Solved

Why should I use Microsoft verus ISC (Linux-based) DHCP in an Active Directory environment?

Posted on 2008-06-12
8
525 Views
Last Modified: 2012-08-14
My organization will utilize reserved DHCP assignments almost exclusively for IP connectivity, and as such DHCP must be robust and highly available. For that reason, I am very interested in ISC's DHCP failover feature. However, of prime importance is that our DHCP implementation constitutes no significant loss of features or incompatibility with Active Directory.

1. Will ISC's DHCP implementation work well with Active Directory?
2. Can an ISC DHCP server seamlessly substitute an authorized Windows DHCP server in Active Directory? Can it be established as the exclusive authorized server for Microsoft clients at all?
3. Have you any experience using this failover feature with Windows DHCP clients? If so, does it work well?
4. Lastly, are there any really hard-hitting reasons why, from either an administrative or functional perspective, I might prefer Windows to ISC DHCP with Active Directory?

Thanks in advance, and please be civil. :)
0
Comment
Question by:carnesc
  • 4
  • 4
8 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 21772748

1. Yes, although if DHCP is updating DNS things get rather tricky. You're likely to have to go with non-secure dynamic updates.

However, if all your clients are 2000 and above they can update DNS directly so that doesn't normally constitute a big loss and you're back on secure updates only.

2. As far as I know, no.

3. As far as I'm aware Windows DHCP doesn't have a fail-over feature. You can, however, configure a Split Scope so both servers can hand out valid addresses for a subnet (without overlapping assignable scopes).

That means that reservations and scope options have to be configured on each server as well. Administratively a bit too heavy and way behind the preferred fail-over mechanism.

4. Not really. Windows DHCP is rather basic. It does have a few specific options, such as the ability to disable NetBIOS over TCP/IP, but nothing fundamental.

The DHCP team were asking for feedback on how Windows DHCP could be improved not so long ago. If some of the suggestions (including scripting support and fail-over) go ahead it will be more manageable and perhaps then there's an argument to maintain Windows DHCP over ISC's.

HTH

Chris
0
 

Author Comment

by:carnesc
ID: 21774812
Wow. Coming from a Windows administrator, that's quite a plug for ISC! I suspected as much.

Regarding question three, I meant to ask in terms of user experience using ISC's DHCPd and failover feature with Windows clients, not Windows DHCP.

Incidentally, I looked into the split scope option, and administratively speaking, I agree it's pretty lame by comparison with ISC's failover. If I went with Windows, I would use it in a virtual machine and simply rely on speedy restores from virtual disk backups.

But back to my point: Have you used ISC with Windows clients in an AD environment? Just curious how well it worked and what glitches you may have noticed with ISC's failover (if used).

Much appreciated.
0
 

Author Closing Comment

by:carnesc
ID: 31466674
Just wondering if you've noticed any issues using ISC failover.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 70

Expert Comment

by:Chris Dent
ID: 21813486

My apologies, forgot to write up a response.

I've not had any problem, the transition between servers has been invisible to the user end, with only a tiny outage while the servers change.

Chris
0
 

Author Comment

by:carnesc
ID: 21818848
Thanks Chris. If you don't mind my asking, what OS are you running it on, and with what tool do you manage it?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21820370

Solaris, and it's managed on the command line :)

Chris
0
 

Author Comment

by:carnesc
ID: 21822383
Oh, the Humanity! :)

Thanks Chris. I appreciate your input.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21822925

No problem, good luck :)

Chris
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question