Recipe 18.12 Authorizing a Microsoft DHCP Server

18.12.1 Problem

You want to authorize a Microsoft DHCP server in Active Directory so that clients can use it.

18.12.2 Solution Using a graphical user interface
  1. Open the DHCP snap-in.

  2. In the left pane, right-click on DHCP and select New Server.

  3. Type in the name of the new DHCP server and click OK.

  4. Click on the server entry in the left pane.

  5. Right-click on the server and select Authorize.

18.12.3 Discussion

Windows 2000- and Windows Server 2003-based DHCP servers must be authorized before they can give out leases to clients. This feature helps reduce the occurrence of rogue DHCP servers that an end-user sets up, perhaps even unintentionally. A rogue DHCP server can provide incorrect lease information or deny lease requests altogether, ultimately causing a denial of service for clients on your network.

If the DHCP Server service is enabled on a domain controller, it is automatically authorized. A DHCP server that is a member server of an Active Directory domain performs a query in Active Directory to determine whether it is authorized. If it is, it will respond to DHCP requests, if not, it will not respond to requests. A standalone DHCP server that is not a member of an Active Directory domain sends out a DHCPINFORM message when it first initializes. If an authorized DHCP server responds to the message, the standalone server will not respond to any further DHCP requests. If it does not receive a response from any DHCP servers, it will respond to client requests and give out leases.

Authorized DHCP servers are represented in Active Directory as objects of the dhcpClass class, which can be found in the cn=NetServices,cn=Services,cn=Configuratation,<ForestRootDN> container. The RDN for each authorized DHCP server is the IP address of the server.

Windows 2000 DHCP servers cannot be authorized with the Windows Server 2003 version of the DHCP snap-in unless the DHCP server has Service Pack 2 installed.

18.12.4 See Also

MS KB 279908 (Unexpected Results in the DHCP Service Snap-In After Using NETSH to Authorize DHCP), MS KB 300429 (HOW TO: Install and Configure a DHCP Server in an Active Directory Domain in Windows 2000), and MS KB 303351 (How to Use Netsh.exe to Authorize, Unauthorize, and List DHCP Servers in Active Directory), MS KB 306925 (Cannot Authorize New DHCP Server in Active Directory), and MS KB 323360 (HOW TO: Install and Configure a DHCP Server in an Active Directory Domain in Windows Server 2003)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List