Condividi tramite


Bringing PowerShell to DHCP Server

Windows server 2012 comes with PowerShell support for DHCP server role. It provides DHCP administrators a modern, uniform way to manage DHCP servers both locally and remotely, through the command line. These cmdlets get enabled by default when you install DHCP role or DHCP RSAT (Remote Server Administration Tools). The DHCP cmdlets have been designed to follow the PowerShell rulebook which means:

-   They are easy to use and intuitive, and

-   each cmdlet performs one simple task.

It’s when you put them together to perform complex tasks that you get to realize their real power. Each cmdlet returns a well-defined object having a list of properties. It can either be assigned to a variable for further use or pipelined to another cmdlet to perform complex tasks with ease. These features combined with the rich scripting capability of PowerShell make it a real smart and powerful tool to manage DHCP servers.

The complete set of DHCP cmdlets is broadly classified as:

  • DHCPv4 cmdlets
  • DHCPv6 cmdlets
  • Cmdlets common to both - DHCPv4 and DHCPv6

Another classification is defined by the verb in the cmdlet. For each DHCP server property (for example: scopes, reservations), you can perform following operations:

  • Add a new configuration with Add verb. For instance, Add-DhcpServerV4Scope cmdlet is used to add a new IPv4 scope to the DHCP server.
  • Fetch information about an existing configuration with Get verb. For instance, Get-DhcpServerV4Scope cmdlet is used to fetch information about an existing IPv4 scope.
  • Modify an existing configuration with Set verb. For instance, Set-DhcpServerV4Scope cmdlet is used to modify the settings of an existing IPv4 scope.
  • Delete a configuration with Remove verb. For instance, Remove-DhcpServerV4Scope cmdlet is used to remove an existing IPv4 scope from the DHCP server.

So what are the different DHCP server configuration elements supported by PowerShell? Well, PowerShell on Windows Server 2012 supports all DHCP server properties: scopes, superscopes, leases, reservations, option definitions, option values, exclusion ranges, classes and interface bindings.  The new DHCP server features introduced in Windows Server 2012 viz. policies, failover and IPv6 stateless store can be managed completely using PowerShell! In addition to this, there are cmdlets to configure DHCP server and define its settings. You can authorize or de-authorize the DHCP server in Active Directory domain, enable the audit log and define its settings, take a backup of database and restore it, and much more.

Migrating the DHCP Server from one system to another is pretty simple with PowerShell. You can export out the entire DHCP server configuration from source DHCP server to an XML file and then import them to the target server. The source DHCP server may be running on Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012whereas the target server can only be Windows Server 2012. There are a bunch of options to let the user control on what gets migrated and what doesn’t. You can choose to migrate entire
DHCP server configuration or only a list of scopes specified. There is also an option to migrate IP address leases in addition to the configuration information.

To view the complete list of DHCP cmdlets on Windows Server 2012, run the following PowerShell command after installing the DHCP server role.

Get-Command –Module DhcpServer

With all the above features supported, PowerShell has become a comprehensive solution to manage DHCP servers. The rich scripting support of PowerShell can be leveraged to simplify the task of managing and monitoring DHCP server. Administrators typically write a bunch of batch files, custom tools and VB scripts to achieve this. With PowerShell support for DHCP server, all this can be accomplished by writing scripts in PowerShell language.

All DHCP PowerShell cmdlets have been designed to work with PowerShell pipeline which is an extremely powerful tool, yet simple to use. Multiple cmdlets can be used together logically to perform a complex operation with the object returned by one cmdlet getting pipelined to another one.

Another advantage of using PowerShell to manage DHCP server is the capability to do so remotely. All DHCP PowerShell cmdlets support ComputerName and CimSession parameters. Either one can be used to perform an operation on a remote DHCP server (as explained below). The system where the PowerShell command gets invoked should be running Windows Server 2012 or Windows 8 client with DHCP Remote Server Administration Tools (RSAT) installed. Installing DHCP RSAT enables the DHCP Powershell cmdlets on thatmachine.

Examples

Let’s walk through a bunch of examples that illustrate the usage of DHCP cmdlets.

