Recipe 18.12 Authorizing a Microsoft DHCP Server
18.12.1 Problem
You want to authorize a Microsoft DHCP server in Active
Directory so that clients can use it.
18.12.2 Solution
18.12.2.1 Using a graphical user interface
Open the DHCP snap-in. In the left pane, right-click on DHCP and select New Server. Type in the name of the new DHCP server and click OK. Click on the server entry in the left pane. Right-click on the server and select Authorize.
18.12.3 Discussion
Windows 2000- and Windows Server 2003-based DHCP servers must be
authorized before they can give out leases to clients. This feature
helps reduce the occurrence of rogue DHCP servers that an end-user
sets up, perhaps even unintentionally. A rogue DHCP server can
provide incorrect lease information or deny lease requests
altogether, ultimately causing a denial of service for clients on
your network.
If the DHCP Server service is enabled on a domain controller, it is
automatically authorized. A DHCP server that is a member server of an
Active Directory domain performs a query in Active Directory to
determine whether it is authorized. If it is, it will respond to DHCP
requests, if not, it will not respond to requests. A standalone DHCP
server that is not a member of an Active Directory domain sends out a
DHCPINFORM message when it first initializes. If an authorized DHCP
server responds to the message, the standalone server will not
respond to any further DHCP requests. If it does not receive a
response from any DHCP servers, it will respond to client requests
and give out leases.
Authorized DHCP servers are represented in Active Directory as
objects of the dhcpClass
class, which can be found in the cn=NetServices,cn=Services,cn=Configuratation,<ForestRootDN>
container. The RDN for each authorized DHCP server is the
IP address of the server.
|
Windows 2000 DHCP servers cannot be authorized with the Windows
Server 2003 version of the DHCP snap-in unless the DHCP server has
Service Pack 2 installed.
|
|
18.12.4 See Also
MS KB 279908 (Unexpected Results in the DHCP Service Snap-In After
Using NETSH to Authorize DHCP), MS KB 300429 (HOW TO: Install and
Configure a DHCP Server in an Active Directory Domain in Windows
2000), and MS KB 303351 (How to Use Netsh.exe to Authorize,
Unauthorize, and List DHCP Servers in Active Directory), MS KB
306925 (Cannot Authorize New DHCP Server in
Active Directory), and MS KB 323360 (HOW TO: Install and Configure a
DHCP Server in an Active Directory Domain in Windows Server 2003)
|