There’s an important difference in how DHCP works on a W2K3 DHCP server as compared to a Small Business Server 2003 (SBS2K3) box.
If you boot up an SBS2K3 box and it finds another DHCP server somewhere on the network, the SBS box will shut down its DHCP service. That’s a good way of finding a rogue DHCP server on your network if your company has under 75 seats and uses SBS–check the event log for DHCP service failure. SBS checks for rogue DHCP servers once an hour.
Rogue DHCP detection on W2K3 DHCP servers is more complicated. If your DHCP server belongs to an Active Directory domain, then it checks AD for a list of authorized DHCP servers. If it finds itself in the list, the DHCP service starts. But if your W2K3 DHCP server belongs instead to a workgroup, it broadcasts DHCPINFORMS when it starts up and if it receives a response (DHCPACK) then it does the following:
- If the response is from a DHCP server belonging to an AD domain, the workgroup DHCP server doesn’t start its DHCP service.
- If the response is from any other DHCP server (or if there’s no response at all) then its DHCP service starts up.