The DHCP server greatly reduces the administrative task of configuring workstations with an IP address and the appropriate TCP/IP settings for your network. Before installing the DHCP server, determine your IP addressing scheme. (See Chapter 12.) You must also complete these additional steps before installing DHCP:
To install the DHCP service, follow these steps:
Figure 6-14. Setting up DHCP using the Configure Your Server tool.
TIP
If you want to install DHCP service on a server that isn't a domain controller, you'll need to tell Active Directory about it. After installation, open DHCP from the Administrative Tools menu. Highlight DHCP in the console tree, and then choose Browse Authorized Servers from the Action menu. Click Add, and then type in the name or IP address of the DHCP server to authorize.
REAL WORLD Using Multiple DHCP Servers
If you plan to use multiple DHCP servers on a subnet for load-balancing and redundancy, configure a superscope on each DHCP server that contains all valid scopes for the subnet as member scopes. Then configure a member scope on each server that has the other servers' addresses excluded so that no addresses appear in both servers' address pools. A good division is to give 80 percent of the addresses to the primary DHCP server and 20 percent to the secondary server.
Now you're ready to launch the DHCP Manager and create a new scope of IP addresses for the DHCP server to manage. But before you can do this, make sure you know which range of IP addresses are approved, which IP addresses need to be excluded for systems with static IP addresses, and which IP addresses need to be reserved for DNS or WINS servers. To open DHCP Manager and create your new scope, follow these steps:
Figure 6-15. The Scope Name screen of the New Scope Wizard.
Figure 6-16. The IP Address Range screen of the New Scope Wizard.
MORE INFO
A good source of information on the complex subject of choosing subnet masks is the book Microsoft TCP/IP Training (Microsoft Press, 1997).
REAL WORLD Setting Lease Durations
Use longer leases for networks without redundant DHCP servers to permit more time to recover an offline DHCP server before clients lose their leases, or to minimize network traffic at the expense of less frequent address turnover. You can also use longer leases if scope addresses are plentiful (at least 20 percent available), the network is stable, and computers are rarely moved about. In contrast, scopes that support dial-up clients can have shorter leases and therefore function well with fewer addresses.
Figure 6-17. The Domain Name And DNS Servers screen of the New Scope Wizard.
After you've set up your DHCP server and created the scopes, you need to activate the scopes before any clients can use the server to obtain an IP address. Before scopes can be activated, the server has to be authorized to give leases, unless you installed DHCP on a domain controller, in which case the DHCP server will be authorized automatically the first time you add the server to your DHCP Manager console. Authorizing a DHCP server is an important option that Windows 2000 provides to reduce the ability of hackers to set up rogue DHCP servers—unauthorized servers set up to hand out false IP addresses to clients. To authorize your DHCP server after installing the service, follow these steps:
Don't activate a scope until you've finished selecting all the options you want. Once you've activated a scope, the Activate command on the menu changes to Deactivate. Don't deactivate a scope unless it's being permanently retired from the network.
Reservations are handy items that you can use instead of static IP addresses (which require exclusions) for all servers (except DHCP servers) that need to maintain a specific IP address, such as DNS and WINS servers. Using reservations instead of static addresses guarantees that a server will have a consistent IP address while also providing the ability to recover the IP address in the future if the server is decommissioned or moved. You should create the reservation on all DHCP servers that could potentially service the reserved client. To add an address reservation to a scope, follow these steps:
Figure 6-18. The New Reservation dialog box.
NOTE
To obtain the MAC address, go to the client computer and type ipconfig /all at the command prompt. The MAC address is listed as the physical address.
The Windows 2000 DHCP and DNS servers now support dynamic updates to a DNS server—a feature that any administrator who has had to manage a static Windows NT 4 DNS server (or the like) will appreciate. Windows 2000 clients can dynamically update their forward lookup records themselves with the DNS server after obtaining a new IP address from a DHCP server.
In addition, the Windows 2000 DHCP server also supports dynamically updating the DNS records for pre–Windows 2000 clients that can't do it for themselves. This feature currently works only with the Windows 2000 DHCP and DNS servers. The Internet proposal for dynamic updates between DNS servers was in draft form during the creation of Windows 2000, but greater compatibility might be implemented soon after release. To enable a DHCP server to dynamically update the DNS records of its clients, follow these steps:
Figure 6-19. The DNS tab of the Main Scope Properties window.
TIP
If you have static DNS servers such as those in Windows NT 4, these servers can't interact dynamically when DHCP client configurations are changed. This incompatibility can result in failed lookups for DHCP clients. To avoid this problem, upgrade static DNS servers with DNS that supports Dynamic DNS (Windows 2000).
On a DHCP-enabled computer that's running Windows, you can run a command-line utility to release, renew, or verify the client's address lease. At a command prompt (or in the Run window), use one of the following commands:
For Windows 95/98 clients, use Winipcfg with the same parameters. The Ipconfig program is useful when troubleshooting problems because it displays every detail of the current TCP/IP configuration. You can find more troubleshooting information in Chapter 37.