Welcome to article number 20 in my 70-240 in 15 minutes a week series. This week's article covers the Dynamic Host Configuration Protocol in Windows 2000. This includes a look at integration with Active Directory, as well as the configuration of scopes,
Superscopes, multicast scopes, options, client configuration and more. This is the first article in the networking services portion of the series - the last of the four major exam areas for 70-240.
The material to be covered in this article includes:
- DHCP service overview
- DHCP and Active Directory
- Configuring DHCP scopes
- Configuring options
- 'Other' scopes in Windows 2000 DHCP
- Backing up and Restoring the DHCP database
- DHCP Client configuration
DHCP Service Overview
At a minimum, you should certainly be familiar with the basic purpose of DHCP - to provide client systems with IP addresses. The main reason for the existence of DHCP as a service is the fact that it greatly simplifies the allocation of IP addresses to clients, a process that when done manually can lead to errors, duplication, and a great deal of time spent less than efficiently. Although DHCP does the basic thing that you expect it to in Windows 2000, there is a great deal more functionality that was found in the version from NT 4, and you'll need to be aware of the differences. Some of the 'new' functionality isn't actually new - for example, DHCP supported the ability to create Superscopes in NT 4 SP2. However, since many of you probably don't have much experience with Superscopes, I'll describe them here. On the whole, you'll probably be impressed with some of the new features of DHCP in Windows 2000, while being able to build on the understanding you originally acquired under NT 4. Nothing like a nice and simple topic to get us started on the last portion of the series.
DHCP and Active Directory
The first thing you'll need to understand about Windows 2000 DHCP is that if your DHCP server is part of a Windows 2000 domain, the server must be 'authorized' in Active Directory. If a DHCP server has not been authorized, it will not hand out IP addresses to clients. The purpose of DHCP server registration stems from the fact that unwanted DHCP servers can wreak havoc on a network. At times this is done maliciously, but often an inexperienced administrator installs the service not understanding that any DHCP server who hears a request will reply offering an address. Windows 2000 tries to solve some of these problems by requiring that DHCP be authorized, thus eliminating the problems posed by 'rogue' DHCP servers. While this sounds great, unfortunately the total benefit is more limited. The only servers that will check to see whether or not they are authorized are Windows 2000 DHCP servers - your NT 4 DHCP servers (and others) will continue to hand out IP addresses regardless.
The authorization process itself is very simple. Using the DHCP console tool, simply right-click the DHCP icon, choose Manage Authorized Servers, and then authorize the server by adding its name or IP address, as shown below. Note that the only person who can authorize a DHCP server is a user who is a member of the Enterprise Admins group (this ability can be delegated if required)
When the DHCP server service attempts to start (which happens automatically during a reboot), it will send a DHCPINFORM message to Active Directory to determine its authorization state. If it has been authorized, the service starts correctly. If it hasn't, the service does not start. The DHCP server will query Active Directory periodically (every 5 minutes by default) to ensure that its authorization status hasn't changed.
Configuring DHCP scopes
Certainly the most common task when configuring a DHCP server is creating and managing scopes. A scope is created for the purpose of allocating IP addresses and a subnet mask at a minimum, but usually gateway, DNS, and WINS server information as well. A given DHCP server will usually be configured with a number of scopes, capable of leasing addresses to hosts on a number of different subnets. Each of these scopes is configured independently, and can be enabled or disabled on a scope-by-scope basis.
In Windows 2000, the scope creation process has been simplified through the use of the New Scope Wizard. This tool walks you through the entire process of creating a scope. This includes:
- Providing a scope name and description. As a best practice you should be sure to provide a description that provides additional information. Usually the name of the scope maps to its subnet, for example 'Scope 192.168.1.0/24'
- Providing a range of valid IP addresses and a subnet mask (as shown below). At a minimum, this is the basic information that must be provided. One important note - after creating the scope, you cannot change the subnet mask. That means if you make a mistake, you'll need to delete and recreate the scope.