The first thing you’ll need to understand about Windows 2000 DHCP is that if your DHCP server is part of a Windows 2000 domain, the server must be ‘authorized’ in Active Directory. If a DHCP server has not been authorized, it will not hand out IP addresses to clients. The purpose of DHCP server registration stems from the fact that unwanted DHCP servers can wreak havoc on a network. At times this is done maliciously, but often an inexperienced administrator installs the service not understanding that any DHCP server who hears a request will reply offering an address. Windows 2000 tries to solve some of these problems by requiring that DHCP be authorized, thus eliminating the problems posed by ‘rogue’ DHCP servers. While this sounds great, unfortunately the total benefit is more limited. The only servers that will check to see whether or not they are authorized are Windows 2000 DHCP servers – your NT 4 DHCP servers (and others) will continue to hand out IP addresses regardless.
The authorization process itself is very simple. Using the DHCP console tool, simply right-click the DHCP icon, choose Manage Authorized Servers, and then authorize the server by adding its name or IP address, as shown below. Note that the only person who can authorize a DHCP server is a user who is a member of the Enterprise Admins group (this ability can be delegated if required)
When the DHCP server service attempts to start (which happens automatically during a reboot), it will send a DHCPINFORM message to Active Directory to determine its authorization state. If it has been authorized, the service starts correctly. If it hasn’t, the service does not start. The DHCP server will query Active Directory periodically (every 5 minutes by default) to ensure that its authorization status hasn’t changed.