Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
1. Using an account with administrator permissions, log on to the Windows Server
2003 x86 DHCP server that has the Windows Server Migration Tools installed and
registered with Windows PowerShell.
2. Click Start, click All Programs, click Administrative Tools, and select DHCP.
3. In the DHCP Server console, select and expand the DHCP server. Right-click the
DHCP server, and select Properties.
4. In the DHCP Server Properties window, select the Advanced tab and click the
Bindings button. Note the IP address the DHCP server is using because we will need
this IP address later during the import process on the destination DHCP server. Close
the DHCP Server Properties window.
5. In the DHCP Server console, select and expand the DHCP server. Right-click the
DHCP server and select Backup.
6. Select the backup location and click OK to perform the backup.
ptg
7. In the DHCP console window, right-click the DHCP server, select All Tasks, and
select Stop to stop the DHCP Server service. Close the DHCP console window.
8. Click Start, click All Programs, click Administrative Tools, click Windows Server
Migration Tools, and click the PowerShell shortcut for Windows Server Migration
Tools. When the PowerShell window opens, it should default to the
c:\SMT_ws03_x86\ folder.
9. In the PowerShell window, type .\Servermigration.psc1 and press Enter to open a
separate PowerShell window with the Windows Server Migration Tools module loaded.
10. In the PowerShell window, type the command Export-SmigServerSetting
–FeatureID DHCP and press Enter.
11. When prompted for the path, enter c:\DHCPExport and press Enter.
12. When prompted for a password that will be used to secure the exported data, enter a
password that is six characters or longer and press Enter to export the settings. Please
note this password as it will be used to import the settings.
13. Close any open Command Prompt and PowerShell windows.
14. Copy the exported folder to the C:\ drive on the destination DHCP server.
15. Change the IP address of the server or remove it from the network permanently.
The original DHCP server IP address will be added to the destination server to ensure full
functionality after the migration. The IP address change is required to ensure that clients
with existing leases will be able to contact the DHCP server by the original DHCP server IP
address. If this step is not performed, most clients will fail a DHCP renew and may need to
have help desk staff assist with an Ipconfig /release and Ipconfig /renew on each machine
that fails a DHCP renew.
Exploring DHCP Changes in Windows Server 2008 R2
343
Importing DHCP Server Settings to a Windows Server 2008 R2 DHCP Server
To import the previously exported Windows Server 2003 x86 DHCP server settings, install
11
the Windows Server Migration Tools from the Add Feature link in Server Manager.
Windows PowerShell is already installed on a Windows Server 2008 R2 system so this task
is not necessary. The DHCP import function will overwrite all DHCP settings if imported
onto an existing DHCP server, so it is a best practice to not install the DHCP Server role
before running the import. To import the DHCP server settings and information from the
original Windows Server 2003 system, perform the following steps:
1. Using an account with administrator permissions, log on to the Windows Server
2008 R2 system that has the Windows Server Migration Tools installed.
2. Open an elevated command prompt by clicking Start, All Programs, Accessories;
locate and right-click on Command Prompt and choose Run As Administrator. If
prompted for confirmation, click Continue.
3. Ping the original IP address of the Windows Server 2003 DHCP server to ensure that
it is no longer in use.
4. Click Start, click All Programs, click Administrative Tools, click Windows Server
Migration Tools, and click the PowerShell shortcut for Windows Server Migration
Tools.
5. In the PowerShell window, type the command Import-SmigServerSettings
ptg
–FeatureID DHCP –Verbose and press Enter.
6. When prompted for the path, type c:\DHCPexport and press Enter.
7. When prompted, enter the password used to secure the exported DHCP settings and
press Enter. If the DHCP service had been installed previously, this import will fail. If
the import failed due to the DHCP role being previously installed, the –Force option
can be appended to the command; however, all existing DHCP server settings will be
overwritten.
8. Once the import completes and reports successful, type exit and press Enter to close
the Windows PowerShell window.
9. Click Start, click All Programs, click Administrative Tools, and select Services.
10. Scroll down in the left pane to locate the DHCP Server service, right-click the
service, and choose Properties.
11. Change the DHCP Server service startup to Automatic and click OK to save the
settings.
12. Right-click the DHCP Server service and select Start to start the service and then
close the Services console window.
13. Click Start, click All Programs, click Administrative Tools, and select DHCP.
14. In the DHCP console window, the local server should be listed, expand the server,
and expand the IPv4 node to reveal the imported scope. Review the scope settings,
leases, and other information.
15. In the console pane, right-click the IPv4 node and select Properties.
344
CHAPTER 11
DHCP/WINS/Domain Controllers
16. Select the Advanced tab and click the Bindings button. Verify that the original
DHCP server IP address is listed and checked. Click OK to close the Bindings window
and click OK again to close the IPv4 Properties window.
17. In the console pane, right-click the local server node and select Authorize.
18. Refresh the window and verify the server is operational.
19. In the console pane, right-click DHCP at the top and select Manage Authorized Servers.
20. If the original server is listed, select it and click Unauthorize.
21. Verify that a new lease can be obtained and close the DHCP console.
This completes the DHCP server migration process.
Understanding DHCP Client Alternate Network Capability
The DHCP client that is included in client systems running Windows 7, Windows Vista,
Windows XP, and Windows 2000 can have a static IP address assigned to clients when a
DHCP server is unavailable. This static IP address takes the place of the APIPA address that
would normally be configured in these cases.
ptg
NOTE
If the Registry key to disable APIPA has been created, it will also disable the alternate
IP configuration settings.
