Solved

Why should I use Microsoft verus ISC (Linux-based) DHCP in an Active Directory environment?

Posted on 2008-06-12
8
531 Views
Last Modified: 2012-08-14
My organization will utilize reserved DHCP assignments almost exclusively for IP connectivity, and as such DHCP must be robust and highly available. For that reason, I am very interested in ISC's DHCP failover feature. However, of prime importance is that our DHCP implementation constitutes no significant loss of features or incompatibility with Active Directory.

1. Will ISC's DHCP implementation work well with Active Directory?
2. Can an ISC DHCP server seamlessly substitute an authorized Windows DHCP server in Active Directory? Can it be established as the exclusive authorized server for Microsoft clients at all?
3. Have you any experience using this failover feature with Windows DHCP clients? If so, does it work well?
4. Lastly, are there any really hard-hitting reasons why, from either an administrative or functional perspective, I might prefer Windows to ISC DHCP with Active Directory?

Thanks in advance, and please be civil. :)
0
Comment
Question by:carnesc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 21772748

1. Yes, although if DHCP is updating DNS things get rather tricky. You're likely to have to go with non-secure dynamic updates.

However, if all your clients are 2000 and above they can update DNS directly so that doesn't normally constitute a big loss and you're back on secure updates only.

2. As far as I know, no.

3. As far as I'm aware Windows DHCP doesn't have a fail-over feature. You can, however, configure a Split Scope so both servers can hand out valid addresses for a subnet (without overlapping assignable scopes).

That means that reservations and scope options have to be configured on each server as well. Administratively a bit too heavy and way behind the preferred fail-over mechanism.

4. Not really. Windows DHCP is rather basic. It does have a few specific options, such as the ability to disable NetBIOS over TCP/IP, but nothing fundamental.

The DHCP team were asking for feedback on how Windows DHCP could be improved not so long ago. If some of the suggestions (including scripting support and fail-over) go ahead it will be more manageable and perhaps then there's an argument to maintain Windows DHCP over ISC's.

HTH

Chris
0
 

Author Comment

by:carnesc
ID: 21774812
Wow. Coming from a Windows administrator, that's quite a plug for ISC! I suspected as much.

Regarding question three, I meant to ask in terms of user experience using ISC's DHCPd and failover feature with Windows clients, not Windows DHCP.

Incidentally, I looked into the split scope option, and administratively speaking, I agree it's pretty lame by comparison with ISC's failover. If I went with Windows, I would use it in a virtual machine and simply rely on speedy restores from virtual disk backups.

But back to my point: Have you used ISC with Windows clients in an AD environment? Just curious how well it worked and what glitches you may have noticed with ISC's failover (if used).

Much appreciated.
0
 

Author Closing Comment

by:carnesc
ID: 31466674
Just wondering if you've noticed any issues using ISC failover.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 21813486

My apologies, forgot to write up a response.

I've not had any problem, the transition between servers has been invisible to the user end, with only a tiny outage while the servers change.

Chris
0
 

Author Comment

by:carnesc
ID: 21818848
Thanks Chris. If you don't mind my asking, what OS are you running it on, and with what tool do you manage it?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21820370

Solaris, and it's managed on the command line :)

Chris
0
 

Author Comment

by:carnesc
ID: 21822383
Oh, the Humanity! :)

Thanks Chris. I appreciate your input.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21822925

No problem, good luck :)

Chris
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question