Introduction to DHCP Server on Windows Server 2022
Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateways, DNS server addresses, and other network configuration parameters to clients. Without DHCP, every device on your network would require manual IP configuration — a management nightmare at any scale. Windows Server 2022 includes a fully featured DHCP Server role that supports IPv4 and IPv6, high availability through failover, DHCP policies, and detailed logging. This guide covers installation, scope creation, option configuration, Active Directory authorization, reservations, exclusion ranges, lease duration management, database maintenance, and monitoring.
Installing the DHCP Server Role
Install the DHCP Server role using PowerShell with management tools:
Install-WindowsFeature -Name DHCP -IncludeManagementTools -RestartAfter installation, verify the service is running:
Get-Service -Name DHCPServer
Start-Service -Name DHCPServer
Set-Service -Name DHCPServer -StartupType AutomaticThe DHCP console (dhcpmgmt.msc) is available from Server Manager under Tools. The DhcpServer PowerShell module is also installed automatically when you include management tools.
Import the module explicitly if needed:
Import-Module DhcpServerAuthorizing the DHCP Server in Active Directory
In an Active Directory environment, DHCP servers must be authorized before they can assign leases. This prevents rogue DHCP servers from handing out incorrect IP addresses on the network. Authorization is stored in the AD configuration partition.
Add-DhcpServerInDC -DnsName "dhcp01.corp.example.com" -IPAddress "192.168.10.8"Verify the authorization:
Get-DhcpServerInDCAn unauthorized DHCP server will log Event ID 1046 and refuse to assign leases. If your DHCP server is not joined to the domain (workgroup scenario), authorization is not applicable, and the server will assign leases without AD authorization.
After authorization, you may need to restart the DHCP service:
Restart-Service -Name DHCPServerCreating a DHCP Scope
A scope defines a pool of IP addresses that the DHCP server can assign to clients on a specific subnet. Each scope is associated with one subnet and contains the start and end of the address range, subnet mask, lease duration, and options.
Add-DhcpServerv4Scope `
-Name "HQ Office LAN" `
-StartRange "192.168.10.100" `
-EndRange "192.168.10.250" `
-SubnetMask "255.255.255.0" `
-LeaseDuration "8.00:00:00" `
-State Active `
-PassThruThe -LeaseDuration accepts a TimeSpan value. Here, 8.00:00:00 means 8 days. For environments with many mobile or visitor devices, shorter leases (4–8 hours) reclaim addresses faster. For stable infrastructure, longer leases reduce DHCP traffic.
The scope -State can be Active (serving clients immediately) or InActive (created but not yet serving). Verify the scope was created:
Get-DhcpServerv4ScopeConfiguring Scope Options
DHCP options provide additional network configuration to clients beyond just the IP address. The most critical options are the default gateway (Option 3) and DNS servers (Option 6). These can be set at the scope level (applying to one scope) or server level (applying to all scopes, overridden by scope-level settings).
Set the default gateway and DNS servers for a specific scope:
Set-DhcpServerv4OptionValue `
-ScopeId "192.168.10.0" `
-Router "192.168.10.1" `
-DnsServer "192.168.10.5","192.168.10.6" `
-DnsDomain "corp.example.com" `
-PassThruThe -ScopeId is the network address of the scope (first address with host bits zeroed). Set server-level options that apply to all scopes:
Set-DhcpServerv4OptionValue `
-ComputerName "dhcp01" `
-DnsServer "192.168.10.5","192.168.10.6" `
-DnsDomain "corp.example.com" `
-PassThruOther commonly used DHCP options include:
Option 15 — DNS Domain Name (domain search suffix)
Option 44 — WINS/NBNS Server (legacy NetBIOS name resolution)
Option 46 — WINS/NBT Node Type
Option 66/67 — Boot server and boot file name (PXE booting)
# Configure PXE boot options
Set-DhcpServerv4OptionValue -ScopeId "192.168.10.0" -OptionId 66 -Value "192.168.10.30"
Set-DhcpServerv4OptionValue -ScopeId "192.168.10.0" -OptionId 67 -Value "bootx64wdsnbp.com"Configuring Exclusion Ranges
Exclusion ranges prevent the DHCP server from assigning specific IP addresses within a scope. This is essential for addresses already assigned statically to servers, printers, routers, or other infrastructure devices within the scope’s range.
Add-DhcpServerv4ExclusionRange `
-ScopeId "192.168.10.0" `
-StartRange "192.168.10.100" `
-EndRange "192.168.10.120" `
-PassThruThis excludes .100 through .120 from the DHCP pool, reserving them for static assignment. You can add multiple exclusion ranges to a scope:
Add-DhcpServerv4ExclusionRange -ScopeId "192.168.10.0" -StartRange "192.168.10.240" -EndRange "192.168.10.250"View all exclusions for a scope:
Get-DhcpServerv4ExclusionRange -ScopeId "192.168.10.0"Best practice: Define your scope from the full usable range of the subnet, then exclude the addresses used for static infrastructure. This gives you a clean single scope rather than a fragmented pool.
Configuring Address Reservations
A DHCP reservation ensures a specific device always receives the same IP address based on its MAC address. Unlike a static IP, the device still uses DHCP for all options (gateway, DNS, etc.) and the address is managed centrally in DHCP.
