Microsoft II

Lab #4.3 – Adding and Configuring DHCP on a Windows Server

Description In this lab, students will:

• Add the DHCP Role to their domain.
• Configure a DHCP scope with all the settings.
Total Points 25 points

Instructions
Lab Information

This lab's setup information can be found in the Lap Setup Information folder in the Start Here!
Folder in the Content section of Brightspace. Always check this document for the information
and setup of the lab.

Introduction
Dynamic Host Configuration Protocol (DHCP) enables a Windows Server 2019\2022 server
with DHCP services to detect the presence of a new workstation and assign an IP address to
that workstation. This capability enables a network or server administrator to save hours of
time by not having to keep track of IP addresses on a network and assign specific addresses
to users and network devices.

A Windows Server 2019\2022 server can be configured in the role of a DHCP server using
Microsoft DHCP services. When you set up a Microsoft DHCP server, you can set it up to
automatically register forward and reverse lookup zone records with a Microsoft DNS server.
The DHCP server automatically updates the DNS server when it assigns an IP address. Using
dynamic DNS updates can significantly save time in creating DNS lookup zone records.
Further, a Microsoft DHCP server can be configured to dynamically register only address (A or
AAAA) records—in cases where the DNS reverse lookup zone is not configured in DNS—or
both address and PTR records.

Besides dynamic updating, a Microsoft DHCP server can:

• Reserve an IP address for a specific computer, such as for a server (servers should
always use the same IP address to avoid network confusion).

• Update all computers on a network for a particular change in DHCP settings, which
eliminates the need to manually update the computers.
 • Provide DHCP services to multiple subnetworks (subnets), as long as routers can
forward DHCP requests (routers should be compatible with RFCs 1541 and 1542,
specifications that affect routing DHCP).

• Exclude certain IP addresses from a scope, so that these addresses can be used
manually or statically set up on a particular computer or device, such as a server or
network printer.

Importantly, you can configure DHCP failover for redundancy. DHCP failover consists of
configuring two DHCP servers to lease IP addresses using the same subnet or scope. DHCP
data is replicated between the two DHCP servers so that if one goes down, clients can still use
the remaining live DHCP server. When you configure two DHCP servers for failover, you can
also configure to use load-balancing so the two DHCP servers equalize the load, giving faster
service to clients. Multiple scopes are supported in a single Microsoft DHCP server because it
is often necessary to assign different address ranges. You can accomplish this by creating two
scopes, such as one range that is 192.168.10.1 to 192.168.10.122 and another that is
192.168.20.10 to 192.168.20.182. As this example illustrates, you can assign address ranges
to reflect the network subnet structure or other network divisions. Alternatively, to consolidate
management of scopes you can create one scope using the combined range of 192.168.10.1
to 192.168.20.182, and then exclude a range of addresses from within the scope.

Task #1 - Adding The DHCP Role (5 Points)

We have a DC online (DC1SERVER), which requires the DHCP Server Role to be installed, a
scope created, and the server authorized.

1. Open Server Manager, if necessary.

2. Click Manage and click Add Roles and Features.

3. If you see the Before you begin window, click Next.

4. Make sure that Role-based or feature-based installation is selected in the Select

installation type window. Click Next.

5. In the Select destination server window, ensure your server is selected and click Next.

6. Click the box for DHCP Server in the Select server roles window.
7. Click Add Features in the Add Roles and Features Wizard box (to install the DHCP
management tool). Leave Include management tools checked.

8. Click Next in the Select Server roles window.

9. Click Next in the Select features window.

10. In the DHCP Server window read the information. Note the best practices advice to
configure at least one static IP address for the DHCP server and to create and store a
plan for subnets, scopes, and exclusions. Click Next.
 11. Click Install in the Confirm installation selections window.

12. Click Close.

13. Leave Server Manager open.

Task #2 - Configuring a DHCP Server: Scoping it out! (10 points)

After DHCP is installed, it is necessary to configure the DHCP server. First, set up one or more
scopes of contiguous address ranges and activate each scope. Configuring a scope includes
the following:
• Obtain the range of addresses to be used.
• Determine the subnet mask for the range of addresses.
• Decide on a name for the scope, such as naming it to reflect the name of a department
or division in your organization.
• Decide how long to lease IP addresses.
• Determine whether to exclude specific addresses.

Second, authorize the DHCP server. The process of authorizing the server is a security
precaution to make sure IP addresses are only assigned by DHCP servers that are managed
by network and server administrators. The security is needed because it is critical for IP
address leasing to be carefully managed by ensuring that only valid IP addresses are used
and that there is no possibility that duplicate IP addresses can be leased. DHCP servers that
are not authorized are prevented from running on a network.

Third, a step that is not required but is highly recommended and saves time in managing DNS
is to configure the DHCP server and its clients to update DNS records automatically.

14. If necessary, open Server Manager.

15. Click Tools and click DHCP.

16. In the tree in the left pane of the DHCP window, double-click the name of the server
under DHCP, to view IPv4 and IPv6 listed under the server name.
17. In the left pane, click IPv4 to view the configuration information in the middle pane.
Right click IPv4 and click New Scope.

18. Click Next after the New Scope Wizard starts.

19. Enter a name for the scope so it is easy for you to identify as you maintain it, we will
use OSSE1091 Scope, and enter a description for the scope, we will use Primary
Scope. Click Next.

20. Enter the start and end IP addresses, 172.16.1.1 and 172.16.1.100 - To go from field to
field, press the period key (when you enter fewer than three numbers). Change the
subnet mask to 255.255.255.0 - Click Next. (Tip - a length of 24 is 255.255.255.0).

