrated with DNS to provide dynamic updates to pointer (PTR) and A records in a DNS zone. This ability enables a DHCP server to be a proxy for any DHCP client running an operating system that does not automatically update their DNS registration.

DHCP Configuration

In Windows Server 2012, DHCP can be configured with DHCP failover. DHCP failover enables the DHCP server to be configured in hot standby mode, which provides redundancy, or load balance mode, which allocates client leases across two DHCP servers. The mode can be changed at any time, but a DHCP scope only supports using one mode at a time.

IPv4 addresses that have been leased or reserved, including the options and settings for each scope, are shared by two DHCP servers. A single DHCP server supports up to 31 failover relationships. Failover relationships can be reused for additional scopes to avoid exceeding the limit.

Hot Standby Mode

When using DHCP hot standby mode, two servers operate the DHCP service, however one server provides and responds to all DHCP requests.

The secondary server will only provide leases if the primary server is unreachable. To provide leases, a percentage of the IP address pool must be reserved for use by the secondary server. By default, this is set to 5%.

If the secondary server leases all of the IP addresses in the reserved space, it will not issue additional IP addresses from the primary server’s scope. Existing leases will be renewed if requested by a DHCP client.

Additionally, when the secondary server leases an IP address, the lease time is the maximum client lead time (MCLT) duration, not the full scope lease time. After the MCLT time has expired, the secondary server will use the entire address pool in the scope, assuming that the primary server has resumed.

Load Balancing Mode

Using DHCP in load balancing mode is the default method of deployment.

In this method, two servers provide the DHCP services simultaneously for a DHCP scope.

The load balancing method is defined by a percentage of IP addresses on each server, and by default is split 50:50. This ratio or percentage can be configured to any amount between the two servers.

The DHCP servers load balance based on a hash of the requesting client’s MAC address. The MAC address thus determines which DHCP server will respond to a client’s DHCP request.

Similar to hot standby mode, if the partner server is unavailable, the remaining server will lease and renew IP addresses for the MCLT duration. After the MCLT time has expired, if the partner server is not online, the remaining server will lease addresses from the entire IP address pool for the scope.

More information about Active Directory basisc you will find in our AD tutorial for begginners.

Expert in Microsoft infrastructure and cloud-based solutions built around Windows, Active Directory, Azure, Microsoft Exchange, System Center, virtualization, and MDOP. In addition to authoring books, Brian writes training content, white papers, and is a technical reviewer on a large number of books and publications.