We help IT Professionals succeed at work.

Should I add the role of DHCP server to Windows Server 2019

I am setting up a new Windows 2019 Server for a customer.  The way I was taught in the past was to add the role of DNS server to the DC and use the router for the DHCP to the PCs.  I have done it successfully on several servers but it seems convoluted and possibly not correct and efficient.  I do have one customer where the DC is both the DHCP server and DNS server and have not had any issues.  The DNS is configured properly with the interfaces and forwarders and DHCP turned off in the SonicWall.  DHCP is configured with the scope and all of the correct parameters.  I would like to get some opinions as to which way to go.  It seems to me it would be best practice to allow the DC to do both.  What are the pros and cons (if any) using this method?
Thank you in advance,
Phil
Comment
Watch Question

Network Engineer
Commented:
I always have DC do both. If DC is down, DNS is down too, so network isn't really up until DHCP and DNS are both up.

One place to manage.

If I have a guest network or something similar where they use external DNS, then I let firewall do DHCP for that.
Distinguished Expert 2019
Commented:
Agree with windows. Retaining control offers better management.

Much depends on your needs  virtualization?
I've always put DHCP on the server for a number of reasons.  

If the DHCP server is replaced (more common to replace a router than a server) it's much easier to move the configuration from one Windows Server to another than it is to move between routers.  

Windows Servers tend to have all of the features I ever need for DHCP where that's not always the case with routers.

Different clients use different routers, requiring that I know how to configure and to monitor the DHCP server on each of them.  It's pretty much the same on all of the Windows Servers I've dealt with over the years.  Configuration is fairly straightforward in most cases, unless you are trying to do things that aren't basic (e.g. address reservations).
Phil RineOwner

Author

Commented:
If I opted not to have the DC as the DHCP server (which I am not leaning towards), would it be better to remove the DNS role from the DC and let the router manage it?
Distinguished Expert 2019

Commented:
No, the AD relies on DNS, where would you put the DNS, often routers provide caching type DNS, you need an authoritative DNS for your AD zone.
Dhcp, DNS are not a resource intensive role.
Usually, one offloads roles that consume resources .
kevinhsiehNetwork Engineer
Commented:
Yes, DNS on router super bad idea for Active Directory environments.
You cannot remove dns from the ad, but you can use it as a forwarder which actually makes sense given the lame performance of ms dns server.

Domain oeration requires a whole bunch of srv records to operate properly so an external dns is a pain to configure

Original topic, better keep both together since populating dns leases from dhcp will be easier.
DrDave242Principal Support Engineer
Commented:
If you're still looking for opinions on this, I prefer to put DHCP on a Windows server, either a DC or a member server, whenever possible in order to maximize the amount of control I have over DHCP. Router-based management of DHCP is a mixed bag in my experience, especially when dealing with SOHO routers. Some of them offer options that are close to what Windows offers, while others barely give you more than an "Enable DHCP Server" checkbox. I believe SonicWall is actually pretty good in this area, but I'd still prefer to use a Windows server.

As has already been stated, don't remove DNS from your DCs. That way lies madness. Really.
Phil RineOwner

Author

Commented:
Thanks to all.  I am going to doing this on Friday and will post the outcome.
Phil RineOwner

Author

Commented:
Thank you to all that helped me on this issue.  I installed the DHCP role on the DC.  Everything seemed to be going great except that when I restarted any computer it would not get an IP address or be listed as an attached device.  I made the changes in the server and the router/firewall but still nothing.  I thought I would lose my mind until I realized that I skipped a step due to my inexperience with this.  I never activated the DHCP.  Pretty embarrassing, especially after spending a couple of hours trying to figure out why.  Once done, everything was a smooth as could be.  I will never forget that for the next time!
Distinguished Expert 2019
Ad dhcp has to be authorized and scope activated.
Phil RineOwner

Author

Commented:
Yes.  I found that out the hard way!  Inexperience.