M09: DHCP Services

Dynamic Host Configuration Protocol automates IP address management, eliminating manual configuration and reducing administrative overhead.

What You'll Learn

  • DHCP architecture and DORA process
  • Scopes, pools, and reservations
  • DHCP options and policies
  • Failover and high availability
  • Troubleshooting lease issues

Prerequisites

  • TCP/IP fundamentals
  • Windows Server basics
  • DNS understanding (M08)
  • Active Directory concepts
Enterprise Reality: A misconfigured DHCP server can take down an entire network. Understanding scope design and failover is critical for maintaining uptime.
DHCP automates IP address assignmentPC01no IP yetPC02no IP yetPC03no IP yetDHCP Serverscope: 10.0.0.50-200lease: 8 daysrouter + DNS options.50.51.52Manual IP config does not scale beyond a small labDHCP handles assignment, options, renewals, conflict detection

DHCP Architecture

DHCP follows a client-server model where clients broadcast requests and authorized servers respond with IP configurations.

DHCP Communication

Client
No IP Address
Broadcast
UDP 67/68
DHCP Server
IP Pool

Key Components

  • DHCP Server - Maintains IP pools and configuration data
  • Scope - Range of IP addresses for a subnet
  • Lease - Temporary assignment of IP to client
  • Relay Agent - Forwards requests across subnets
Authorization Required: In Active Directory environments, DHCP servers must be authorized before they can respond to client requests. This prevents rogue DHCP servers.
DHCP components and their rolesClientdhclient / WindowsstackServerDHCP Server rolescope databaseRelay agentrouters w/ ip helpercross-subnet bridgeScope10.0.0.50 - 10.0.0.200Pooladdresses available to leaseReservationpinned by MAC, server-sideOptionsrouter, DNS, NTP, search domainServer speaks UDP 67/68 + 4011 (PXE)

The DORA Process

DHCP uses a four-step handshake to assign IP addresses. Understanding DORA is essential for troubleshooting.

Discover
Client broadcasts "I need an IP address"
Offer
Server offers an available IP from its pool
Request
Client requests the offered IP address
Acknowledge
Server confirms and provides full configuration
Lease Renewal: At 50% of lease time (T1), client attempts unicast renewal with its DHCP server. At 87.5% (T2), it broadcasts for any DHCP server.
DORA: Discover, Offer, Request, AckClientPC01aa:bb:cc:dd:ee:ffServerDHCP011. Discoverbroadcast: any DHCP?2. Offer10.0.0.50, 8d lease3. RequestI will take it4. Ackconfirmed, here are optionsAfter D-O-R-A: client has IP, gateway, DNS, search domain

Scopes and Address Pools

A scope defines the range of IP addresses a DHCP server can lease to clients on a specific subnet.

Scope Components

  • Address Range: Start and end IP
  • Subnet Mask: Network boundary
  • Exclusions: IPs not to assign
  • Lease Duration: How long clients keep IP

Best Practices

  • Exclude static IPs (servers, printers)
  • Reserve first 20-50 IPs for infrastructure
  • Use 8-day lease for stable networks
  • Use shorter leases for guest networks

Define the IP address range, subnet mask, and lease duration for a new DHCP scope.

# Create a scope that hands out .100-.250 with an 8-day lease PS C:\> Add-DhcpServerv4Scope -Name "Corporate LAN" ` -StartRange 192.168.1.100 ` -EndRange 192.168.1.250 ` -SubnetMask 255.255.255.0 ` -LeaseDuration 8.00:00:00
# Expected output: # ───────────────────────────────────────────────────────────── ScopeId Name State StartRange EndRange # ───────────────────────────────────────────────────────────── 192.168.1.0 Corporate LAN Active 192.168.1.100 192.168.1.250

Exclude the first 50 addresses from the pool so servers and infrastructure keep their static IPs.