Add-DhcpServerv4Reservation `
-ScopeId "192.168.10.0" `
-IPAddress "192.168.10.50" `
-ClientId "00-11-22-33-44-55" `
-Name "PrinterHR" `
-Description "HR Department Printer - 3rd Floor" `
-Type Both `
-PassThruThe -ClientId is the MAC address of the device. The -Type parameter specifies whether the reservation applies to Dhcp clients only, Bootp clients only, or Both.
List all reservations in a scope:
Get-DhcpServerv4Reservation -ScopeId "192.168.10.0" | Format-Table Name, IPAddress, ClientId, DescriptionTo find a device’s MAC address on Windows for creating the reservation:
Get-NetAdapter | Select-Object Name, MacAddressManaging DHCP Lease Duration
Lease duration balances address pool efficiency against DHCP traffic. When a lease expires, the client must request a new one. At 50% of lease time, the client attempts to renew with the original DHCP server. At 87.5% of lease time, the client broadcasts for renewal from any DHCP server.
Recommended lease durations:
Office workstations: 8 days — stable environment, low address churn
Wireless/guest networks: 4–8 hours — high turnover, limited pool
Data center servers (DHCP-assigned): 30 days — very stable, minimal overhead
Modify the lease duration for an existing scope:
Set-DhcpServerv4Scope -ScopeId "192.168.10.0" -LeaseDuration "4.00:00:00" -PassThruFor unlimited leases (not recommended except for reservations):
Set-DhcpServerv4Scope -ScopeId "192.168.10.0" -LeaseDuration ([System.TimeSpan]::Zero) -PassThruDHCP DNS Registration
The DHCP server can register client DNS records on behalf of clients that do not support DDNS. This is configured at the server level and can be overridden per scope or per reservation.
Set-DhcpServerv4DnsSetting `
-DynamicUpdates "Always" `
-DeleteDnsRRonLeaseExpiry $true `
-UpdateDnsRRForOlderClients $true `
-PassThruThe -DynamicUpdates "Always" option instructs the DHCP server to always register DNS records for clients, regardless of whether the client requested DNS registration. -DeleteDnsRRonLeaseExpiry $true ensures DNS records are cleaned up when leases expire.
DHCP Logging
DHCP logs all activity including lease grants, renewals, releases, and denials. Logs are stored by default in C:WindowsSystem32dhcp and rotate daily, keeping the last 7 days.
Get-DhcpServerAuditLogModify the log path and maximum size:
Set-DhcpServerAuditLog -Enable $true -Path "D:DHCPLogs" -MaxMBFileSize 100 -DiskCheckInterval 50 -MinMBDiskSpace 20 -PassThruDHCP audit log entries use event ID codes. Key codes to know:
10 — New IP lease issued
11 — Lease renewed
12 — Lease released
15 — Lease denied (address exhaustion or conflict)
20 — Bootstrap request (BOOTP)
Parse DHCP logs from PowerShell to find all new leases issued today:
$today = (Get-Date).DayOfWeek.ToString().Substring(0,3)
$logfile = "C:WindowsSystem32dhcpDhcpSrvLog-$today.log"
Get-Content $logfile | Where-Object { $_ -match "^10," }DHCP Database Backup and Restore
The DHCP database stores all scopes, options, reservations, and active leases in a JET database located at C:WindowsSystem32dhcpdhcp.mdb. Windows Server automatically backs up this database every 60 minutes by default to C:WindowsSystem32dhcpbackup.
Trigger a manual backup:
Backup-DhcpServer -Path "D:DHCPBackup" -PassThruRestore the DHCP database from a backup:
Stop-Service -Name DHCPServer
Restore-DhcpServer -Path "D:DHCPBackup" -Force -PassThru
Start-Service -Name DHCPServerExport DHCP configuration (scopes, options, reservations) to XML for migration to a new server:
Export-DhcpServer -File "C:DHCPExportdhcp_config.xml" -Leases -PassThruImport on the destination server:
Import-DhcpServer -File "C:DHCPExportdhcp_config.xml" -BackupPath "C:DHCPImportBackup" -Leases -ScopeOverwrite -PassThruViewing and Managing Active Leases
Monitor active leases to understand address utilization, identify devices on the network, and troubleshoot IP conflicts:
# List all active leases in a scope
Get-DhcpServerv4Lease -ScopeId "192.168.10.0" | Format-Table IPAddress, HostName, ClientId, LeaseExpiryTime, AddressState
# Count leases (useful for capacity planning)
(Get-DhcpServerv4Lease -ScopeId "192.168.10.0" | Where-Object { $_.AddressState -eq "Active" }).Count
# Find a specific device by MAC address
Get-DhcpServerv4Lease -ScopeId "192.168.10.0" | Where-Object { $_.ClientId -eq "00-11-22-33-44-55" }
# Remove a specific lease (forces client to request new address)
Remove-DhcpServerv4Lease -IPAddress "192.168.10.135"View scope utilization statistics:
Get-DhcpServerv4ScopeStatistics -ScopeId "192.168.10.0" | Format-List *This returns the total addresses in scope, addresses in use, free addresses, and percentage used. Set up alerting when utilization exceeds 80% to proactively add scopes or reclaim addresses.
Conclusion
Windows Server 2022 DHCP Server provides enterprise-grade IP address management with deep Active Directory integration, comprehensive logging, and full PowerShell automation support. By correctly configuring scopes with appropriate options, exclusion ranges, and reservations, maintaining regular database backups, and monitoring lease utilization, administrators can ensure reliable and efficient IP address management across their entire network infrastructure. The combination of DHCP with DNS dynamic registration also reduces manual DNS management overhead significantly in large environments.
