DHCP lease Assigning with AD

Posted on 2015-02-17
Last Modified: 2015-02-17

I was wondering what happens with a DHCP Server assigning leases if there are no links to Domain Controllers available

Can anyone send me links to TechNet or any relevant articles

Question by:nico-
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1

Expert Comment

by:Jelle Dedoyard
ID: 40613986
I do not know what you mean by this but a dhcp server is on its own. It does not have any links to AD. It can however auto register dns items for name resolution but that has nothing to do with AD and you have configure this option so it is not mandatory.

Author Comment

ID: 40614059
If the DHCP server cannot contact an AD Server (WAN link down). Considering it has to be authorised by AD.
Links please as i need something to refer to

Expert Comment

by:Jelle Dedoyard
ID: 40614085
DHCP is not authorised by AD. It works at a different level. AD has nothing to do with it unless you use some very specific software that i do not know about. It only distributes IP addresses and might register the name of the computer in the DNS server if you specified that.

Link about what a dhcp server is and what it does:
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users


Author Comment

ID: 40614132
But you do DHCP authorise in AD :-

I wondered what happens in the background for authentication is the DC connectivity is broken

Expert Comment

by:Jelle Dedoyard
ID: 40614171
right I'm going to shut up now... you are absolutely right. I never had this issue because I have always used a dhcp server on a DC or non windows dhcp (like watchguard, cisco etc).

My bad... sorry.
LVL 37

Expert Comment

ID: 40614353
If DHCP server is already authorized, it will lease out IP addresses no matter DC is present or not

However if its not authorized with AD, probably it cannot lease IP no matter DC is online or offline
(Not applicable to DHCP server in workgroup)

Now wrt client logon, assuming if DC is offline, client will get IP lease from DHCP and if this computer and user has previously logged on, he will continue to logon with cached credentials

For new users and computers, they won't logon as DC is unavailable however they will get DHCP lease

because once authorized, DC offline \ online status won't stop DHCP from leasing out IP addresses

To prove this:
Consider branch with remote DC and with onsite DHCP and link got down, DHCP still leasing IP

Author Comment

ID: 40614411
Thanks Mahesh

I was thinking along the line of SCCM client builds taking a DHCP address whilst using F12/PXE boot.

So basically the build can go ahead, but nothing else.  As you say, cached logons would work (if not set otherwise by GPO for security) but new users etc could not logon as no DC to authenticate against
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40614804
Also, if a machine gets a lease and DHCP is not available the lease will continue to function on that machine until it is released locally.

LVL 37

Accepted Solution

Mahesh earned 500 total points
ID: 40614914
You are right.
Yes cached logons will always work unless restricted by GPO
Also users who are trying to logon 1st time and if at that time DC is not available they also won't logon because they don't have cached credentials on workstation.

Author Comment

ID: 40615460
Thanks for your help Mahesh

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question