The main steps to configure DHCP on Windows Server are installation, Active Directory authorization, creating a scope and DNS registration. Learn about other tasks and best practices.
Network nodes require an IP address configuration that usually comprises the IP address, subnet mask, default gateway IP for the router, name servers and other values.
Administrators can manually set this information, resulting in a static configuration. A Dynamic Host Configuration Protocol (DHCP) server can also dynamically provide the information.
Generally, servers, routers, network printers and other such devices have a static configuration. Workstations, laptops, phones, tablets and other end-user devices receive their configuration via DHCP.
Client devices lease their IP address configuration by using the following four-step DORA process:
Discover. The client broadcasts an attempt to discover a DHCP server.
Offer. DHCP servers that receive the client broadcast offer an IP address configuration.
Request. The client formally requests the IP configuration from the first DHCP server to respond.
Acknowledge. The DHCP server acknowledges the lease and doesn't offer that same address to another client.
The lease must be renewed by the client periodically.
Now that we've briefly reviewed how IP addresses are allocated and the lease generation process, let's delve into more detail about how to configure the Windows Server DHCP service.
1. Install DHCP on Windows Server 2019
The DHCP service is not automatically installed on Windows Server 2019. It is easy to add, however, using either Server Manager or Windows PowerShell.
To add DHCP using Server Manager, select Add Roles and Features, and then select DHCP in the Roles list.
To add the DHCP role using the command line, open Windows PowerShell (Admin), and type the following:
Install the DHCP role by using Windows PowerShell.
The installation takes about one minute to complete.
Once admins install the DHCP service, they can manage it by selecting Tools > DHCP.
2. Authorize DHCP in Active Directory
Windows-based DHCP servers must be registered with Active Directory (AD) before they begin offering IP address configurations to clients.
Right-click on the server node in the DHCP console, and select Authorize to accomplish this authorization. You need Enterprise Admin privileges to authorize DHCP.
3. Create a scope
Before building the first pool of available IP addresses, it's critical to plan the deployment. Devices, such as servers, routers and even printers, may have static IP address configuration. Make sure you have identified these addresses and that you allow for them in scope. Many administrators place all statically assigned IP addresses at the front of the scope.
Here is a simple example design:
Scope address range: 192.168.2.0/24
Static IP addresses: 192.168.2.1 through 192.168.2.25 (be sure to leave some room for additional devices)
Dynamic IP addresses: 192.168.2.26 through 192.168.2.254
You also need to gather additional configuration details, including the following:
Name and description. The scope name and an optional description.
Default gateway value. The IP address of the network interface card in the router attached to this network.
Name resolution servers. The IP address of one or more DNS servers.
Reservations. Any IP addresses that are dynamically allocated to specific clients, enabling those clients to acquire a consistent IP configuration from DHCP.
Lease time. The time the IP address lease is valid. It needs to be renewed at the halfway point of the lease. The Windows Server DHCP default is eight days.
4. Configure and activate the scope
Once you have documented the above values, you can configure the scope. Right-click the server node in the DHCP console, and then select New Scope. A wizard prompts you for the information you collected above. These settings can be changed later.
Create a new DHCP scope.
Once activated, the DHCP server begins responding to DHCP client discover messages by offering IP addresses. The scope can be deactivated, the DHCP service can be stopped or restarted, and the DHCP server can be deauthorized in AD.
5. DNS registration
DNS relates easy-to-remember hostnames with difficult-to-remember IP addresses. This database can be populated in several ways.
One method is to configure the DHCP server to create resource records for the client. The DHCP server can be set to create A records (hostname to IP address), pointer (PTR) records (IP to hostname) or both.
The default is for DHCP to create the PTR record, while the client itself registers its record with DNS.
Configure DNS options.
Administrative DHCP tasks
The DHCP service is simple to configure. But sys admins often find some additional settings to be useful.
Create reservation
In some cases, it's useful to allow a client machine to maintain a consistent IP address. While you could set the IP address configuration statically, it's often better to reserve the IP address for the client in DHCP. The client goes through the DORA process to receive its settings, so values, such as router and name resolution servers, can still be updated via DHCP.
Reserve an IP address for the Dev-Computer.
DHCP failover
With Windows Server 2012, Microsoft introduced DHCP failover. It seems many administrators are unaware of this capability. Configuration is straightforward and requires no special software.
Ensure the DHCP role is installed on both DHCP servers and that they have network connectivity with each other.
Configure a DHCP scope on one of the servers.
Right-click the scope, and select DHCP Failover from the context menu.
Complete the wizard.
Select the second DHCP server, and observe that the new scope appears.
Configure DHCP failover.
Logs
Managing service log files is a standard function for sys admins. DHCP writes messages to Event Viewer and to text files.
Sys admins can check the system log for general DHCP and network messages. They can find DHCP entries by drilling down to Applications and Services > Microsoft > Windows > DHCP-Server > Microsoft-Windows-DHCP-Server-Events > Operational.
DHCP also generates text-based log files stored at C:\Windows\System32\dhcp. These logs are extremely useful for troubleshooting. They can display information for why the server was unable to lease configurations to clients.
DHCP text logs
Note that the text file logs are named based on days of the week and are overwritten weekly. If you want to retain these logs, you must rename them before the upcoming day of the week can overwrite them.
The DHCP role is not installed by default, so the first step is to add it. From there, create a new scope based on your plan.
Be careful of conflicting scopes
As more subnets -- and, therefore, more DHCP scopes -- are added to the network, it's imperative that sys admins accurately document the IP address ranges. Overlapping scopes, where two DHCP servers are offering the same IP addresses to clients, result in a variety of network communications issues.
This is part of the reason why Microsoft requires DHCP servers to be authorized in AD. That authorization can only be implemented by Enterprise Admins, who should have enough broad knowledge of network configuration to prevent conflicting scopes.
Avoid duplicate IP address offers
One of the most serious misconfigurations is a client computer configured with a static IP address that falls within the DHCP server's scope. In that case, the server can offer the IP address to a client because it is unaware of the static IP. This results in an IP address conflict.
The Windows DHCP service can be configured to ping an IP address before offering it to a client. If the ping returns a response, the DHCP server knows the address is already in use and should not be offered. The server offers a different address to the client.
Configure conflict detection attempts.
The ping request occurs between the Discover and Offer steps of the lease generation process. It introduces a significant delay, so only configure this setting if you have a real concern about undocumented static IP addresses on client devices.
Conclusion
Microsoft has made the configuration of a DHCP server straightforward. Make sure you have a solid understanding of the entire network's IP address configurations before you begin and plan your scope around both dynamic and static IP address assignments.
The DHCP role is not installed by default, so the first step is to add it. From there, create a new scope based on your plan. Add any options, such as DNS and reserved addresses. Review log files regularly. DHCP is simple but critical for network communication.
