Docs / Windows Server / Set Up Windows DHCP Server Role

Set Up Windows DHCP Server Role

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 204 views · 3 min read

The Windows DHCP Server role automatically assigns IP addresses and network configuration to devices on your network. This eliminates manual IP configuration and ensures consistent network settings. This guide covers deploying and configuring DHCP Server on your Windows Server VPS.

Install DHCP Server Role

# Install DHCP Server
Install-WindowsFeature -Name DHCP -IncludeManagementTools

# Authorize DHCP server in Active Directory
Add-DhcpServerInDC -DnsName "dc1.corp.example.com" -IPAddress "10.0.0.10"

# Verify authorization
Get-DhcpServerInDC

# Set DHCP server security groups
netsh dhcp add securitygroups
Restart-Service DHCPServer

# Complete post-install configuration
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\ServerManager\Roles\12" `
    -Name ConfigurationState -Value 2

Create DHCP Scopes

# Create a scope for your network
Add-DhcpServerv4Scope -Name "Corporate LAN" `
    -StartRange 10.0.0.100 `
    -EndRange 10.0.0.250 `
    -SubnetMask 255.255.255.0 `
    -LeaseDuration (New-TimeSpan -Days 8) `
    -State Active `
    -Description "Main corporate network"

# Set scope options
Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 `
    -Router 10.0.0.1 `
    -DnsServer 10.0.0.10, 10.0.0.11 `
    -DnsDomain "corp.example.com"

# Add exclusion ranges (for static IPs)
Add-DhcpServerv4ExclusionRange -ScopeId 10.0.0.0 `
    -StartRange 10.0.0.1 -EndRange 10.0.0.99

# Create a second scope (e.g., guest network)
Add-DhcpServerv4Scope -Name "Guest Network" `
    -StartRange 10.0.1.100 `
    -EndRange 10.0.1.200 `
    -SubnetMask 255.255.255.0 `
    -LeaseDuration (New-TimeSpan -Hours 4) `
    -State Active

Set-DhcpServerv4OptionValue -ScopeId 10.0.1.0 `
    -Router 10.0.1.1 `
    -DnsServer 1.1.1.1, 8.8.8.8

DHCP Reservations

# Create reservations for servers and critical devices
$Reservations = @(
    @{IP="10.0.0.50"; MAC="00:15:5D:00:01:50"; Name="webserver"; Desc="Web Server"},
    @{IP="10.0.0.60"; MAC="00:15:5D:00:01:60"; Name="mailserver"; Desc="Mail Server"},
    @{IP="10.0.0.70"; MAC="00:15:5D:00:01:70"; Name="fileserver"; Desc="File Server"},
    @{IP="10.0.0.80"; MAC="00:15:5D:00:01:80"; Name="printer1"; Desc="Main Printer"}
)

foreach ($Res in $Reservations) {
    Add-DhcpServerv4Reservation -ScopeId 10.0.0.0 `
        -IPAddress $Res.IP `
        -ClientId ($Res.MAC -replace ":", "-") `
        -Name $Res.Name `
        -Description $Res.Desc
}

# List all reservations
Get-DhcpServerv4Reservation -ScopeId 10.0.0.0 | Format-Table

DHCP Failover (High Availability)

# Configure DHCP failover with a partner server
Add-DhcpServerv4Failover -Name "DC1-DC2-Failover" `
    -PartnerServer "dc2.corp.example.com" `
    -ScopeId 10.0.0.0 `
    -SharedSecret "SecureF@il0verKey!" `
    -Mode HotStandby `
    -ReservePercent 10 `
    -MaxClientLeadTime (New-TimeSpan -Hours 1) `
    -StateSwitchInterval (New-TimeSpan -Minutes 60) `
    -AutoStateTransition $true

# Load balance mode (alternative to hot standby)
Add-DhcpServerv4Failover -Name "DC1-DC2-LB" `
    -PartnerServer "dc2.corp.example.com" `
    -ScopeId 10.0.1.0 `
    -SharedSecret "SecureF@il0verKey!" `
    -Mode LoadBalance `
    -LoadBalancePercent 50 `
    -MaxClientLeadTime (New-TimeSpan -Hours 1)

# Replicate scope to partner
Invoke-DhcpServerv4FailoverReplication -Name "DC1-DC2-Failover"

DHCP Policies

# Create policy to assign different options based on device type
Add-DhcpServerv4Policy -Name "VoIPPhones" `
    -ScopeId 10.0.0.0 `
    -Condition OR `
    -VendorClass EQ, "Cisco" `
    -Description "Policy for VoIP phones"

# Set options for VoIP phones
Set-DhcpServerv4OptionValue -ScopeId 10.0.0.0 `
    -PolicyName "VoIPPhones" `
    -OptionId 150 -Value "10.0.0.90"  # TFTP server for phone config

Monitoring and Reporting

# Check scope statistics
Get-DhcpServerv4ScopeStatistics | Format-Table ScopeId, Free, InUse, PercentageInUse

# View active leases
Get-DhcpServerv4Lease -ScopeId 10.0.0.0 | `
    Select-Object IPAddress, HostName, ClientId, LeaseExpiryTime | `
    Format-Table

# Find specific client
Get-DhcpServerv4Lease -ScopeId 10.0.0.0 | `
    Where-Object { $_.HostName -like "*john*" }

# Export DHCP configuration
Export-DhcpServer -File "C:\Backup\dhcp-config.xml" -Leases

# DHCP audit logs
Get-Content "C:\Windows\System32\dhcp\DhcpSrvLog-*.log" -Tail 50

Best Practices

  • Always configure DHCP failover — a DHCP outage prevents devices from getting IPs
  • Use reservations for servers, printers, and network devices that need static IPs
  • Set appropriate lease durations: 8 days for corporate, 4 hours for guest networks
  • Authorize DHCP in AD to prevent rogue DHCP servers
  • Monitor scope utilization: Alert when scopes are over 80% utilized
  • Backup DHCP configuration regularly with Export-DhcpServer
  • Use MAC filtering or 802.1X for network access control alongside DHCP

Was this article helpful?

Related Articles