Windows Server 2008 R2 Unleashed (73 page)

1. Using an account with administrator permissions, log on to the Windows Server

2003 x86 DHCP server that has the Windows Server Migration Tools installed and

registered with Windows PowerShell.

2. Click Start, click All Programs, click Administrative Tools, and select DHCP.

3. In the DHCP Server console, select and expand the DHCP server. Right-click the

DHCP server, and select Properties.

4. In the DHCP Server Properties window, select the Advanced tab and click the

Bindings button. Note the IP address the DHCP server is using because we will need

this IP address later during the import process on the destination DHCP server. Close

the DHCP Server Properties window.

5. In the DHCP Server console, select and expand the DHCP server. Right-click the

DHCP server and select Backup.

6. Select the backup location and click OK to perform the backup.

ptg

7. In the DHCP console window, right-click the DHCP server, select All Tasks, and

select Stop to stop the DHCP Server service. Close the DHCP console window.

8. Click Start, click All Programs, click Administrative Tools, click Windows Server

Migration Tools, and click the PowerShell shortcut for Windows Server Migration

Tools. When the PowerShell window opens, it should default to the

c:\SMT_ws03_x86\ folder.

9. In the PowerShell window, type .\Servermigration.psc1 and press Enter to open a

separate PowerShell window with the Windows Server Migration Tools module loaded.

10. In the PowerShell window, type the command Export-SmigServerSetting

–FeatureID DHCP and press Enter.

11. When prompted for the path, enter c:\DHCPExport and press Enter.

12. When prompted for a password that will be used to secure the exported data, enter a

password that is six characters or longer and press Enter to export the settings. Please

note this password as it will be used to import the settings.

13. Close any open Command Prompt and PowerShell windows.

14. Copy the exported folder to the C:\ drive on the destination DHCP server.

15. Change the IP address of the server or remove it from the network permanently.

The original DHCP server IP address will be added to the destination server to ensure full

functionality after the migration. The IP address change is required to ensure that clients

with existing leases will be able to contact the DHCP server by the original DHCP server IP

address. If this step is not performed, most clients will fail a DHCP renew and may need to

have help desk staff assist with an Ipconfig /release and Ipconfig /renew on each machine

that fails a DHCP renew.

Exploring DHCP Changes in Windows Server 2008 R2

343

Importing DHCP Server Settings to a Windows Server 2008 R2 DHCP Server

To import the previously exported Windows Server 2003 x86 DHCP server settings, install

11

the Windows Server Migration Tools from the Add Feature link in Server Manager.

Windows PowerShell is already installed on a Windows Server 2008 R2 system so this task

is not necessary. The DHCP import function will overwrite all DHCP settings if imported

onto an existing DHCP server, so it is a best practice to not install the DHCP Server role

before running the import. To import the DHCP server settings and information from the

original Windows Server 2003 system, perform the following steps:

1. Using an account with administrator permissions, log on to the Windows Server

2008 R2 system that has the Windows Server Migration Tools installed.

2. Open an elevated command prompt by clicking Start, All Programs, Accessories;

locate and right-click on Command Prompt and choose Run As Administrator. If

prompted for confirmation, click Continue.

3. Ping the original IP address of the Windows Server 2003 DHCP server to ensure that

it is no longer in use.

4. Click Start, click All Programs, click Administrative Tools, click Windows Server

Migration Tools, and click the PowerShell shortcut for Windows Server Migration

Tools.

5. In the PowerShell window, type the command Import-SmigServerSettings

ptg

–FeatureID DHCP –Verbose and press Enter.

6. When prompted for the path, type c:\DHCPexport and press Enter.

7. When prompted, enter the password used to secure the exported DHCP settings and

press Enter. If the DHCP service had been installed previously, this import will fail. If

the import failed due to the DHCP role being previously installed, the –Force option

can be appended to the command; however, all existing DHCP server settings will be

overwritten.

8. Once the import completes and reports successful, type exit and press Enter to close

the Windows PowerShell window.

9. Click Start, click All Programs, click Administrative Tools, and select Services.

10. Scroll down in the left pane to locate the DHCP Server service, right-click the

service, and choose Properties.

11. Change the DHCP Server service startup to Automatic and click OK to save the

settings.

12. Right-click the DHCP Server service and select Start to start the service and then

close the Services console window.

13. Click Start, click All Programs, click Administrative Tools, and select DHCP.

14. In the DHCP console window, the local server should be listed, expand the server,

and expand the IPv4 node to reveal the imported scope. Review the scope settings,

leases, and other information.

15. In the console pane, right-click the IPv4 node and select Properties.

344

CHAPTER 11

DHCP/WINS/Domain Controllers

16. Select the Advanced tab and click the Bindings button. Verify that the original

DHCP server IP address is listed and checked. Click OK to close the Bindings window

and click OK again to close the IPv4 Properties window.

17. In the console pane, right-click the local server node and select Authorize.

18. Refresh the window and verify the server is operational.

19. In the console pane, right-click DHCP at the top and select Manage Authorized Servers.

20. If the original server is listed, select it and click Unauthorize.

21. Verify that a new lease can be obtained and close the DHCP console.

This completes the DHCP server migration process.

Understanding DHCP Client Alternate Network Capability

The DHCP client that is included in client systems running Windows 7, Windows Vista,

Windows XP, and Windows 2000 can have a static IP address assigned to clients when a

DHCP server is unavailable. This static IP address takes the place of the APIPA address that

would normally be configured in these cases.

ptg

NOTE

If the Registry key to disable APIPA has been created, it will also disable the alternate

IP configuration settings.

This type of functionality could be used on remote network systems that run into issues

with DHCP Relay Agents not responding in a timely fashion. This setting should be used

with extreme caution as a machine that is taken to a foreign network without a DHCP

server might end up adding itself to the network with an IP address that is already in use.

