Certainly the most common task when configuring a DHCP server is creating and managing scopes. A scope is created for the purpose of allocating IP addresses and a subnet mask at a minimum, but usually gateway, DNS, and WINS server information as well. A given DHCP server will usually be configured with a number of scopes, capable of leasing addresses to hosts on a number of different subnets. Each of these scopes is configured independently, and can be enabled or disabled on a scope-by-scope basis.
In Windows 2000, the scope creation process has been simplified through the use of the New Scope Wizard. This tool walks you through the entire process of creating a scope. This includes:
- Providing a scope name and description. As a best practice you should be sure to provide a description that provides additional information. Usually the name of the scope maps to its subnet, for example ‘Scope 192.168.1.0/24’
- Providing a range of valid IP addresses and a subnet mask (as shown below). At a minimum, this is the basic information that must be provided. One important note – after creating the scope, you cannot change the subnet mask. That means if you make a mistake, you’ll need to delete and recreate the scope.
- Adding exclusions. An exclusion is a group of IP addresses from within the provided range that you wish to not be handed out by the scope. Often these addresses are ones which you have statically assigned to hosts (such as servers) on the given subnet.
- Lease duration. Unlike in NT 4 where the lease duration was 72 hours (3 days) by default, the lease duration in Windows 2000 is now 8 days (this can of course be changed)
- Configure Options. The last portion of the wizard allows you to configure DHCP scope options, such as providing the IP address of the gateway or DNS server for example. These will be further described in a moment.
Note that by default, your DHCP scope will not be activated until you explicitly choose to do so (by right-clicking and choosing Activate), unless you choose to configure options with the wizard, in which case the last option allows you to activate the scope. Remember that the DHCP request message sent out by clients is a broadcast, and as such will not be passed beyond the local subnet unless you routers are configured to do BOOTP forwarding (sometimes called an IP Helper address). If you are using Windows 2000 RRAS, you can set up the DHCP Relay Agent to forward DHCP broadcasts to DHCP servers on different subnets. If you do not have a DHCP relay agent (or similar) on your network, you will need to configure at least one DHCP server per subnet to handle client requests.
A few additional things about a scope that you should be aware of:
- You can now control whether a scope you create answers DHCP clients, BOOTP clients, or both.
- If you want to view which addresses in a scope have been leased to clients, check the ‘Address Leases’ section for a scope. This will provide information as to the leased address, the name of the system to who the lease is issued, as well as the lease expiration time.
- For any given scope, you can view statistics on available and leased addresses quickly by choosing the ‘Display Statistics’ option.
- As mentioned in earlier DNS articles, a Windows 2000 DHCP Server can be configured to handle client registrations in DNS. This is especially useful for situations where the client system is not capable of using dynamic DNS directly. This functionality is enabled on a scope-by-scope basis, and is configured via the DNS tab in the properties of a scope.
Another new capability in Windows 2000 is the ability to grant a user the ability to manage a DHCP server, by making them a member of the DHCP Administrators group. This allows the user to control all DHCP properties, such as creating scopes, client reservations and so forth (they cannot authorize a server, though). For the purpose of letting a group of users view the information provided by the DHCP Server, a group called DHCP Users also exists. This is handy for situations where I only want level one support to view and perhaps diagnose, because members of this group have read-only access to the DHCP information.