In this article I will outline the steps required to configure a highly available DHCP deployment on Windows Server 2012 R2.
The code samples are used to create a DHCP scope of 10.0.0.220 - .239 on two DHCP servers named WINSTON and GEORGE in a domain named lab.hinchley.net. These values are specific to my environment and will need to be adjusted based on your requirements.
To install the DHCP Server feature, and to authorise the server running the service, run the following PowerShell commands on each DHCP server:
Install-WindowsFeature DHCP
Add-DhcpServerInDCTo create the built-in DHCP delegated security groups, run the following command on a domain controller:
Add-DhcpServerSecurityGroupWe will now create a service account named dhcp-dns for registering client records in DNS:
New-ADUser -Name dhcp-dns -SamAccountName dhcp-dns -DisplayName dhcp-dns -UserPrincipalName dhcp-dns@lab.hinchley.net -Path "ou=Service Accounts,dc=lab,dc=hinchley,dc=net" -AccountPassword (Read-Host "Password" -AsSecureString) -ChangePasswordAtLogon $false -Enabled $trueNow let's enable use of the service account by running the following command on each DHCP server:
Set-DhcpServerDnsCredential -Credential LAB\dhcp-dnsThe next step will configure domain, DNS server, and router scope options:
Set-DhcpServerv4OptionValue -DnsDomain lab.hinchley.net -DnsServer 10.0.0.10, 10.0.0.11 -Router 10.0.0.1To create a scope on the first DHCP server (in my case WINSTON) with a range of 10.0.0.220 - .239 and a load balanced scope on the second server (GEORGE) use the following two commands:
Add-DhcpServerv4Scope -Name LAB -StartRange 10.0.0.220 -EndRange 10.0.0.239 -SubnetMask 255.255.255.0 -ComputerName WINSTON
Add-DhcpServerv4Failover -ComputerName WINSTON -PartnerServer GEORGE -Name WINSTON-GEORGE -ScopeId 10.0.0.0 -LoadBalancePercent 50 -SharedSecret (Read-Host "Password") –ForceFinally, let's restart the DHCP service on each server (primarily so use of the built-in security groups is enabled):
Restart-Service DHCPServerThat's it.