Solved

DHCP Best Practice in Virtual Setup

Posted on 2013-11-21
6
571 Views
Last Modified: 2013-11-22
What is the best way to handle DHCP on my network. I have two physical domain controllers. I also have two Hyper V servers that run my virtual servers. Currently my router is temporarily handling DHCP.

The domain controllers are a primary and backup with DNS. If i install DHCP on one of those servers I can only do it on one.  I don't think DHCP replicates to the other dmc.

Or could I create a cluster and have DHCP failover some how if one goes down? I never heard of anyone clustering domain controllers because they automatically replicate.

Or would it be better to create a third domain controller that was virtual machine? What is the best way to do this. I also want to add NTP time adjustment for network. I figured where ever i put the DHCP I would put NTP.
0
Comment
Question by:MEATBALLHERO
6 Comments
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 167 total points
Comment Utility
You could take a look at using a split scope between the two dhcp servers.

http://blog.thesysadmins.co.uk/configuring-dhcp-split-scope-in-server-2008-r2.html
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
you didn't specify what version of windows you have
if 2012, you can do dhcp in failover cluster if you meet the system requirements for your servers

Step-by-Step: Configure DHCP for Failover
http://technet.microsoft.com/en-us/library/hh831385.aspx

in previous versions this was not possible; and you are correct, dhcp doesn't replicate since it's not AD integrated like DNS.  if you have earlier than 2012, then split scope as mentioned above is a good solution

as far as your time server goes, configure it on the domain controller that has the PDC emulator role

How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 166 total points
Comment Utility
> If i install DHCP on one of those servers I can only do it on one.  I don't think DHCP replicates to the other dmc.

DHCP does not work in the same way as DC. it does not replicate its scope to other DHCP servers.

> Or could I create a cluster and have DHCP failover some how if one goes down?

yes, you can. as a critical network services for LAN, DHCP failover should be considered. a DHCP cluster is an option, an easier way to do that is to use the 80/20 design rule for balancing scope distribution of addresses. see below the details.

DHCP Best Practices
http://technet.microsoft.com/en-us/library/cc780311%28v=ws.10%29.aspx

> I never heard of anyone clustering domain controllers because they automatically replicate.

DC can be clustered too. the clustered two nodes (or more) do not replicate AD info to each other as they are acting like a single computer. from the point of view of other client computers, they are a single server sharing the same IP address and server name.

a physical cluster is just a locally single computer.

> Or would it be better to create a third domain controller that was virtual machine?

DHCP services have no problem to be virtualised.

> What is the best way to do this.

Read the above official best practice.

> I also want to add NTP time adjustment for network. I figured where ever i put the DHCP I would put NTP.

NTP server can be assigned to the client computers by adding its DHCP options. see below DHCP Option 42 for details.

DHCP Tools and Options
http://technet.microsoft.com/en-us/library/dd145324%28v=ws.10%29.aspx
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 5

Expert Comment

by:Kwoof
Comment Utility
This is only available in Server 2008 R2 and Server 2012.  If you have older servers then you can accomplish in a similar fashion by putting having each server handle enough address for the whole network that are on the same subnet such as 10.0.1.1-250 on one server and 10.0.2.1-250 on the other, but with the same 255.0.0.0 subnet.
0
 

Author Comment

by:MEATBALLHERO
Comment Utility
I have 2008 Server R2 with SVC pack 1 and all updates
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 167 total points
Comment Utility
in that case splitting your scope is your best way to go for redundancy
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now