Microsoft recommends that you avoid this completely by not running the DHCP Server on a domain controller. But as of Windows 2000 Service Pack 1, you can work around this issue by configuring the DHCP Server to use alternate credentials when making dynamic updates. The account doesn’t need any special permissions in order to dynamically update records. After you’ve configured alternate credentials, check the event log for any errors pertaining to logon issues (perhaps the username or password are incorrect) or dynamic update errors.

If you back up a DHCP Server’s configuration using NTBackup, DNS credentials are not backed up. This is done intentionally to prevent someone from hijacking names by restoring a DHCP Server from backup. You must manually restore the DNS credentials if you have to restore a DHCP Server.

Using a graphical user interface

1. Open the DHCP snap-in.
2. In the left pane, right-click on DHCP and select Add Server.
3. Type in the name of the DHCP Server you want to target and click OK.
4. Right-click the server and select Properties.
5. Click the Advanced tab.
6. Click the Credentials button.
7. Enter the username, domain, and password for the account you want to use.
8. Click OK until all dialog windows are closed.

Using a command-line interface

Use the following command to display the current DNS credentials used by the DHCP Server:

> netsh dhcp server show dnscredentials

Use the following command to configure new DNS credentials on the DHCP Server:

> netsh dhcp server set dnscredentials  
 

Use the following command to remove the DNS credentials used by the DHCP Server:

> netsh dhcp server delete dnscredentials dhcpfullforce