Setting Up a DHCP Server for your Organization
Years ago, I used to be a network administrator for an organization that had some rather odd security policies in place. One of the existing policies when I got there was that all computers had to be assigned a static IP address. DHCP servers were forbidden for security reasons. The result was a maintenance nightmare. Obviously, some servers have a legitimate need for static IP addresses, but usually it is perfectly acceptable for workstations to use dynamic IP addresses. Generally speaking, using static IP addresses on workstations is only truly feasible on small networks. Unfortunately, the network that I spoke of a moment ago was anything but small. It had 25,000 workstations.
This network was a logistical nightmare for several reasons. For starters, any time that a PC’s hard disk crashed, someone had to figure out which IP address had been assigned to that PC before Windows could be reloaded. You can imagine what it was like to try to figure out which of the 25,000 IP addresses was supposed to be assigned to the machine that was being rebuilt. There was no central list of addresses. Each building had their own address block to manage, and consequently, there was no standard for managing addresses. Quite frequently, someone would assign a PC an address that had already been used, resulting in an IP address conflict that forced someone else’s PC off of the network.
Hopefully, this story shows you why it is a good idea to assign dynamic IP addresses to the workstations on your network. Fortunately, the process of configuring a Windows 2003 Server to act as a DHCP server is simple. Furthermore, in most cases, the DHCP services place such a small burden on the server that the DHCP services can often be run on one of your existing servers rather than you having to invest in a dedicated machine. In this article, I will show you how to install the DHCP services on a Windows 2003 Server. I will also take the opportunity to discuss some common DHCP configuration issues.
Avoiding DHCP Conflicts
As you will see later on, the Active Directory is designed to prevent rogue DHCP servers from being placed onto your network. The idea is that you don’t want to have an unauthorized DHCP server assigning an invalid block of IP addresses to the computers on your network. However, this protective mechanism is only effective if the rogue DHCP server is running a Windows operating system and is attempting to interact with the Active Directory.
Microsoft didn’t invent DHCP and DHCP servers are certainly not unique to Windows networks. In fact, it’s very possible that you might have a DHCP server on your network right now and not even know it.
When most people think of a DHCP server, they tend to think of a Windows, UNIX, Linux, or perhaps a NetWare or Macintosh server that is configured to assign IP addresses to clients. While these are certainly types of DHCP servers, you would probably notice it if someone brought one of these types of servers online on your network (at least I hope you would notice it). The most common type of rogue DHCP server is a router with a built in DHCP service. For example, wireless access points are available at any electronics store for a ridiculously low price. The vast majority of wireless access points have a built in DHCP server that is enabled by default. Typically, these devices are set up to assign an address in the 192.168.x.x range to any client (wireless or wired) that requests it. The DHCP services aren’t just limited to wireless access points though. You’ve probably seen low budget routers that are designed to connect a small network to a broadband Internet connection. These devices almost always have a built in firewall and a built in DHCP server.
A DHCP server can also be software based. For example, most of the Windows operating systems that have been released in the last decade offer a service called Internet Connection Sharing (ICS). The idea behind ICS is that one computer’s internet connection can be shared with other computers on the network. The ICS service implements its own mini DHCP service. Just for the record, ICS and the DHCP services that are a part of the Windows Server have trouble co-existing on a network.
The biggest trick to making the DHCP services work well on your network is to make sure that the IP address range that the server is handing out does not overlap with the addresses being handed out by another DHCP server on your network. If there are other DHCP servers present, you must make sure that they are configured to assign appropriate addresses to your workstations. It’s perfectly OK to use multiple DHCP servers on your network. In fact, doing so provides you with a degree of fault tolerance. You must however make sure that each DHCP server is assigned a block of IP addresses that does not overlap with an address block managed by another DHCP server. These blocks of addresses are known as scopes.
If you aren’t aware of any DHCP servers on your network, then I recommend performing a quick test prior to deploying a Windows based DHCP server just to verify the absence of DHCP servers on your network. The easiest way to confirm that no DHCP servers are presently active is to configure a workstation’s TCP/IP settings so that the workstation acquires an IP address automatically. After doing so, simply reboot the computer and see if it is assigned an IP address. You can determine whether or not an IP address has been assigned by opening a Command Prompt window and entering the IPCONFIG /ALL command.
Installing a DHCP Server
Now that I have talked about how you can avoid DHCP conflicts, let’s talk about how to install and configure a Windows Server 2003 based DHCP server. Before I get started, I should mention that the server itself must be configured to use a static IP address.
Begin the process by selecting the Add / Remove Programs option in the Control Panel. When the Add / Remove Programs dialog box opens, click the Add / Remove Windows Components button. After a brief delay, Windows will open the Windows Components Wizard. Scroll through the list of available components until you find the Networking Services option. Select Networking Services and then click the Details button. You will now see a list of the various Windows network services. Select the check box next to Dynamic Host Configuration Protocol and click OK, followed by Next. Windows will now begin to copy the necessary files. During this operation, you may be prompted to insert your Windows Server installation CD. When the file copy operation completes, click Finish to close the wizard.
Configuring a DHCP Server
The process of configuring the DHCP services is almost as simple as the installation was. Before you begin the configuration process though, you will need to come up with at least one scope. Remember that a scope is a range of IP addresses that the DHCP server can lease to clients.
Begin by opening the DHCP console. You can access the DHCP console by selecting the DHCP command from the server’s Administrative Tools menu. When the console opens, the first thing that you will want to do is to create a new scope. To do so, right click on your server and select the New Scope command from the resulting shortcut menu. This will cause Windows to launch the New Scope wizard. Click Next to bypass the wizard’s Welcome screen and you will be prompted to enter a name and a description for the scope. After doing so, click Next and you will see a screen prompting you to enter the beginning and ending addresses of the scope range. After doing so, you must also enter the subnet mask to be used by the addresses (or the number of bits to use for a subnet) before clicking next.
The next screen gives you a chance to enter any necessary exclusions. Exclusions are addresses within the scope that are already in use. Entering an exclusion address prevents the DHCP server from leasing that address. Enter any exclusions that you might have and click Next. You will now be prompted to enter a lease duration. The lease duration is the length of time that a workstation can use an IP address before having to either give the address up or renew it. The default lease period is eight days, which works fine in most cases.
Click Next and you will see a screen asking if you want to configure extra DHCP options. Select the Yes option and click Next. You are now given the opportunity to enter the address for a default gateway. Click Next and you are presented with a screen that allows you to enter the IP address of one or more DNS servers. Click next one more time and you will be allowed to enter the addresses of any WINS servers that may exist on your network (newer networks do not usually use WINS servers). Click Next once more and you will be asked whether or not you wish to activate the scope. Select the yes option and click Next followed by Finish.
Although the newly created scope has been activated it won’t be used just yet because the DHCP server has not been authorized to issue addresses for your network. To solve this situation, right click on the server’s listing within the DHCP console and select the Authorize command from the shortcut menu. Assuming that you are logged in as a domain administrator, the server will be authorized to start servicing requests.
In this article, I explained that setting up a DHCP server provides you with an easy way of assigning IP addresses to workstations on your network. I then went on to show you how to install and configure a DHCP Server and how to avoid overlapping scopes.