Microsoft recommends that you avoid this completely by not running the DHCP Server on a domain controller. But as of Windows 2000 Service Pack 1, you can work around this issue by configuring the DHCP Server to use alternate credentials when making dynamic updates. The account doesn’t need any special permissions in order to dynamically update records. After you’ve configured alternate credentials, check the event log for any errors pertaining to logon issues (perhaps the username or password are incorrect) or dynamic update errors.

If you back up a DHCP Server’s configuration using NTBackup, DNS credentials are not backed up. This is done intentionally to prevent someone from hijacking names by restoring a DHCP Server from backup. You must manually restore the DNS credentials if you have to restore a DHCP Server.

Using a graphical user interface

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Right-click the server and select Properties.
5. Click the Advanced tab.
6. Click the Credentials button.
7. Enter the username, domain, and password for the account you want to use.
8. Click OK until all dialog windows are closed.

Using a command-line interface

Use the following command to display the current DNS credentials used by the DHCP Server:

> netsh dhcp server show dnscredentials

Use the following command to configure new DNS credentials on the DHCP Server:

> netsh dhcp server set dnscredentials  
 

Use the following command to remove the DNS credentials used by the DHCP Server:

> netsh dhcp server delete dnscredentials dhcpfullforce

The dhcploc command lets you see a computer’s DHCP traffic for a broadcast domain. Simply pass in the IP address of the machine from which you are running the command:

> dhcploc 192.168.32.24

You will not see any output from the command until it captures some DHCP traffic. You can try running ipconfig /renew to force some traffic to be generated. You can also press the “d” key when you have dhcploc running to have it generate a DISCOVER message.

Here is some sample output from the command:

9:34:58 (IP)0.0.0.0        NACK      (S)192.168.31.84     ***
 9:36:38 (IP)192.168.190.130 OFFER     (S)192.168.12.226   ***
 9:36:38 (IP)192.168.196.231 ACK       (S)192.168.13.53
 9:36:53 (IP)192.168.196.231 ACK       (S)192.168.13.53
 9:37:05 (IP)192.168.196.234 OFFER     (S)192.168.13.53
 9:37:05 (IP)192.168.193.232 OFFER     (S)192.168.12.198
 9:37:06 (IP)192.168.190.132 OFFER     (S)192.168.12.221   ***

The first column contains a timestamp, the second column is the IP address of the target computer, the third is the DHCP request type, the fourth is the IP address of the DHCP Server, and the fifth is a flag that indicates whether the DHCP Server is authorized. If it is not authorized, you’ll see three stars (***). In the previous output, you can see that 192.168.31.84, 192.168.12.226, and 192.168.12.221 are all unauthorized DHCP Servers.

dhcploc can also send alerts if it detects an unauthorized server. This allows you to start dhcploc, leave it running, and let it proactively notify you when it discovers an unauthorized server. To do so, specify the /a: option followed by the list of users to alert as shown here:

> dhcploc /a:"rallen" 192.168.32.24

dhcploc works by capturing all of the DHCP traffic it sees on the network. Since most DHCP traffic is sent via broadcast, every computer in the broadcast domain (e.g., all computers connected to a hub on a local segment), can look at DHCP traffic. Most computers simply discard the traffic unless it is destined for them, but dhcploc captures all DHCP traffic.

Do not run dhcploc from a DHCP Server. DHCP traffic will be delivered to dhcploc instead of the DHCP Server. By running the command directly on a DHCP Server, it is likely the server won’t be able to respond to any client requests.

Also, with DHCP the time of day is important. When users arrive in the morning and fire up their computers, there will be a lot of DHCP Discover requests by client computers. Depending on your lease duration, you may see additional spikes throughout the day. For example, if your lease duration is set to four hours, clients will begin to extend the lease after two hours. Then at the end of the day, when your users shut down their computers, you may see a lot of DHCP Release request activity.

For good rules of thumb concerning what to watch for when observing the DHCP performance counters, go to http://msdn.microsoft.com and search on “DHCP Server Object.” In the Performance Monitor Reference, Microsoft describes all of the counters and provides guidance on how to determine bottlenecks based on what you are seeing.

If you determine that you are seeing an unusually high rate of DHCP requests, you’ll want to learn what clients are generating the bulk of the traffic.

You can view a snapshot of the number of DHCP requests a server has processed by doing the following:

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Right-click the server and select Action > Display Statistics.

