Installing the DHCP Service in Windows Server

With the DHCP service no longer in the Server apps provided by Apple (for the most part), it’s important to look at alternative solutions to host the service. The DHCP Service in Windows Server is a Role that a Windows Server can fill that dynamically assigns IP addresses to client computers requesting addresses. The DHCP Role is easily added using the Server Manager application, available in the Administrative Tools menu of the Start Menu. Once opened, click on the Add Roles button.

At the Select Server Roles screen, locate DHCP Server and then check the box for it, which will allow you to click on the Next button.

At the DHCP Server screen, click on Next.

At the Select Network Connection Bindings screen, check the box for each network interface that will be available to DHCP to host DHCP scopes (a scope being a range of addresses that the server will host. Click on Next.

At the Specify IPv4 DNS Server Settings screen, enter the name of the search domain to be assigned in the “Parent domain” field. Then provide the ip address for the first DNS server that is provided to clients in the “Preferred DNS server IPv4 address” field. Click on Next once the appropriate DNS information has been provided.

If you are using “WINS servers click on WINS is required for applications on this network” and then click on the Next button.

At the “Add or Edit DHCP Scopes” screen, click on the Add… button to provide the first DHCP scope for the environment.

At the Add Scope screen, enter the following information:

  • Scope name: A friendly name for the DHCP scope (e.g. Marketing Subnet)
  • Starting IP address: The first IP address in the scope of addresses provided
  • Ending IP address: The last IP address in the scope of addresses provided (note that you cannot overlap pools and that
  • Subnet type: Select a type of scope being created (note that this changes the lease times)
  • Activate this scope: Check this box to make the scope available immediately
  • Subnet mask: The subnet mask used by clients of the scope
  • Default gateway: The router for the scope being created

Once you’re satisfied with your settings, click OK. Next, select whether DHCP will be provided for IPv6 and click on Next.

If IPv6 is supported, enter the address of an IPv6 based DNS service. Click Next.

Next, integrate DHCP with Active Directory (to disable, use the “Skip authorization of this DHCP server in AD DS”) by either allowing the service to use the credentials of the currently logged in user or using the Specify button to provide a different user account.

Click Next.

At the Summary screen, verify the settings are as intended and then click on Next.The role is then installed and if you selected to do so the service is started as well. There are a lot of steps here, but if you’re new to Windows Server, don’t let that intimidate you. It’s a wizard and normally takes me a little less than 5 minutes, about what we grew to expect from OS X Server.

9 Comments

  • Kyle
    September 11, 2012 - 8:07 am | Permalink

    Thank you for this. I was just thinking I needed to bite the bullet and move DHCP and DNS to a windows server.

  • Alex
    September 11, 2012 - 10:49 pm | Permalink

    How sad and shameful is this. Let’s hope that this feature-bingo Apple is playing with OS X Server is soon over.

    Otherweise it’ll become nothing more than a toy to play with that no serious IT Department will look at anymore.

    • Chris
      September 17, 2012 - 2:35 pm | Permalink

      Alex,

      I’m new to enterprise mac stuff. But it seems like the direction Apple is heading is actually to go around serious IT departments. Apple IDs that tie to the user rather than to the organization, iCloud, feature-bingo. The very idea is that the IT department won’t be needed to offer core sys-admin services. I’m worried that at some point it means the end goal is to actually make computers something less than they are now; rather than a programmable platform that has almost infinite uses, a closed platform of very finite uses.

      But I’m particularly cranky this morning so I could be over thinking this.

      • September 21, 2012 - 8:08 am | Permalink

        I don’t think you’re overthinking it. I think there are a variety of ways that enterprise IT is being managed these days and Apple seems very into the consumeristic approach. I think it can work in a variety of environments, but that it certainly isn’t a magic bullet that everyone should just jump into without a lot of thought about the details. The devil is always in the details!

  • Alex
    September 20, 2012 - 9:16 pm | Permalink
    • September 21, 2012 - 8:09 am | Permalink

      Yay!

    • Nigel Moore
      September 22, 2012 - 12:57 pm | Permalink

      Still not quite what we had in SLS (I avoided Lion), but a welcome addition nonetheless. Hopefully they’ll get around to added reserved static pools.

  • Andrew McNaughton
    September 21, 2012 - 5:58 am | Permalink

    A cool addition to this article might be the setup of Scope Option 119. This can really help Apple products in an environment with multiple DNS search domains.

    Stage 1 – Making Option 119 available to scopes.

    Right-click Server icon in DHCP console and choose “Set Predefined Options”.

    Click “Add” to start making a new Scope Option.

    Name it “DNS Search List”.

    Create type “Byte” with the ‘array’ option ticked. Option Code is 119

    Description: “DNS Search domains for Apple products”

    Stage 2 – Working out the bytes

    The byte array comprises of a broken down form of the domain(s) you wish to send out. The bytes are best entered in HEX as opposed to Decimal. For each domain component, you must prefix it with the size (character count) of it. The size has to be per domain component (excluding the ‘.’). The domain in it’s entirety also needs to be null terminated. This means adding a 0x00 at the end.

    Here is an example… itsc.nlc.lcl We have three domain components: itsc and nlc and lcl
    Translated to hex, we get the following:

    i – 0x69
    t – 0x74
    s – 0x73
    c – 0x63

    n – 0x6e
    l – 0x6c
    c – 0x63

    l – 0x6c
    c – 0x63
    l – 0x6c

    The size of itsc is 4, or 0x04 and the size of nlc is 3, or 0×03 and the size of lcl is 3, or 0×03, so our complete string is:

    0x04 0x69 0x74 0x73 0x63 0x03 0x6e 0x6c 0x63 0x03 0x6c 0x63 0x6c 0x00

    Each one of these needs to be individually added as a separate byte in the array for the 119 option in the DHCP server configuration (Remember to null terminate the entries with 0×00).

    Windows auto-removes extra zeros. Don’t worry about this.

    What if you want to use the parent domain in this example to lookup resources there too…

    Use special “compression offset” for nlc.lcl which is different depending on length of first domain component. The offset is a count of characters including a dot. So itsc. is 5. So that makes the compression offset 0xC0 0X05 This makes it add an additional domain of nlc.lcl

    On a client, renew your lease and you’ll see itsc.nlc.lcl, nlc.lcl appear in the search domains field. You can add whatever domains you need. Without implementing this, your Windows Server will only send out the single domain you set it up for.

    Also see: http://www.faqs.org/rfcs/rfc3397.html

  • Comments are closed.