Note: The examples below illustrate DHCPv4 cmdlets. However, similar cmdlets are available for DHCPv6 as well.

Configuring a new DHCPv4 Server through Powershell

You can install the DHCP server role on Windows server 2012, by running the following PowerShell command.

Install-WindowsFeature –Name DHCP

This would automatically install the DHCP RSAT which includes DHCP MMC, DHCP netsh context and DHCP PowerShell.

If you only wish to install DHCP RSAT, you can run the following command.

Install-WindowsFeature –Name RSAT-DHCP

Next step is to bind the DHCP server to a network interface where it can listen for the client requests and lease out IP addresses. This network interface should be configured with a static IPv4 or IPv6 address. The following PowerShell command would bind the DHCP server to
the network interface.

Set-DhcpServerv4Binding -BindingState $true -InterfaceAlias “Local Area Connection”

If your network operates in Windows domain environment then you will need to authorize the DHCP server in Active Directory so that it can serve IP addresses to client computers. Run the following command to authorize the DHCP server. In this case the IP address of DHCP
server is obtained by looking up in DNS. You can also choose to explicitly specify an IP address of DHCP server.

Add-DhcpServerInDC -DnsName “DhcpServer.DomainName.com”

A scope defines a range of IP addresses that are available to be leased out to client computers on a particular subnet. Here is an example of how to add a new scope through Powershell. The Add-DhcpServerV4Scope cmdlet also gives you options to specify the state of a scope, enable Network Access Protection (NAP), add the scope as part of a superscope and so on.

Add-DhcpServerv4Scope -Name "Friendly Name of Scope" -StartRange 10.10.10.1 -EndRange 10.10.10.254 -SubnetMask 255.255.255.0

In a network that uses DHCP, it is a common requirement to permanently reserve an IP address for specific clients. It is typically needed for devices like printers and application servers that always have a fixed IP address on the network. Here’s how to add a reservation on the DHCP server.

Add-DhcpServerv4Reservation -IPAddress 10.10.10.8 -ClientId F0-DE-F1-7A-11-6A -Description "Friendly name of reservation"

In addition to IP address leases, DHCP server also provides other configuration information to the clients. It can provide the IP address of DNS server, default gateway, router, WINS server and nmore. Network administrator has to define these properties on DHCP server by means of DHCP option values.

With PowerShell you can define :

-  A server wide option value which is applicable to all scopes on the DHCP server

-  An option value for a  specific scope or a reservation

For instance, the following command defines an option value to apply on all scopes.

Set-DhcpServerv4OptionValue -OptionId 6 -value 192.168.1.1

Note: option id 6 is for Dns Server

MAC address filtering is used to define a list of clients that can acquire IP addresses from the DHCP server. Any foreign client that is not on the list will fail to get an IP address. This greatly enhances security of corporate network. You can define two types of MAC Addresses
lists on DHCP servers. The clients in Allow list are provided services by the DHCP server and ones in Deny list are denied the services. Here is how you add a new MAC address to the deny list.

Add-DhcpServerv4Filter -List Deny -MacAddress F0-DE-F1-7A-11-6B -Description "Friendly name of filter"

Pipelining the object returned by one cmdlet to another

Let’s take a look at few more examples that use the PowerShell pipeline.

Quite a few organizations deploy DHCP but choose to have complete control over the IP addresses given out to client computers. This is achieved by reserving an IP address for each client as opposed to letting them acquire a lease dynamically. So you have got a long list of reservations to add in this case and adding them manually one at a time is laborious. You can use the followed pipelined command to add the reservations specified in a file – in this example Reservations.csv:

Import-Csv Reservations.csv | Add-DhcpServerv4Reservation

The file reservations.csv should contain reservations in the following csv format:

ScopeId,IPAddress,Name,ClientId,Description

10.10.10.0,10.10.10.10,Computer1,1a-1b-1c-1d-1e-1f,Reserved for Computer1

20.20.20.0,20.20.20.11,Computer2,2a-2b-2c-2d-2e-2f,Reserved for Computer2

30.30.30.0,30.30.30.12,Computer3,3a-3b-3c-3d-3e-3f,Reserved for Computer3

Another common scenario is where an admin lets clients acquire IP address leases dynamically the first time from the DHCP server but soon converts them into reservations so that the IP addresses of these clients do not change. This requires some or all of these leases to be turned into reservations. Doing this with PowerShell is quite simple. Get-DhcpServerV4AddressLease cmdlet fetches the object corresponding to IP address lease which is pipelined to Add-DhcpServerV4Reservation cmdlet in order to reserve it.