You can get similar information by running the following command:

> netsh dhcp server \\ show mibinfo

You can also trend DHCP statistics over a period of time using Performance Monitor:

1. Open the Performance Monitor snap-in.
2. Click the plus (add) button in the right pane.
3. Under Performance object, select DHCP Server.
4. Under Select counters from list, click on a counter you want to view and click the Add button. You can also click on the Explain button to view more information about a specific counter.
5. Click Close when you are done.

>  netsh dhcp server export C:\dhcp.txt 10.1.2.0 10.1.3.0

Using a graphical user interface

The Windows 2000 Resource Kit contains a tool called dhcpexim , which is a simple GUI for exporting and importing DHCP Server configuration. However, I’ve tested it on Windows Server 2003 and have not been able to make it work properly. Based on other newsgroup postings on the subject, it doesn’t appear the Windows 2000 version of dhcpexim works with Windows Server 2003. So until a new version is released (which may never happen), your only option on Windows Server 2003 is the CLI solution described next.

Using a command-line interface

The following command exports DHCP Server configuration to c:\dhcp.txt:

>  netsh dhcp server export C:\dhcp.txt all

To import this configuration on another server, copy c:\dhcp.txt to the target server and run the following command on that server (I’m assuming the DHCP Server has already been installed):

>  netsh dhcp server import C:\dhcp.txt all

If you restore via the DHCP snap-in, both the database and registry key are restored. In order for the change to take effect, you have to restart the DHCP Server if it is already running.

One thing that is not restored, because it is not backed up, is the DNS credentials (user name, password, and domain) used for making dynamic DNS updates. If your DHCP Server is not performing dynamic DNS updates on behalf of your clients, you do not need to worry about this; but if you are, then you’ll need to manually restore these settings.

Using a graphical user interface

1. Open the DHCP snap-in on the target DHCP Server.
2. In the left pane, click the server node.
3. From the menu, select Action Restore.
4. Select the folder that contains the backup files (the default location will automatically be opened) and click OK.
5. If the DHCP Server service is running, you’ll be prompted to restart it for the changes to take effect. Click Yes.

Using a command-line interface

You can’t initiate a restore from netsh, but if you’ve exported the DHCP Server configuration with the dump option, you can import it elsewhere. The following command imports the configuration saved to the file dhcpconfig.dmp:

> netsh exec dhcpconfig.dmp

The DHCP Server takes care of performing regular database backups, but you’ll still need to use a backup tool such as NTBackup to archive those backups on a regular basis. As long as you are backing up the %SystemRoot%\system32\dhcp directory and the system state (which includes the registry), you can restore the database and server configuration on the same server or on another server if necessary.

Using a graphical user interface

1. Open the DHCP snap-in on the target DHCP Server.
2. In the left pane, click the server node.
3. From the menu, select Action Backup.
4. Select the folder to store the backup files in and click OK.

Using a command-line interface

You can’t initiate a backup from netsh, but you can configure how frequently the automatic backups occur and where backup files are stored. The following command changes the default backup time to 24 hours (1,440 minutes):

> netsh dhcp server set databasebackupinterval 1440

The following command changes the backup location to d:\dhcp\backups:

> netsh dhcp server set databasebackuppath d:\dhcp\backups

You can also dump the DHCP Server configuration to a text file and import it later using netsh. Here is how you export it:

> netsh dhcp server dump > dhcpconfig.dmp

The dump option does not export any lease information.

By default, the DHCP database is named dhcp.mdb. You can change this too if necessary, although not by using the DHCP snap-in. Use the following command to change the name of the database to rallencorp-dhcp.mdb:

> netsh dhcp server set databasename rallencorp-dhcp.mdb

After modifying the database or audit log paths or the database name, you have to restart the DHCP Server service for the changes to take effect.

Using a graphical user interface

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Right-click the server node and select Properties.
5. Click the Advanced tab.
6. Modify the audit file or database path as needed and click OK.

Using a command-line interface

The following command sets the database path to d:\dhcp:

> netsh dhcp server set databasepath d:\dhcp

The following command sets the audit log file path to d:\dhcp\logs:

> netsh dhcp server set auditlog d:\dhcp\logs

The events logged to the audit log (a plain text file) have the following format:

ID,Date,Time,Description,IP Address,Host Name,MAC Address

The DHCP Server monitors how the log files grow and the available disk space to determine if it should stop logging prematurely to prevent it from consuming too much space. There are two conditions that cause auditing to stop:

• When disk space runs below 20 MB on the filesystem the log files are on.
• When a single log file reaches the preset maximum size (the default is 1 MB).

