?
Solved

DHCP Authorize/Unauthorize in AD using Netsh

Posted on 2010-11-15
4
Medium Priority
?
1,265 Views
Last Modified: 2012-05-10
Having a strange issue.  I'm trying to add a new dhcp server at a site, but cannot properly authorize/unauthorize DHCP.  I believe this is due to leftover baggage in AD from a previous DC with the same name/IP.  When I run a netsh dhcp show server, it shows me two authorized DHCP servers at that site, but both contain incorrect information, yet one is currently authorized and performing DHCP without issue.  Does AD key off the DNS name, IP address or both when authorizing a dhcp server?  For example,  here's what I see in AD > 

Server [ChicagoDC.sub.domain.com] Address [10.28.32.47] Ds location: cn=ChicagoDC.sub.domain.com

Server [ChicagoDC1.sub.domain.com] Address [10.28.32.48] Ds location: cn=ChicagoDC.sub.domain.com

The server that's currently up and running and serving DHCP properly is  ChicagoDC.sub.domain.com, but it's IP address is really 10.28.32.48 so both AD entries are technically incorrect.  I could delete them both, but I'd like to avoid breaking the current DHCP server if possible.

Ultimately, I'm trying to move DHCP from ChicagoDC [10.28.32.48] to Chicago DC1 [10.28.32.49].  I know how to move it, but cannot get it to work on ChicagoDC1 due to the mixup in AD.

Any thoughts on how to clean up the incorrect DHCP info in AD?

Thanks!
0
Comment
Question by:dkraut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 5

Assisted Solution

by:mittermueller
mittermueller earned 600 total points
ID: 34137797
You may user ntdsutil with metadata cleanup (after a backup of AD).
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 400 total points
ID: 34137813
Are you using an account that is in the enterprise admin group when trying to authorize the DHCP server?

Thanks

Mike
0
 

Author Comment

by:dkraut
ID: 34138239
Yes Mike,  I'm pretty sure the issue is being caused by the twisted up DHCP settings in AD.  
0
 
LVL 24

Accepted Solution

by:
Awinish earned 1000 total points
ID: 34143186
You can remove the entry from ADSIEDIT.MSC & remove wrong or which is not authorizing.

http://blogs.technet.com/b/networking/archive/2009/02/27/old-dhcp-servers-appear-in-the-list-of-authorized-servers-after-a-domain-rename.aspx

Delete the scope & recreate it & it should work.

The enterprise admin account is required when you have multiple domain to authorize dhcp else domain admin membership account is sufficient.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question