This type of functionality could be used on remote network systems that run into issues
with DHCP Relay Agents not responding in a timely fashion. This setting should be used
with extreme caution as a machine that is taken to a foreign network without a DHCP
server might end up adding itself to the network with an IP address that is already in use.
If the network administrator wants to configure this setting, the following steps can be
executed on a Windows 7 client as an example:
1. Click Start and select Control Panel.
2. Click on Network and Internet.
3. Click on View Network Status and Tasks.
4. Click on Change Adapter Settings in the left pane.
5. Right-click the adapter in question, and choose Properties. If prompted for autho-
rization, enter the credentials, if required, and click Yes or click Continue.
6. Select Internet Protocol Version 4 (TCP/IPv4) and choose Properties.
7. Select the Alternate Configuration tab.
8. Select the User Configured option button, enter the appropriate static IP informa-
tion, and click OK.
9. Click the Close button to close the property page.
Enhancing DHCP Reliability
345
11
The importance of DHCP cannot be understated. Unscheduled downtime of DHCP services
can be very disruptive to a network, especially if the service is not available when users
arrive and connect their notebooks to the network or turn their desktops on. It is extremely
important for any organization to build redundancy into the DHCP infrastructure, when
possible, and to document and test disaster recovery procedures for the DHCP services.
Multiple Windows Server 2008 R2 DHCP servers can be deployed on a network to provide
redundancy and a greater level of administrative and management functionality than
offered in previous versions of the Windows Server operating systems. New DHCP features
that can be used to increase DHCP reliability and network security for the DHCP service in
Windows Server 2008 R2 include, but are not limited to, the following:
. Link layer filtering or MAC address filtering for DHCP leases
. Generating Link Layer address filter lists from existing address leases
. Generating reservations from existing DHCP leases
. Configuring unique DHCP options for reservations
. DHCP Name Protection
ptg
. DHCP Network Access Protection Integration
. DHCP activity logging
. DHCP Split-Scope Configuration Wizard
. Delayed DHCP server response setting
Link Layer Filtering
Link layer filtering is not necessarily a new feature, but it is a new feature to Windows
Server 2008 R2 DHCP services. Link Layer or MAC address filtering was historically used
on wireless networks to restrict access to only known wireless adapters. With Windows
Server 2008 R2 DHCP for IPv4 networks, link layer filtering can be enabled to restrict
which devices will be assigned an IP address from the DHCP server, and which will be
denied an IP address. This filtering is not scope specific, and if enabled, it will apply to all
IPv4 scopes on the particular server. Before this feature is enabled, it is a best-practice
recommendation to first add all valid clients who have already obtained a lease to the
allow list before enabling this feature. To prepopulate the Link Layer Filter Allow list,
perform the following steps:
1. Open the DHCP console on the server to which you want to add devices to a Link
Layer Filtering list by clicking Start and clicking on All Programs, Administrative
Tools, DHCP. If prompted, click Continue to confirm the action.
2. When the DHCP console loads, expand the server to reveal the IPv4 node.
3. Expand the IPv4 node to reveal the Filters node and expand it.
346
CHAPTER 11
DHCP/WINS/Domain Controllers
4. Beneath the Filters node are Allow and Deny nodes, which will include the allowed
and denied MAC addresses for the filter to process.
5. To add a particular MAC address to the Allow list, right-click on the Allow node
beneath the Filter node, and click New Filter.
6. Enter the MAC address of a known network interface card, enter a description as
desired, and click Add to complete this task. The same procedure can be followed to
add a MAC address to the Deny list by right-clicking on the Deny node and choos-
ing New Filter.
In most cases, DHCP administrators will choose to add MAC addresses to either the Allow
or Deny Link Layer Filter list by reviewing existing DHCP leases. To add one or more MAC
addresses to the Link Layer Filter lists from existing leases, perform the following steps:
1. Open the DHCP console on the server to which you want to add devices to a Link
Layer Filter list by clicking Start, All Programs, Administrative Tools, DHCP. If
prompted, click Continue to confirm the action.
2. When the DHCP console loads, expand the server to reveal the IPv4 node.
3. Expand the IPv4 node to reveal the Scope nodes for any existing scopes.
4. Select and expand the desired scope, and select the Address Leases node.
5. In the Center pane, select the Address lease entry or select multiple entries.
ptg
6. Right-click the selected lease(s), click Add to Filter, and click on the desired Filter,
either Allow or Deny.
7. In the confirmation dialog box, click Yes to add the leases to the selected filter.
8. Click OK to close the resulting dialog box.
9. Under the IPv4 node in the left pane, select and expand the Filters node and select
the Allow or Deny node to show the list of the existing MAC addresses already
added to the Link Layer Filter list.
After the desired MAC addresses have been added to the Allow or Deny Link Layer Filter
lists, a DHCP administrator might be inclined to enable link layer filter functionality on
the server. To enable link layer filtering functionality on all existing and future IPv4 scopes
on a Window Server 2008 R2 DHCP server, perform the following steps:
1. Open the DHCP console on the server to which you want to enable link layer filter-
ing by clicking Start, All Programs, Administrative Tools, DHCP. If prompted, click
Continue to confirm the action.
2. When the DHCP console loads, expand the server to reveal the IPv4 node.
3. Right-click the IPv4 node and select Properties.
4. Select the Filters tab, check the Enable Allow List check box and/or the Enable Deny
List check box, and click OK when completed, as shown in Figure 11.7.