Powershell is very nice for this too: https://technet.microsoft.com/en-us/library/jj590751(v=wps.630).aspx
On Thu, Nov 30, 2017 at 2:33 PM, Andrew S. Baker <asbz...@gmail.com> wrote: > You can quickly import DHCP on a new machine running the same version of > Windows using NETSH > > https://technet.microsoft.com/en-us/library/dd759224(v=ws.11).aspx > > Regards, > > *ASB* > > > > On Thu, Nov 30, 2017 at 12:46 PM, David Lum <d...@theitgarage.com> wrote: > >> I've pulled DHCP off all our DC's and it wasn't too tough for the network >> team to accomodate. Using DHCP failover took a bit more work for us to >> perfect. Using failover you by definiton copy the confif to the new >> server....stand up new dhcp server, config as failover, then stand down >> DHCP on the domain controller and decondigure failover once the new server >> is confirmed to hand out IP's. (Assuming Win DHCP servers). >> >> Totally worth it in our opinion. >> >> Dave >> >> On Nov 30, 2017, at 8:21 AM, Heaton, Joseph@Wildlife < >> joseph.hea...@wildlife.ca.gov> wrote: >> >> Problem with that, is that I’d really like to keep the same IP for the >> DHCP server. My network team has that in all their switches around the >> state as ip-helper entries. >> >> >> >> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf >> orum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Webster >> *Sent:* Thursday, November 30, 2017 7:45 AM >> >> *To:* ntsysadm@lists.myitforum.com >> *Subject:* RE: [NTSysADM] DHCP role >> >> >> >> I would migrate DHCP first. >> >> >> >> Webster >> >> >> >> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf >> orum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Heaton, >> Joseph@Wildlife >> *Sent:* Thursday, November 30, 2017 9:00 AM >> *To:* ntsysadm@lists.myitforum.com >> *Subject:* RE: [NTSysADM] DHCP role >> >> >> >> That’s what we’re doing as well. Not sure why, but our service account >> is member of DNSUpdateProxy, but also a member of DNSAdmins. Anyone have >> an idea why that group? I didn’t set this up initially, I’m just trying to >> get things in best practices, and address a current issue I’m working >> through, of replacing a DC, that happens to be our main DHCP server. My >> thoughts at the moment, are to add a new DC, with only DC roles. Then, >> DCpromo the old DC (with DHCP), then migrate DHCP to a new server, that is >> only a member server, not a DC. >> >> >> >> *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists.myitf >> orum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Mark Gottschalk >> *Sent:* Wednesday, November 29, 2017 6:21 PM >> *To:* ntsysadm@lists.myitforum.com >> *Subject:* Re: [NTSysADM] DHCP role >> >> >> >> https://blogs.technet.microsoft.com/stdqry/2012/04/03/dhcp- >> server-in-dcs-and-dns-registrations/ >> https://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx >> >> This is what we've done with DHCP on DC. Have a user "DHCP_user" in >> Protected User group, DNSUpdateProxy group. Use this for alternate >> credentials. >> >> Note that first article says: >> *"A common error is to think that the DHCP Server service running in a DC >> will use its service account security context to register records in DNS if >> no alternate credentials are configured, and then there is security risk. >> In fact, this is not the behavior of the DHCP Server in a DC.* >> >> *If the DHCP Server service detects that it is running in a domain >> controller, and no alternate credentials for DNS registrations have been >> configured, then it decides to not do any registrations for DHCP clients >> and logs event DHCP/1056."* >> >> It also starts with: >> *"One common deployment scenario for the DHCP Server service is to have >> it installed in domain controllers. When this scenario is used it is >> necessary to define the alternate credentials to be used by DHCP when doing >> DNS registrations on behalf of the DHCP clients."* >> >> If you can separate them with no downside, go for it. However, running >> DHCP on a DC appears to be accounted for and can be addressed by above. >> >> -- Mark >> >> >> >> >> From: "Heaton, Joseph@Wildlife" <joseph.hea...@wildlife.ca.gov> >> To: 'NT System Admin Issues Discussion list' < >> ntsysadm@lists.myitforum.com> >> Date: 11/29/2017 02:49 PM >> Subject: [NTSysADM] DHCP role >> Sent by: "listsad...@lists.myitforum.com" <listsadmin >> ------------------------------ >> >> >> >> Is it still best practice to have DHCP NOT on a DC? I’ve been reading a >> bunch of stuff, but everything I’m reading refers to Server 2003 or older. >> >> >> >> Joe Heaton >> >> Information Technology Operations Branch >> >> Data and Technology Division >> >> CA Department of Fish and Wildlife >> >> 1700 9th Street, 3rd Floor >> >> Sacramento, CA 95811 >> >> Desk: 916-323-1284 <(916)%20323-1284> >> >> >> >> >