# Reserve .1 through .50 for static infrastructure devices PS C:\> Add-DhcpServerv4ExclusionRange -ScopeId 192.168.1.0 ` -StartRange 192.168.1.1 -EndRange 192.168.1.50
# Expected output: # ───────────────────────────────────────────────────────────── ScopeId StartRange EndRange # ───────────────────────────────────────────────────────────── 192.168.1.0 192.168.1.1 192.168.1.50
A scope defines one subnet's address poolScope: Corp-WiFi (10.0.0.0/24).1.254excluded.1 - .49infra, routerpool of leases.50 - .200handed to clientsreservations.201 - .250printers, kiosksLease: 8 daysOption 3: router 10.0.0.1Option 6: DNS 10.0.0.10Add-DhcpServerv4Scope, Add-DhcpServerv4ExclusionRangeOne scope per subnet; multi-subnet servers run multiple scopes

DHCP Reservations

Reservations guarantee a specific IP address is always assigned to a particular device based on its MAC address.

When to Use Reservations

  • Network Printers: Users bookmark printer IPs
  • Servers needing DHCP: Some appliances can't use static
  • IP-based Access Control: Firewall rules by IP
  • Legacy Devices: Equipment requiring specific IPs

Guarantee a specific IP for a device by binding its MAC address to an address in the scope.

# Reserve 192.168.1.200 for the second floor printer by MAC PS C:\> Add-DhcpServerv4Reservation -ScopeId 192.168.1.0 ` -IPAddress 192.168.1.200 ` -ClientId "00-1A-2B-3C-4D-5E" ` -Name "HP-LaserJet-Floor2" ` -Description "Second floor printer"
# Expected output: # ───────────────────────────────────────────────────────────── IPAddress ScopeId ClientId Name # ───────────────────────────────────────────────────────────── 192.168.1.200 192.168.1.0 00-1A-2B-3C-4D-5E HP-LaserJet-Floor2

List all reservations in a scope to audit which devices have guaranteed addresses.

# Show every reservation in the Corporate LAN scope PS C:\> Get-DhcpServerv4Reservation -ScopeId 192.168.1.0
# Expected output: # ───────────────────────────────────────────────────────────── IPAddress ScopeId ClientId Name # ───────────────────────────────────────────────────────────── 192.168.1.200 192.168.1.0 00-1A-2B-3C-4D-5E HP-LaserJet-Floor2 192.168.1.201 192.168.1.0 00-1A-2B-3C-4D-6F IP-Phone-Lobby
Reservation vs Static: Reservations are preferred because they're centrally managed and include DHCP options. Static IPs must be configured on each device.
Reservation: same IP, every renewalPrinter-01MAC aa:bb:cc:ddalways .220DHCP Serverlooks up MACin reservation table.220always# DHCP reservation tableAdd-DhcpServerv4Reservation -ScopeId 10.0.0.0 \-IPAddress 10.0.0.220 -ClientId aa-bb-cc-dd-ee-ff -Name "Printer-01"Best for: printers, scanners, kiosks, conference room PCsNo need to log into the device, IP is centrally managed

DHCP Options

Options provide additional configuration beyond IP addresses, such as DNS servers, gateways, and domain names.

Option Code Description
Router (Default Gateway) 003 IP of the default gateway
DNS Servers 006 List of DNS server IPs
DNS Domain Name 015 Domain suffix for clients
WINS Servers 044 NetBIOS name servers (legacy)
NTP Servers 042 Time synchronization servers
Options ride along with the lease003Router (default gateway)006DNS Servers015DNS Domain Suffix042NTP servers044WINS / NetBIOS servers051Lease time066TFTP server (PXE)067Bootfile name (PXE)Where they apply:Server levelall scopes inheritScope leveloverride per subnetReservation leveloverride per host (most specific wins)

Option Levels

Option Levels

  • Server Options - Apply to all scopes on the server
  • Scope Options - Apply to a specific scope
  • Reservation Options - Apply to a single reservation

Configure the essential scope options so clients get DNS, gateway, and domain suffix.

