You can quickly import DHCP on a new machine running the same version of Windows using NETSH
https://technet.microsoft.com/en-us/library/dd759224(v=ws.11).aspx Regards, *ASB* On Thu, Nov 30, 2017 at 12:46 PM, David Lum <d...@theitgarage.com> wrote: > I've pulled DHCP off all our DC's and it wasn't too tough for the network > team to accomodate. Using DHCP failover took a bit more work for us to > perfect. Using failover you by definiton copy the confif to the new > server....stand up new dhcp server, config as failover, then stand down > DHCP on the domain controller and decondigure failover once the new server > is confirmed to hand out IP's. (Assuming Win DHCP servers). > > Totally worth it in our opinion. > > Dave > > On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife < > joseph.hea...@wildlife.ca.gov> wrote: > > Problem with that, is that I’d really like to keep the same IP for the > DHCP server. My network team has that in all their switches around the > state as ip-helper entries. > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Webster > *Sent:* Thursday, November 30, 2017 7:45 AM > > *To:* ntsysadm@lists.myitforum.com > *Subject:* RE: [NTSysADM] DHCP role > > > > I would migrate DHCP first. > > > > Webster > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Heaton, > Joseph@Wildlife > *Sent:* Thursday, November 30, 2017 9:00 AM > *To:* ntsysadm@lists.myitforum.com > *Subject:* RE: [NTSysADM] DHCP role > > > > That’s what we’re doing as well. Not sure why, but our service account is > member of DNSUpdateProxy, but also a member of DNSAdmins. Anyone have an > idea why that group? I didn’t set this up initially, I’m just trying to > get things in best practices, and address a current issue I’m working > through, of replacing a DC, that happens to be our main DHCP server. My > thoughts at the moment, are to add a new DC, with only DC roles. Then, > DCpromo the old DC (with DHCP), then migrate DHCP to a new server, that is > only a member server, not a DC. > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Mark > Gottschalk > *Sent:* Wednesday, November 29, 2017 6:21 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* Re: [NTSysADM] DHCP role > > > > https://blogs.technet.microsoft.com/stdqry/2012/04/ > 03/dhcp-server-in-dcs-and-dns-registrations/ > https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx > > This is what we've done with DHCP on DC. Have a user "DHCP_user" in > Protected User group, DNSUpdateProxy group. Use this for alternate > credentials. > > Note that first article says: > *"A common error is to think that the DHCP Server service running in a DC > will use its service account security context to register records in DNS if > no alternate credentials are configured, and then there is security risk. > In fact, this is not the behavior of the DHCP Server in a DC.* > > *If the DHCP Server service detects that it is running in a domain > controller, and no alternate credentials for DNS registrations have been > configured, then it decides to not do any registrations for DHCP clients > and logs event DHCP/1056."* > > It also starts with: > *"One common deployment scenario for the DHCP Server service is to have it > installed in domain controllers. When this scenario is used it is necessary > to define the alternate credentials to be used by DHCP when doing DNS > registrations on behalf of the DHCP clients."* > > If you can separate them with no downside, go for it. However, running > DHCP on a DC appears to be accounted for and can be addressed by above. > > -- Mark > > > > > From: "Heaton, Joseph@Wildlife" <joseph.hea...@wildlife.ca.gov> > To: 'NT System Admin Issues Discussion list' < > ntsysadm@lists.myitforum.com> > Date: 11/29/2017 02:49 PM > Subject: [NTSysADM] DHCP role > Sent by: "listsad...@lists.myitforum.com" <listsadmin > ------------------------------ > > > > Is it still best practice to have DHCP NOT on a DC? I’ve been reading a > bunch of stuff, but everything I’m reading refers to Server 2003 or older. > > > > Joe Heaton > > Information Technology Operations Branch > > Data and Technology Division > > CA Department of Fish and Wildlife > > 1700 9th Street, 3rd Floor > > Sacramento, CA 95811 > > Desk: 916-323-1284 <(916)%20323-1284> > > > >
