How can I collect info on DHCP lease that are given out

Posted on 2009-02-19
Last Modified: 2012-05-06
We have several locations behind routers and each is on its own subnet and each has its own Windows 2003 DHCP Server. The DHCP works fine but occassionally I see outside computers have gotten an address from us. Usually an iPhone or the like but sometimes a laptop. How can I get some kind of notification of a lease for PC name that does not match those on our network?
Question by:LarryDAH
    LVL 21

    Accepted Solution

    Maybe that's what you're looking for!?

    Hope that helps.
    LVL 22

    Expert Comment

    You'll have to write a moderately difficult VBScript in order to do this.  The problem is that VBScript cannot directly access the DHCP server so it will have to rely on shelling to the NETSH command to query the DHCP server for the scope.  Attached you'll find an example of how to do this from Robbie Allen's website (I modded it to handle server names).

    Once you have the scope info in the script, you'll have to trim out the non-scope stuff (header, etc) until you have the raw scope info.

    Next you'll have to do some string comparisons to see if the leasors name doesn't match your naming criteria.  If it doesn't then you can send an email via VBScript to a distribution group on your Exchange server using the code at the following link:
    'Modded by Paka to cover \\servername format
    ' This code displays the leases for the specified scope
    ' ---------------------------------------------------------------
    ' From the book "Windows Server Cookbook" by Robbie Allen
    ' ISBN: 0-596-00633-0
    ' ---------------------------------------------------------------
    ' ------ SCRIPT CONFIGURATION ------
    strScope = ""
    strServer = "dj-dc01"' leave blank for local server
    ' ------ END CONFIGURATION ---------
    if strServer <> "" then
      strServer = "\\" & strserver
    end if
    'wscript.echo strServer
    strCommand = "netsh dhcp server " & strServer & " scope " & strScope & " show clients"
    ' command: netsh dhcp server \\<ServerName> scope show clients
    WScript.Echo "Running command: " & strCommand
    set objShell = CreateObject("Wscript.Shell")
    set objProc  = objShell.Exec(strCommand)
       WScript.Sleep 100
    Loop Until objProc.Status <> 0
    if objProc.ExitCode <> 0 then
       WScript.Echo "EXIT CODE: " & objProc.ExitCode
       WScript.Echo "ERROR: " & objProc.StdErr.ReadAll
    end if
    WScript.Echo "OUTPUT: " & objProc.StdOut.ReadAll

    Open in new window

    LVL 3

    Expert Comment

    Set leasing IP to only specific MAC address (XX:XX:XX:XX:XX:XX).

    DHCP1 will lease IPs only for computers with MAC1, MAC2 ... MAC 10
    DHCP2 will lease IPs only for computers with MAC11, MAC12 ... MAC 20
    DHCP3 will lease IPs only for computers with MAC21, MAC22 ... MAC 30 etc.

    Look here:
    ..."When a device or computer tries to connect to network, it will first try to obtain an IP Address from any available DHCP Server. When installed, the DHCP Server Callout DLL checks if this device MAC Address is present in known list of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP Address from the DHCP. Otherwise, the device requests will be ignored based on the action configured by administrator."
    LVL 15

    Expert Comment

    If its an Iphone or a laptop thats getting this sounds like a wireless access point somewhere that doesnt have any encryption on the network.  I would check the routers or any wireless access points you have and either turn off wireless if its not in use or place a strong WPA encryption pass on them if they are in use.
    LVL 3

    Expert Comment

    Venom96737  is right, this can be the problem. But almost all access points have DHCP server build in, so turn off DHCP on access points (if there one is), and set filters for this AP (only hardware listed in (MAC address) can be connected to AP). And of course, secure this AP (WPA2).

    Author Closing Comment

    This is a start but as it is at the moment it does not work for me but I can play around with it in my spare time.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    Learn about cloud computing and its benefits for small business owners.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now