dhcp on dc

  • Thread starter Thread starter dhcp dude
  • Start date Start date
D

dhcp dude

since w2k sp1, you can use a special account for dhcp
server to use, in place of the dc machine account. so
dhcp can be on dc and the name hijackig by the dhcp
service is not a problem any more.

however, dhcp has another problem, it become owner of the
names it registered for, and if it is gone, nobody can do
anything on those records any more. the resolution is to
put the dhcp server into a dhcp proxy group. if a dhcp
server sitting on a dc, put it in this group will not be
a good idea, as then all user can change the dc related
records. using the special account, as long as the
account is not removed, everything will still be in
control.

it seems using the special account solved both the
problems, dosn't it?
 
dhcp dude said:
since w2k sp1, you can use a special account for dhcp
server to use, in place of the dc machine account. so
dhcp can be on dc and the name hijackig by the dhcp
service is not a problem any more.

however, dhcp has another problem, it become owner of the
names it registered for, and if it is gone, nobody can do
anything on those records any more. the resolution is to
put the dhcp server into a dhcp proxy group. if a dhcp
server sitting on a dc, put it in this group will not be
a good idea, as then all user can change the dc related
records. using the special account, as long as the
account is not removed, everything will still be in
control.

it seems using the special account solved both the
problems, dosn't it?
Click to expand...

You said it in a nutshell!

Explained further in this article:

317590 - HOW TO Configure DNS Dynamic Update in Windows 2000 and
DNSUpdateProxy Group:
http://support.microsoft.com/?id=317590

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Sounds like talking about the netsh.exe tool.

Using a dedicated account or geting into the
DHCPUpdateProxy group, can they acomplish the same goal
(if the DHCP server is not responding, others can jump in
to help)?
 
Back
Top