# Push DNS, gateway, and domain name to all clients in this scope PS C:\> Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 ` -DnsServer 192.168.1.10,192.168.1.11 ` -Router 192.168.1.1 ` -DnsDomain "hexworth.local"
# Expected output: # ───────────────────────────────────────────────────────────── OptionId Name Value # ───────────────────────────────────────────────────────────── 003 Router {192.168.1.1} 006 DNS Servers {192.168.1.10, 192.168.1.11} 015 DNS Domain Name hexworth.local
Options ride along with the lease003Router (default gateway)006DNS Servers015DNS Domain Suffix042NTP servers044WINS / NetBIOS servers051Lease time066TFTP server (PXE)067Bootfile name (PXE)Where they apply:Server levelall scopes inheritScope leveloverride per subnetReservation leveloverride per host (most specific wins)

DHCP Policies

Policies allow conditional assignment of options based on client properties like MAC address prefix, vendor class, or user class.

Policy Use Cases

  • VLAN Assignment: Different options per device type
  • VoIP Phones: Specific TFTP server for phone configs
  • Guest Devices: Shorter lease, different DNS
  • Corporate vs BYOD: Different network access

Create a policy that matches VoIP phones by their MAC address prefix.

# Match any device whose MAC starts with 00:1E:BE (VoIP vendor) PS C:\> Add-DhcpServerv4Policy -Name "VoIP-Phones" ` -ScopeId 192.168.1.0 ` -Condition "OR" ` -MacAddress "EQ","00:1E:BE:*"
# Expected output: # ───────────────────────────────────────────────────────────── Name ScopeId Enabled ProcessingOrder # ───────────────────────────────────────────────────────────── VoIP-Phones 192.168.1.0 True 1

Assign the TFTP boot server option to phones that match the VoIP policy.

# Push the TFTP server address (option 66) to matched phones PS C:\> Set-DhcpServerv4OptionValue -PolicyName "VoIP-Phones" ` -ScopeId 192.168.1.0 ` -OptionId 66 -Value "tftp.hexworth.local"
# Expected output: # ───────────────────────────────────────────────────────────── OptionId Name Value # ───────────────────────────────────────────────────────────── 066 Boot Server Host Name tftp.hexworth.local
Policy Order Matters: Policies are processed in order. The first matching policy wins, similar to firewall rules.
DHCP Policies: per-vendor / per-MAC rulesPolicy: PrinterFleetifVendorClass starts with "Lexmark"thengive lease from 10.0.0.220 - 10.0.0.240andset lease time to 30 days (printers do not move)andpush DNS option pointing at print-mgmt.corp.localConditions: VendorClass, UserClass, MAC address prefix, ClientIDActions: assign from sub-range, override options, set lease lengthUse cases: VoIP phones, IoT, BYOD vs corp laptopsAdd-DhcpServerv4Policy + Add-DhcpServerv4Condition

DHCP Failover

DHCP failover provides high availability by allowing two servers to share responsibility for a scope.

Hot Standby Mode

  • Primary handles all requests
  • Secondary activates if primary fails
  • Best for branch/HQ scenarios
  • Standby reserves 5% of pool

Load Balance Mode

  • Both servers actively respond
  • Split 50/50 by default
  • Best for same-site HA
  • Better performance

Pair two DHCP servers in load-balance mode so they share the scope 50/50.