21. In the Add Exclusions and Delay window, enter an address range to exclude, Start IP
Address 172.16.1.1, End IP Address 172.16.1.49 and click Add.
22. Click Next.

23. You can now configure the lease duration.

24. Change the default lease time to 16 days. Click Next.

25. Ensure that Yes, I want to configure these options now is selected and click Next.

26. The next dialog box offers the ability to enter an IP address for a router (default
gateway). Enter 172.16.1.1 and Click Next.

27. Enter the parent domain where DNS name resolution will occur, OSSE1091.priv (Your
domain should be entered by default). Enter the name of the DNS server and click
Resolve. You could also enter the DNS server’s IP address but entering the name and
resolving is a quick way to ensure your DNS forward lookup zone is working properly.
Click Add (unless the IP address is already displayed by default, then just click Next).
Check CAREFULLY (the address should be the DNS servers for your Domain)!

28. Click Next.

29. In the next dialog box, you can enter the names and IP addresses of WINS servers.
This would be used on networks that have old Windows Server computers in which
NetBIOS naming is used so that these names can be mapped to IP addresses. We are
not using any servers requiring WINS. Click Next. (If you see the WINS Servers dialog
box, click Next.)

30. Ensure that Yes, I want to activate this scope now is selected and then click Next.

31. Click Finish.

32. Your server may be authorized by default (if you authorized it immediately after
installing the role using Server Manager), but you will likely have to authorize it. You
can verify this by right-clicking the server name in the tree. If you see the menu option
Unauthorize, this means your server is already authorized, and you should click an
open space to close the menu. If, instead, you see Authorize in the menu, click this
option to authorize the server. To make the scope truly work properly, the DHCP server
service should be stopped and started. The quickest way to accomplish this is to Right-
Click the server’s name (dc1server.osse1091.priv) go to All Tasks in the context menu
and choose the option to Restart.
 33. Leave the DHCP window open for the next activity. Also, leave Server Manager open.

When it is installed, a DHCP server is automatically configured to register IP addresses at the

DNS server, but you must also provide the DNS server’s IP addresses when you configure
each scope. Also, you can manually configure automatic DNS registration through a DHCP
server, as you learn in the next activity.

Task #3: Configuring Automatic DNS Registration (10 points)

34. Open the DHCP tool, if it is not still open.

35. Ensure the server in the left pane is expanded to show the elements under it.

36. Double-click IPv4 to select it.

37. Right-click IPv4 and then click Properties.

38. Click the DNS tab (see Figure 8-20) and ensure the box for Enable DNS dynamic
updates according to the settings below is checked. Clients running Windows 7,
8/8.1, 10, 11, Server 2012/R2, Server 2016, Server 2019 and Server 2022 operating
systems can request to update a DNS server. Ensure Dynamically update DNS
records only if requested by the DHCP clients is selected. If older operating
systems are connecting to the network, such as Windows 98 or Windows 95, which do
not request to update a DNS server, click instead Always dynamically update DNS
records - which means that the DHCP server takes the responsibility to update the
DNS server’s records every time a client obtains the IP address. Also, ensure that
Discard A and PTR records when the lease is deleted are checked so that the
DHCP server alerts the DNS server to delete a record each time a lease is up. If some
older clients are running Windows 95, 98, and NT (unlikely but possible), check
Dynamically update DNS records for DHCP clients that do not request updates
(for example, clients running Windows NT 4.0).
 39. Click OK.

40. Close the DHCP window.

41. Switch to your WIN10CLIENT, open PowerShell and issue ipconfig to verify you are
getting an IP address from your DHCP server. It should start after the excluded range
of IP addresses. You might need to use the /release and /renew switches.

42. Join your WIN10CLIENT to the domain and reboot it. Remember to use domain
credentials in this format when prompted: Domain\username or, in our case
OSSE1091\DOM-Admin or OSSE1091\ENT-Admin.

Task Fun - Installing the DHCP Role, creating a Scope and Authorizing the
DHCP Server using PowerShell
By now you should most likely expect your instructor to provide the “How To” for doing all the
above steps using just PowerShell. Luckily for you I will not disappoint you

If you want to try this you will need to delete the scope you created using the DHCP
Manager GUI.

43. Install the DHCP role using an elevated PowerShell window.

Install-WindowsFeature -Name 'DHCP' –IncludeManagementTools

44. Create the DHCP scope.

Add-DhcpServerV4Scope -Name "OSSE1091 Primary Scope" -Description
"Primary Scope" -StartRange 172.16.1.1 -EndRange 172.16.1.100 -
SubnetMask 255.255.255.0
45. Define Scope ID and set Up Lease Duration to 16 days instead of the default 8 (as per
our lab)
Set-DhcpServerv4Scope -ScopeId 172.16.1.0 -LeaseDuration 16.00:00:00

46. Add the required DNS Server, Domain, and Router Gateway Options in DHCP.
Set-DhcpServerV4OptionValue -ScopeId 172.16.1.0 -DnsServer 172.16.1.20
-DnsDomain "OSSE1091.priv" -Router 172.16.1.1

47. Add DHCP Exclusion Range.

Add-Dhcpserverv4ExclusionRange -ScopeId 172.16.1.0 -StartRange
172.16.1.1 -EndRange 172.16.1.49

48. Authorize the DHCP Server.

Add-DhcpServerInDC -DnsName "DC1SERVER.OSSE1091.priv" -IPAddress
172.16.1.20

49. Lastly restart DHCP Service to activate the scope.

Restart-service dhcpserver