Authorizing DHCP Servers in Active Directory

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

An unauthorized DHCP server on a network can cause a variety of problems, such as the leasing of incorrect IP addresses and options. To protect against this type of problem, when a Windows 2000 or Windows Server 2003 domain member DHCP server attempts to start on the network, it first queries Active Directory. The DHCP server compares its IP address and server name to the list of authorized DHCP servers. If either the server name or IP address is found on the list of authorized DHCP servers, the server is authorized as a DHCP server. If no match is found, the server is not authorized in Active Directory and does not respond to DHCP traffic. The process of authorizing DHCP servers is useful for only Windows 2000–based or Windows Server 2003–based DHCP servers. This process cannot be used for DHCP servers running Windows NT Server, or servers running non-Windows-based DHCP services. Only a member of the Enterprise Admins group can authorize or unauthorize a DHCP server in Active Directory.

Important

• You must be logged in as an enterprise administrator to authorize a DHCP server.

To authorize a DHCP server in Active Directory

1. In the DHCP snap-in, right-click DHCP.

2. Select Manage authorized servers.

3. In the Manage Authorized Servers dialog box, click Authorize.

4. In the Authorize DHCP Server dialog box, type the name or IP address of the DHCP server, and then click OK.

Note

• Detection of unauthorized DHCP servers requires the deployment of Active Directory and the DHCP service running on Windows 2000 or Windows Server 2003. Other DHCP servers do not attempt to determine whether they are authorized by Active Directory before offering IP address leases.