Lesson 4: Using DHCP with Active Directory Directory Service

Microsoft DHCP provides integration with the Active Directory directory service and DNS service, enhanced monitoring and statistical reporting for DHCP servers, vendor-specific options and user-class support, multicast address allocation, and rogue DHCP server detection. This lesson will explain these new features and explain how DHCP is used with Active Directory directory services.

After this lesson, you will be able to

• Describe how IP address and naming management is managed through DHCP and Active Directory integration
• Describe how DHCP servers are authorized

Estimated lesson time: 15 minutes

Windows 2000 Integrated IP Management

Windows 2000 Server naming and address services offer the flexibility to manage networks more easily and to interoperate with other address and naming systems. As with Windows NT Server 4.0, Windows 2000 Server provides DHCP, DNS, and WINS services to continue to simplify address assignment and name resolution. New with Windows 2000 Server is support for Dynamic DNS, Active Directory integration of DHCP and DNS, and a DHCP relay agent.

Address Assignment and Naming Services

IP address and naming management is simplified through Active Directory integration. Customers can choose to use Active Directory to replicate and synchronize DNS naming throughout the corporate network. This eliminates the need to maintain a separate replication service for DNS. Integrated DHCP and Dynamic DNS services then utilize this directory-registered information to provide address assignment and naming services. As DHCP allocates addresses, DNS and Active Directory are dynamically updated. This lets administrators reassign IP addresses for end systems, and name resolution is updated automatically so they can be located easily.

Support for Legacy Servers

Interoperability with other DHCP and DNS services helps preserve investment in existing services. Customers have the option to use legacy IP address and naming management systems using the Windows 2000 Server DHCP, DHCP relay agent, and/or the DNS service. Standard zone transfer and referral support ensures that the Windows 2000 Server DNS interoperates with other DNS servers for enterprise and Internet address resolution. This lets customers use Active Directory integrated services for their network while maintaining interoperability with Internet and other corporate DNS systems. For example, a company can deploy Active Directory-integrated DNS and DHCP in a core part of its network while interoperating with existing DNS servers. Over time, the Active Directory-based IP management infrastructure can be expanded while interoperability with external DNS services is preserved.

Windows 2000 DHCP is also dynamically integrated with Windows 2000 DNS in support of Active Directory. Earlier versions of DNS do not offer this support, and you should consider upgrading if you plan to deploy Active Directory or want to use network load balancing.

Rogue DHCP Server Detection Feature

The Windows 2000 DHCP service provides a rogue DHCP server detection feature. This prevents rogue (unauthorized) DHCP servers from joining an existing DHCP network in which Windows 2000 Server and Active Directory are deployed. A DHCP server object is created in Active Directory, which lists the IP addresses of servers that are authorized to provide DHCP services to the network. When a DHCP server attempts to start on the network, Active Directory is queried and the server computer's IP address is compared to the list of authorized DHCP servers. If a match is found, the server computer is authorized as a DHCP server and is allowed to complete the system startup. If a match is not found, the server is identified as rogue, and the DHCP service is automatically shut down.

Lesson Summary

IP address and naming management is simplified through Active Directory integration. As DHCP allocates addresses, DNS and Active Directory are dynamically updated. Interoperability with other DHCP and DNS services helps preserve investment in existing services because you can use legacy IP address and naming management systems with Windows 2000 Server DHCP servers. The authorization process for DHCP server computers in Active Directory depends on whether the server is a domain controller, member server, or standalone server. In addition, Active Directory is now used to store records of authorized DHCP servers to protect against unauthorized DHCP servers. The list of authorized servers can be created in the Active Directory through the DHCP snap-in.