Advantages & Disadvantages of having Server 2016 servers assign DHCP addresses instead of router

One of the companies I support has their SonicWALL firewall issuing the DHCP server addresses to the Windows 10 client computers.

I recently installed two physical Server 2016 servers and am now being told that it will be better to move the DHCP role from the firewall to the servers.

Some people have said that it is best to have the SonicWALL TZ600 router assign the DHCP addresses in case the Server 2016 servers go down.

The Server 2016 servers are only being used as domain controllers and for group policy for the Windows 10 client computers. The security settings are such that if the domain controller can't be reached the users can still logon to their Windows 10 computers. This organization has all of their files saved in the cloud and the servers aren't used to store anything.

The servers and network printers are all using static IP addresses.

What are the advantages & disadvantages of having the Server 2016 servers assign the  DHCP addresses instead of SonicWALL hardware  router?
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
It doesn't matter.
0
LearnctxEngineerCommented:
DHCP leases should be setup with a lease time that is suitable for a DHCP outage. For example, 8 days for your desktop type machines. This would mean if the DHCP server goes down existing clients have between 4 and 8 days to renew their lease. This is more than enough time to correct any DHCP problems or stand up a new DHCP server (most BCP plans will have high availability for DHCP or a recovery plan that can be run through in 30 minutes or so). Clients will never have a lease remaining of less than 50% of the original lease time unless there is a DHCP issue.

If you're dealing with AD, I would always recommend Windows DHCP simply because it integrates really well with AD integrated DNS especially if you're working with dynamic DNS registrations. What I would never recommend is running DHCP on a domain controller, it is very bad security practice. You're elevating the DHCP service rights way higher than it should be by virtue or the DC system account rights. But at the same time, if the client site small, maybe a few hundred computers, then just having the router issue DHCP would be fine. If you want to go the Windows DHCP route there are many advantages in terms of features available to you (DHCP high availability, DHCP policies, etc.), but from your post it doesn't seem like you would be taking advantage of these.
0
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
One big advantage is the Single Point of Failure of the SonicWALL.  You have 2 AD servers, so both of them have DNS. You can setup 2 DHCP servers and provide redundancy.

So both DHCP servers give out the same scope, but DC1 gives out addresses, for example, 100 - 177 and excludes 178 to 254.  DC2 does the opposite.  Setting up your DNS servers properly, you could lose either 2016 server and your network continues to run.  

Remember, on a Windows network, the DHCP server on those DC's will register the clients with the DNS also on those servers.  It is a nice, neat, tidy package and there are a lot of options you can specify within the DHCP servers.  Should you expand, add more subnets, etc., this will work great.  Remember too, that these also resolve all your internal addresses. The SonicWALL is not as good at that as your DHCP server that is part of your network.

The SonicWALL has a DHCP function and for a home office or small business without AD, they are fine. You want the full functionality the domain structure gives you, so use the resources built in.

In a perfect world, with a bigger organization and more servers, I do agree, run DHCP on 2 other servers that are not DC's.  Just remember if you do that, you must add those servers to the DNSUpdateProxy group.  In a small organization where you might only have the 2 DC's, go ahead and put DHCP on those.  You have to do what works in the environment you have.  I have dealt with just that in many organizations over the last few decades and have never had a problem as long as they are setup properly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.