Monday, September 30, 2013

Windows Server 2012 - DHCP - Part 1 - installation of the role (command line)


DHCP


First, a brief review before examining DHCP in Windows 2012...



DHCP (Dynamic Host Configuration Protocol) allocates IP addresses to client machines (desktops, laptops, hand-held devices, even printers) so manual configuration is not necessary. This is an obvious advantage when hundreds or even thousands of devices require an IP address or a change in IP settings.

 
Let's imagine that the IP address of the DNS server(s) or default gateway changes. Without DHCP, this change would have to be manually adjusted on a multitude of clients (or scripted in some way).
 
DHCP clients initiate contact with the DHCP server by broadcast, using their MAC address. The process follows four steps that one can remember as "DORA".


  • Discover - the client attempts to discover a DHCP server.
  • Offer - the DHCP server offers (from a pool of addresses) an available IP address to the client.
  • Request - the client requests the IP address in question.
  • Acknowledgement - the server sends a packet with configuration information to the client.


DHCP in Windows 2012


Much more can be said about DHCP in general but let's concentrate on DHCP on Windows 2012 and in particular, how it can be configured at the command line.
 
The "traditional" command-line tool for DHCP was netsh.
 
With Windows 2012, we can configure DHCP with Powershell.
 
I will use Powershell for the most part but use some netsh for purposes of comparison.
 
 
I will also use some screenshots to illustrate the results obtained with the command line cmdlets.



Installation of the DHCP role


We first need to install the DHCP role. In Windows 2008/R2, this was accomplished - at the command line - with the servermanagercmd commands (or the ocsetup commands in Server Core).

These commands are deprecated and unavailable in Windows 2012.

So... we will use the Add-WindowsFeature cmdlet (or Install-WindowsFeature).


First, let's see if the role is installed already:

Get-WindowsFeature

Display Name    Name    Install State

------------              ----       -------------

[...]

[ ] DHCP Server   DHCP   Available



Conclusion: The DHCP role is not installed but the binaries are available for installation.

Let's install the role. The cmdlet is very simple (too simple?):

Add-WindowsFeature DHCP

But here, I forgot something...

When I open the GUI to verify the results... I cannot find "DHCP" among the "Tools" in Server Manager.







The solution? We need to execute this command:


Add-WindowsFeature DHCP -IncludeManagementTools

 

Now we can configure DHCP...


At some point, we will need to:

  1. Authorize the DHCP server (unless it is also a domain controller in which case this step is - supposedly - not necessary).
  2. Activate the scope(s).

We cannot activate the scopes until we have created them but we can authorize the DHCP server.

Currently no servers are authorized, as shown respectively by PS and netsh cmds:


PS C:\> Get-DhcpServerInDC

PS C:\>

PS C:\> netsh dhcp show server

0 Servers were found in the directory service:


This is what we would see in the GUI:





The netsh command does not seem to function in Windows 2012:

PS C:\> netsh dhcp server 10.1.1.10 initiate auth

Command completed successfully.

Yet...

PS C:\> netsh dhcp show server

0 Servers were found in the directory service:


Note: the GUI still shows the "Authorize" option meaning, logically, that the DHCP server is not authorized.


The PS cmdlet seems to work, as verified below":

PS C:\> Add-DhcpServerInDC


PS C:\> Get-DhcpServerInDC

IPAddress DnsName

--------- -------

10.1.1.10 dc-001.machlinkit.biz


PS C:\> netsh dhcp show server

1 Servers were found in the directory service:

Server [dc-001.machlinkit.biz] Address [10.1.1.10] Ds location: cn=dc-001.machlinkit.biz


For those that prefer a little more color, the DHCP Manager confirms the changed setting as well:






If the option is to "Unauthorize" the DHCP Server, then logically it is in an authorized state.

Elementary...
  

Although it may not be visible in the command line output or the screenshots, this server is also a domain controller and a DNS server (it was used in a previous post about promoting a server to the domain controller role). Even so, it was not authorized as a DHCP server by default.


At this point, I was about to configure - and activate - a scope. However, I noticed a warning message stating that the DHCP configuration needed to be finished:



The details are here (there is a "Configure DHCP configuration" link not visible in the screenshot):


 
So, it appears that installing the DHCP role at the command line does not create the "DHCP Administrators" Group or the "DHCP Users" group.
 
The existence of these groups in not absoutely necessary since domain administrators can perform all necessary operations and even some that DHCP administrators cannot.
 
Even so, this might be desirable in scenarios where delegation of roles is an objective.
 
Before configuring scopes and options for the scopes, I want to see if the two groups in question can be created at the command line - and with all the proper attributes. Of course, simply creating two groups with the respective names "DHCP Administrators" and "DHCP Users" would not assign members the proper permissions.
 
If you have that information, please do not hesitate to post a comment!





 

2 comments:

  1. Now came to know why DHCP is so important concept to read.

    Thanks
    Silvester Norman

    Change MAC Address

    ReplyDelete
  2. Thanks for reading. Glad to have been useful.

    ReplyDelete