# Create a 50/50 load-balance failover relationship with DC2 PS C:\> Add-DhcpServerv4Failover -Name "DC1-DC2-Failover" ` -PartnerServer "DC2.hexworth.local" ` -ScopeId 192.168.1.0 ` -LoadBalancePercent 50 ` -SharedSecret "SecurePassword123" ` -MaxClientLeadTime 1:00:00
# Expected output: # ───────────────────────────────────────────────────────────── Name Mode PartnerServer ScopeId # ───────────────────────────────────────────────────────────── DC1-DC2-Failover LoadBalance DC2.hexworth.local 192.168.1.0
MCLT (Maximum Client Lead Time): Time a server can extend a lease beyond partner's knowledge. Default is 1 hour. Longer MCLT = more resilience but slower failback.
Two servers share one scope's leasesDHCP01 (primary)52% of leasesDHCP02 (partner)48% of leaseslease syncTwo modes:Load balanceboth serve, weighted (default 50/50)Hot standbyprimary leads, partner kicks inAdd-DhcpServerv4Failover-Name "Corp" -ScopeId 10.0.0.0 -PartnerServer dhcp02 -SharedSecret ***No need for the scope to live on a cluster

DHCP and DNS Integration

DHCP can automatically register client hostnames in DNS, enabling name resolution without manual record creation.

Dynamic DNS Updates

  • Client Registers A Record: Client updates its own forward lookup
  • Server Registers PTR Record: DHCP server updates reverse lookup
  • Always Update: Server registers both A and PTR on client's behalf

Tell DHCP to register both A and PTR records in DNS and clean them up when leases expire.

# Enable full DNS registration and auto-cleanup on lease expiry PS C:\> Set-DhcpServerv4DnsSetting -ScopeId 192.168.1.0 ` -DynamicUpdates "Always" ` -DeleteDnsRROnLeaseExpiry $true
# Expected output: # ───────────────────────────────────────────────────────────── DynamicUpdates DeleteDnsRROnLeaseExpiry UpdateDnsRRForOlderClients # ───────────────────────────────────────────────────────────── Always True False

Verify the current DNS integration settings for a specific scope.

# Check what DNS update behavior is configured for this scope PS C:\> Get-DhcpServerv4DnsSetting -ScopeId 192.168.1.0
# Expected output: # ───────────────────────────────────────────────────────────── DynamicUpdates NameProtection DeleteDnsRROnLeaseExpiry # ───────────────────────────────────────────────────────────── Always False True
Credential Management: When DHCP registers DNS on behalf of clients, use a dedicated service account with permissions to update DNS zones. This prevents orphaned records if the DHCP server changes.
DHCP can register client records in DNSPC01requests leaseDHCP Serverassigns 10.0.0.78DNSPC01 A 10.0.0.78Who registers the records?A record (forward): client OR serverPTR record (reverse): serverDnsCredential = service accountDHCP impersonates this account when calling DDNSCritical for secure dynamic updates in AD zonesSet-DhcpServerv4DnsSetting -DynamicUpdates Always

Troubleshooting DHCP

Common DHCP issues and their diagnostic approaches.

Common Issues

  • APIPA address (169.254.x.x)
  • Scope exhaustion (no IPs left)
  • Rogue DHCP server
  • Wrong options delivered
  • Lease conflicts

Diagnostic Tools

  • ipconfig /all
  • ipconfig /release + /renew
  • Event Viewer (DHCP logs)
  • DHCP audit logs
  • Wireshark (DORA capture)
DDNS update modes from DHCPNever✗ A record✗ PTR recordmanual DNS onlyFor: closed labsdeliberateIf requestedif asked: A recordalways: PTRclient opts inFor: mixed clientshonors client wishAlways✓ A record✓ PTR recordDHCP enforcesFor: AD domainsconsistent recordsModes set per scope, default for AD environments is Always

Troubleshooting DHCP, Configuration

Check scope utilization to see if you are running low on available addresses.

# View how many IPs are free, in use, and reserved PS C:\> Get-DhcpServerv4ScopeStatistics -ScopeId 192.168.1.0
# Expected output: # ───────────────────────────────────────────────────────────── ScopeId Free InUse Reserved PercentageInUse # ───────────────────────────────────────────────────────────── 192.168.1.0 98 52 1 34.67%

List every active lease to see which clients currently hold addresses.