If the network administrator wants to configure this setting, the following steps can be

executed on a Windows 7 client as an example:

1. Click Start and select Control Panel.

2. Click on Network and Internet.

3. Click on View Network Status and Tasks.

4. Click on Change Adapter Settings in the left pane.

5. Right-click the adapter in question, and choose Properties. If prompted for autho-

rization, enter the credentials, if required, and click Yes or click Continue.

6. Select Internet Protocol Version 4 (TCP/IPv4) and choose Properties.

7. Select the Alternate Configuration tab.

8. Select the User Configured option button, enter the appropriate static IP informa-

tion, and click OK.

9. Click the Close button to close the property page.

Enhancing DHCP Reliability

345

Enhancing DHCP Reliability

11

The importance of DHCP cannot be understated. Unscheduled downtime of DHCP services

can be very disruptive to a network, especially if the service is not available when users

arrive and connect their notebooks to the network or turn their desktops on. It is extremely

important for any organization to build redundancy into the DHCP infrastructure, when

possible, and to document and test disaster recovery procedures for the DHCP services.

Multiple Windows Server 2008 R2 DHCP servers can be deployed on a network to provide

redundancy and a greater level of administrative and management functionality than

offered in previous versions of the Windows Server operating systems. New DHCP features

that can be used to increase DHCP reliability and network security for the DHCP service in

Windows Server 2008 R2 include, but are not limited to, the following:

. Link layer filtering or MAC address filtering for DHCP leases

. Generating Link Layer address filter lists from existing address leases

. Generating reservations from existing DHCP leases

. Configuring unique DHCP options for reservations

. DHCP Name Protection

ptg

. DHCP Network Access Protection Integration

. DHCP activity logging

. DHCP Split-Scope Configuration Wizard

. Delayed DHCP server response setting

Link Layer Filtering

Link layer filtering is not necessarily a new feature, but it is a new feature to Windows

Server 2008 R2 DHCP services. Link Layer or MAC address filtering was historically used

on wireless networks to restrict access to only known wireless adapters. With Windows

Server 2008 R2 DHCP for IPv4 networks, link layer filtering can be enabled to restrict

which devices will be assigned an IP address from the DHCP server, and which will be

denied an IP address. This filtering is not scope specific, and if enabled, it will apply to all

IPv4 scopes on the particular server. Before this feature is enabled, it is a best-practice

recommendation to first add all valid clients who have already obtained a lease to the

allow list before enabling this feature. To prepopulate the Link Layer Filter Allow list,

perform the following steps:

1. Open the DHCP console on the server to which you want to add devices to a Link

Layer Filtering list by clicking Start and clicking on All Programs, Administrative

Tools, DHCP. If prompted, click Continue to confirm the action.

2. When the DHCP console loads, expand the server to reveal the IPv4 node.

3. Expand the IPv4 node to reveal the Filters node and expand it.

346

CHAPTER 11

DHCP/WINS/Domain Controllers

4. Beneath the Filters node are Allow and Deny nodes, which will include the allowed

and denied MAC addresses for the filter to process.

5. To add a particular MAC address to the Allow list, right-click on the Allow node

beneath the Filter node, and click New Filter.

6. Enter the MAC address of a known network interface card, enter a description as

desired, and click Add to complete this task. The same procedure can be followed to

add a MAC address to the Deny list by right-clicking on the Deny node and choos-

ing New Filter.

In most cases, DHCP administrators will choose to add MAC addresses to either the Allow

or Deny Link Layer Filter list by reviewing existing DHCP leases. To add one or more MAC

addresses to the Link Layer Filter lists from existing leases, perform the following steps:

1. Open the DHCP console on the server to which you want to add devices to a Link

Layer Filter list by clicking Start, All Programs, Administrative Tools, DHCP. If

prompted, click Continue to confirm the action.

2. When the DHCP console loads, expand the server to reveal the IPv4 node.

3. Expand the IPv4 node to reveal the Scope nodes for any existing scopes.

4. Select and expand the desired scope, and select the Address Leases node.

5. In the Center pane, select the Address lease entry or select multiple entries.

ptg

6. Right-click the selected lease(s), click Add to Filter, and click on the desired Filter,

either Allow or Deny.

7. In the confirmation dialog box, click Yes to add the leases to the selected filter.

8. Click OK to close the resulting dialog box.

9. Under the IPv4 node in the left pane, select and expand the Filters node and select

the Allow or Deny node to show the list of the existing MAC addresses already

added to the Link Layer Filter list.

After the desired MAC addresses have been added to the Allow or Deny Link Layer Filter

lists, a DHCP administrator might be inclined to enable link layer filter functionality on

the server. To enable link layer filtering functionality on all existing and future IPv4 scopes

on a Window Server 2008 R2 DHCP server, perform the following steps:

1. Open the DHCP console on the server to which you want to enable link layer filter-

ing by clicking Start, All Programs, Administrative Tools, DHCP. If prompted, click

Continue to confirm the action.

2. When the DHCP console loads, expand the server to reveal the IPv4 node.

3. Right-click the IPv4 node and select Properties.

4. Select the Filters tab, check the Enable Allow List check box and/or the Enable Deny

List check box, and click OK when completed, as shown in Figure 11.7.

Other books

Best Lunch Box Ever by Katie Sullivan Morford
B0042JSO2G EBOK by Minot, Susan
The Interrogative Mood by Padgett Powell
A by André Alexis
Deadly to the Sight by Edward Sklepowich
Harvest of Holidays by Tracy Cooper-Posey
When I Wake Up by Macedo, Ana Paula
A Killer Plot by Adams, Ellery
Shrinking Ralph Perfect by Chris d'Lacey