Fortunately, you can modify these default values by editing the registry. There are three registry values that control DHCP Server disk monitoring located under HKLM\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters:

DhcpLogDiskSpaceCheckInterval

This specifies the number of audit entries recorded between disk verification checks. The default is 50, which means 50 events have to be recorded before the disk verification check occurs.

DhcpLogFilesMaxSize

The maximum size in megabytes for all seven log files. By default, this is 7, which means each log file can only grow to be 1 MB before the DHCP Server stops logging for that day.

DhcpLogMinSpaceOnDisk

The minimum size in megabytes that must exist on the filesystem for logging to continue. The default is 20, which means the DHCP Server will stop logging altogether if disk space goes below 20 MB on the filesystem.

You may need to create these values (as REG_DWORD) if they don’t already exist.

Using a graphical user interface

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Right-click the server node and select Properties.
5. On the General tab, check the box beside Enable DHCP audit logging.
6. Click OK.

Using a command-line interface

Surprisingly, netsh doesn’t allow you to enable DHCP audit logging. You can only modify the audit log file path. However, this setting is controlled via the registry. The following command enables auditing by setting the ActivityLogFlag value:

> reg add HKLM\System\CurrentControlSet\Services\DhcpServer\Parameters /v
 ActivityLogFlag /t REG_DWORD /d 1

To disable auditing, use the same command except use /d 0 in place of /d 1.

When you create a reservation, you associate a MAC address with an IP address. You can get the MAC address for a specific network adapter by running ipconfig /all and looking beside Physical Address. After you create the reservation, the next time that network adapter requests a lease, the DHCP Server will recognize the MAC address and assign it the IP address of the reservation.

You may be wondering that since you have to go to the trouble of creating a reservation for servers with static IP addresses, why use DHCP at all for these hosts. The primary benefit of still using DHCP is for the auto-configuration options and the ability to change settings such as DNS Server or WINS Servers across a large number of hosts. Using DHCP means you have to configure fewer things manually on the server. However, if you are provisioning network settings another way, perhaps via group policy, this might not be enough justification.

Using a graphical user interface

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Expand the target scope.
5. Right-click on Reservations and select New Reservation.
6. Enter the name, IP address, MAC address, and description for the reservation.
7. Click Add.
8. The reservation will now show up under Address Leases and will be marked as inactive until the target client requests a lease.

Using a command-line interface

The following is the general syntax for adding a reservation:

> netsh dhcp server scope  add reservedip  

The following command creates a reservation for IP address 10.1.2.5:

> netsh dhcp server scope 10.1.2.0 add reservedip 10.1.2.5 000102C8B474 rallen-wxp

 "Robbie's laptop"

The netsh command supports a few other options for deleting leases. Instead of specifying the lease IP address, you can instead specify a hostname. The following command deletes the lease associated with the host rallen-wxp in the scope 10.1.2.0:

> netsh dhcp server scope 10.1.2.0 delete lease \\rallen-wxp

If there are multiple leases that have been allocated to rallen-wxp, only the first one will be deleted. You can also delete all leases marked as BAD_ADDRESS (which indicates the server attempted to assign the lease IP, but some other device is using that address). The following command deletes all BAD_ADDRESS leases:

> netsh dhcp server scope 10.1.2.0 delete lease allbadaddresses

Finally, you can delete all leases obtained by a RAS server using the following command:

> netsh dhcp server scope 10.1.2.0 delete lease allrasserveraddresses

Using a graphical user interface

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Expand the target scope.
5. Click on Address Leases. The list of allocated leases will be displayed in the right pane.
6. To delete a lease, right-click the target lease in the right pane and select Delete.
7. Confirm the deletion by selecting Yes.

If you are interested in scope utilization, you can view the statistics on a per-scope basis by right-clicking the scope and selecting Display Statistics.

Using a command-line interface

The following command displays the allocated leases for scope 10.1.2.0:

> netsh dhcp server scope 10.1.2.0 show clients

The following command deletes the lease for IP address 10.1.2.5:

> netsh dhcp server scope 10.1.2.0 delete lease 10.1.2.5