Pete Hinchley: Configure Load-Balanced DHCP Servers using PowerShell

In this article I will outline the steps required to configure a highly available DHCP deployment on Windows Server 2012 R2.

The code samples are used to create a DHCP scope of - .239 on two DHCP servers named WINSTON and GEORGE in a domain named These values are specific to my environment and will need to be adjusted based on your requirements.

To install the DHCP Server feature, and to authorise the server running the service, run the following PowerShell commands on each DHCP server:

Install-WindowsFeature DHCP

To create the built-in DHCP delegated security groups, run the following command on a domain controller:


We will now create a service account named dhcp-dns for registering client records in DNS:

New-ADUser -Name dhcp-dns -SamAccountName dhcp-dns -DisplayName dhcp-dns -UserPrincipalName -Path "ou=Service Accounts,dc=lab,dc=hinchley,dc=net" -AccountPassword (Read-Host "Password" -AsSecureString) -ChangePasswordAtLogon $false -Enabled $true

Now let's enable use of the service account by running the following command on each DHCP server:

Set-DhcpServerDnsCredential -Credential LAB\dhcp-dns

The next step will configure domain, DNS server, and router scope options:

Set-DhcpServerv4OptionValue -DnsDomain -DnsServer, -Router

To create a scope on the first DHCP server (in my case WINSTON) with a range of - .239 and a load balanced scope on the second server (GEORGE) use the following two commands:

Add-DhcpServerv4Scope -Name LAB -StartRange -EndRange -SubnetMask -ComputerName WINSTON
Add-DhcpServerv4Failover -ComputerName WINSTON -PartnerServer GEORGE -Name WINSTON-GEORGE -ScopeId -LoadBalancePercent 50 -SharedSecret (Read-Host "Password") –Force

Finally, let's restart the DHCP service on each server (primarily so use of the built-in security groups is enabled):

Restart-Service DHCPServer

That's it.