# Show all active DHCP leases in this scope PS C:\> Get-DhcpServerv4Lease -ScopeId 192.168.1.0
# Expected output: # ───────────────────────────────────────────────────────────── IPAddress ClientId HostName LeaseExpiryTime # ───────────────────────────────────────────────────────────── 192.168.1.105 00-1A-2B-3C-4D-5E PC-FLOOR2 6/23/2025 10:00 AM 192.168.1.112 00-1A-2B-3C-4D-6F LAPTOP-JDOE 6/22/2025 03:15 PM

Track down a specific device by filtering leases on a partial MAC address.

# Search for a device by partial MAC address match PS C:\> Get-DhcpServerv4Lease -ScopeId 192.168.1.0 | Where-Object { $_.ClientId -like "*1A-2B-3C*" }
# Expected output: # ───────────────────────────────────────────────────────────── IPAddress ClientId HostName LeaseExpiryTime # ───────────────────────────────────────────────────────────── 192.168.1.105 00-1A-2B-3C-4D-5E PC-FLOOR2 6/23/2025 10:00 AM
DDNS update modes from DHCPNever✗ A record✗ PTR recordmanual DNS onlyFor: closed labsdeliberateIf requestedif asked: A recordalways: PTRclient opts inFor: mixed clientshonors client wishAlways✓ A record✓ PTR recordDHCP enforcesFor: AD domainsconsistent recordsModes set per scope, default for AD environments is Always

Advanced: Superscopes & Multicast

Superscopes

A superscope groups multiple scopes that share the same physical network, used when you've exhausted one IP range.

  • Combines multiple logical subnets on one segment
  • Enables gradual IP range expansion
  • Useful during network migrations

Group two scopes under one superscope so they serve the same physical network.

# Combine two scopes into a single superscope for the same segment PS C:\> Add-DhcpServerv4Superscope -SuperscopeName "Corporate" ` -ScopeId 192.168.1.0,192.168.2.0
# Expected output: # ───────────────────────────────────────────────────────────── SuperscopeName ScopeId # ───────────────────────────────────────────────────────────── Corporate {192.168.1.0, 192.168.2.0}

Multicast Scopes (MADCAP)

Assigns multicast addresses (224.0.0.0-239.255.255.255) for streaming and conferencing.

  • Used by video conferencing systems
  • Windows Media Services
  • Multicast deployment (WDS)
Rarely Used: Multicast DHCP is uncommon in modern environments. Most multicast applications have their own address management.
Troubleshoot DHCP from client + serverclient side first, then server sidePS> ipconfig /release ; ipconfig /renew drop the lease, start DORA againPS> ipconfig /all shows lease times, DHCP server, DNS, gatewayPS> Get-DhcpServerv4Lease -ScopeId 10.0.0.0 list active leases (server side)PS> Get-DhcpServerv4ScopeStatistics -ScopeId 10.0.0.0 pool utilization, free, in-use, availablePS> Get-WinEvent -LogName "Microsoft-Windows-DHCP-Server/Operational"

Lab Preview: DHCP Management

Practice DHCP administration through both GUI and PowerShell interfaces.

GUI Lab Tasks

  • Create a new DHCP scope
  • Configure scope options
  • Add reservations for devices
  • Set up exclusion ranges
  • Configure failover

PowerShell Lab Tasks

  • Create scopes with cmdlets
  • Manage reservations
  • Query active leases
  • Configure DHCP options
  • Monitor scope statistics
Real-World Scenario: You'll configure DHCP for a new branch office, including scope design, option assignment, and failover to headquarters.
Start GUI Lab Start PowerShell Lab
Module 9 takeawaysDORA4-step handshakeScopeone per subnetReservationpinned by MACOptionsrouter, DNS, NTPPoliciesVendorClass rulesFailoverload balance + hot standbyDDNSDHCP registers in DNSReady for DHCP labs and quiz
Course Home