Windows Server

Configuring DHCP Scope: Post-deployment of Dynamic Host Configuration Protocol

A DHCP Server assigns IP addresses to client computers. This is very often used in enterprise networks to reduce configuration efforts. All IP addresses of all computers are stored in a database that resides on a server machine. In this article, we shall discuss “Configuring DHCP Scope: Post-deployment of Dynamic Host Configuration Protocol”. For more information on DHCP, see the following guides on how to automatic IP Assignment: Dynamic Host Configuration Protocol (DHCP), see “how does Dynamic Host Configuration Protocol work” and “how to install Dynamic Host Configuration Protocol on Windows Server 2019“.

As you can see from the image below, merely installing the DHCP role does not complete the DHCP configuration. Also as you can see on the Server, “DHCP” as one of the options on the left pane of the window. 

Complete DHCP Configuration

Step 1: DHCP Post Installation

From the notification icon as shown above. Click on complete DHCP configuration. This will open the DHCP Post-Install Wizard as shown below

On this page of the Wizard, you are presented with three options. You can proceed with the Administrator’s credentials, an alternate user’s credentials and also AD Authorization. If your server is standalone and is not in any Active Directory Domain, then choose “Skip AD authorization” radio.

Note: Choose Skip AD authorisation if your server is on a workgroup. In my case, it is not in a workgroup but rather in a domain environment.

I will select the default as the DHCP server is part of the Domain. Click on Commit.

Next, navigate back to Server Manager, Click on Tools and Select DHCP. This will open the DHCP Configuration Window as shown below

Alternatively, the DHCP Manager can be launched in the following ways.

Click on the “DHCP” server, and under the servers, right-click and select “DHCP Manager”.

This will open DHCP Configuration Window as shown below

Step 2: DHCP Scope Creation and Configuration

On the left pane of the window, expand the drop-down as shown above. Right-click on “IPv4” then choose “New Scope“.

A new scope wizard window will pop up as shown below. Click “Next

On the “New Scope Wizard”, click on Next

Enter a “Scope Name” and “description” as shown below

Input your start IP Address and end Address as shown below, Length and Subnet Mask and then click on “Next” as shown below

On the “Add Exclusion and Delay Page”, you can reserve some IPs’ in the range server that will require static IP addresses such a printer, routers etc.

Note: You can set the delays in milliseconds.
screenshot 2020 05 10 at 19.26.23
screenshot 2020 05 10 at 19.28.09 1
screenshot 2020 05 10 at 19.28.09 1

Lease duration is the time the DHCP Server will give a specific computer or client an IP before changing it or giving it another IP address when the server connects to the network again.

– I have set mine to 24 days, you can set yours to a specific duration.
– Click on Next.

On this page, click “Next” in order to configure the DHCP Options as shown below

Set Default Gateway of the Subnet

Enter the Default Gateway of the Subnet as shown below.  Enter the right Default Gateway address that the clients will be assigned during lease time.

Click Add and click on Next as shown below

screenshot 2020 05 10 at 19.35.37
screenshot 2020 05 10 at 19.36.15

Enter the DNS information

Most times, this information is automatically filled out in a domain environment.

Note: DNS is very vital because it helps in resolving FQDN to IP Address. Click on Next

WINS Server

This step is Optional. If you would like to use WINS Server in your environment, then input the details in this step and Click on Next.

For me, I will leave this blank and click on next.

Activate the scope

If you would like to activate the scope immediately, select, “Yes, I want to activate the scope now

If you would wish to activate it later, choose the second radio option.

Now the scope creation is complete for the DHCP Server Configuration.

As we can see now from the DHCP Manager console, the scope is now active and the configs are present as it appears on the console as shown below.

Note: If you have segmented your LAN/Network into VLANS, simply create other scopes as shown above for those VLANS then configure your router to get IPs’ from the DHCP Server accordingly.

FAQs on Post-deployment of Dynamic Host Configuration Protocol

How can I optimize DHCP Server performance after Setting it up?

To optimize DHCP Server performance, please follow these suggestions below
1: Shorter lease times can help manage IP address allocation more efficiently.
2: When working with multiple subnets, configure DHCP relay agents to forward DHCP requests to the appropriate DHCP server.
3: Remove expired leases and duplicate IP addresses to free up resources.
4: Ensure your DHCP server has adequate network resources such as CPU, Memory etc.

I am out of available IP addresses in my DHCP pool after deployment. What can I do?

1: Increase the size of your DHCP address pool to accommodate more devices.
2: Try reducing the lease times as this will result in faster IP address turnover. Thereby, freeing up addresses more quickly.
3: Create smaller subnets to distribute the load and allocate IP addresses more efficiently.
4: You may consider transitioning to IPv6 as it offers larger address space compared to IPv4.

How can I protect my DHCP against unauthorized access and attacks?

1: You can achieve this by using DHCP server authorization. In this way, only authorized DHCP servers will be allowed on your network. This can be configured in Active Directory to prevent rogue DHCP servers.
2: Enable DHCP snooping on managed switches. This will prevent DHCP-related attacks, such as rogue DHCP servers or IP spoofing.
4: Implement segmentation by using VLANs to segment your network and restrict DHCP traffic to authorized segments only.
5: Frequently update and apply patches to your DHCP servers. This will mitigate known vulnerabilities.

How do I troubleshoot DHCP after deployment?

The first point of contact would be from the DHCP logs.

I hope you found this blog post helpful on “Configuring DHCP Scope: Post-deployment of Dynamic Host Configuration Protocol”. If you have any questions, please let me know in the comment session.

Notify of

Newest Most Voted
Inline Feedbacks
View all comments
3 years ago

I’ve noticed a DC I’ve taken over still hasn’t completed the Wizard, what are the implications of this?

Would love your thoughts, please comment.x