No announcement yet.

CleanUp of authorised DHCP servers in AD

  • Filter
  • Time
  • Show
Clear All
new posts

  • CleanUp of authorised DHCP servers in AD


    We have an old forest, from back in the days of Windows 2000.
    Currently we have Win 2003 DCs and Win 2008 DCs. The forest functional level is 2003, if that is relevant.
    We want to do some cleanup on the DHCP server list from AD. Because we had so many DC's along the years, we also had a lot of DHCP servers that came and went.
    However the entries in the Configuration partition of the forest have remained there.

    I mean the entries found here:
    "CN=NetServices,CN=Services,CN=Configuration,DC=do main,DC=com"

    I wanted to clean it up, and i found a document from microsoft where it said to go under DHCPRoot (CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configu ration,DC=domain,DC=com) entry of the "NetServices", find the "DHCP Servers" field and remove any old DHCP servers that were not properly unauthorized and removed.

    The thing is besides the "DHCPRoot" object there are also individual entries of each server that is a DHCP.

    Now I have clean up the DHCPRoot > dhcpServers field and i also removed any entries of non existing servers from the configuration.

    The issue we have now is that when i open dhcpmgmt.msc and try to manage a server, i see double If both the DHCP root and the individual entries are "valid".

    Can anyone tell me if the individual entries under NetServices should/can be removed, or should the DHCPRoot>dhcpServers section be cleaned up of entries?


  • #2
    Re: CleanUp of authorised DHCP servers in AD

    I just had a similar issue and had success fixing it using these steps:

    (sorry - you'll have to copy & paste the URL - I can't post links yet.)

    I followed the article's sequence of using netsh to confirm the situation, ran the ADSIEdit changes, restarted the DHCP servers and rechecked with the netsh command.

    Afterward, I replicated the change in AD and went into the Manage Authorized Servers dialog for DHCP and refreshed the list. It removed the old entries and the list is now clear when I look at the available servers.
    Last edited by Jon Morrison; 18th August 2012, 17:56.


    • #3
      Re: CleanUp of authorised DHCP servers in AD

      Allow me.
      1 1 was a racehorse.
      2 2 was 1 2.
      1 1 1 1 race 1 day,
      2 2 1 1 2