Get-DhcpServerV4Lease -IPAddress 10.10.10.11 | Add-DhcpServerV4Reservation

Alternatively, you can use the ScopeId as the parameter and either convert all leases into reservations or filter the output based on hostname or MAC address and then pipeline it to Add-DhcpServerv4Reservation to convert a specific lease to a reservation.

Remove-DhcpServerv4Lease is a cmdlet that is used to remove specific set of leases or all leases from a scope. It also supports an option to clear all the declined IP address leases (BAD Address) within a scope. Doing so is a common requirement because declined leases are a hog when the scope is running at high address utilization.

Remove-DhcpServerv4Lease –ScopeId 10.10.10.0 –BadLeases

With pipeline, you can remove all declined IP address leases across all scopes on a DHCP server.

Get-DhcpServerv4Scope | Remove-DhcpServerv4Lease –BadLeases

Monitoring DHCP Server

Network administrators must monitor the health and performance of DHCP server to ensure uninterrupted availability of DHCP service. PowerShell has got a number of features that make it easier to monitor a DHCP server in addition to managing it. You can fetch the statistics signifying the overall performance of DHCP server with the following command. It tells you the server start time, the total number of scopes configured, a consolidated view
of how occupied or free the scopes are,  the number of DHCP protocol packets (Discover, Offer, Request and Ack) sent and received.

Get-DhcpServerv4Statistics

The command below fetches you the statistics pertaining to a specific scope. It tells you the number of free and in-use IP addresses in that scope. It will give you the name of superscope, if that scope is part of one. If that scope is a part of a failover relationship, you also get the
number of free and in-use IP addresses for each of the two servers: primary server and its partner. With this cmdlet you get the option to specify a list of scopes and if a scope is not specified, you’ll get the information about all scopes present on the server.

Get-DhcpServerv4ScopeStatistics –ScopeId 10.10.10.0 -Failover

Both the statistics cmdlets return well defined objects that can be used for further processing. With the help of pipeline you can filter the information and bubble up the values that cross a certain threshold. For instance you might be looking for scopes that are more than 80% utilized. Here’s how you achieve that -

Get-DhcpServerv4ScopeStatistics | where {$_.PercentageInUse -gt 80}

You can also use the various Get cmdlets to monitor the state of DHCP server. For instance, you might want to view a list of all declined IP address leases (BAD Address) across all scopes. Just like Remove-DhcpServerv4Lease cmdlet, Get-DhcpServerv4Lease cmdlet also supports –BadLeases option that makes this operation effortless.

Get-DhcpServerv4Scope | Get-DhcpServerv4Lease -BadLeases

Some common parameters supported by DHCP cmdlets

  1. ComputerName

All DHCP cmdlets support ComputerName parameter. When specified with a cmdlet, it enables the corresponding operation to be performed on a remote server. For instance, the following command reserves an IP address on DHCP server named dhcpserver.contoso.com. In this case PowerShell makes an RPC call to the remote DHCP server to get the job done.

Add-DhcpServerv4Reservation -IPAddress 10.10.10.8 -ClientId F0-DE-F1-7A-11-6A -Description "Friendly name of reservation" –ComputerName dhcpserver.contoso.com

       2. CimSession

CimSession parameter also enables a command to be executed on a remote DHCP server. Only difference is that CimSession uses Windows Remote Management (WinRM) to execute a command remotely as opposed to RPC that is used by ComputerName. An advantage of CimSession over ComputerName parameter is that it accepts an array of server names as argument. So you can execute a specific command on multiple remote servers in one go. To differentiate between objects coming from different servers, an extra field called PSComputerName is inserted in the output object. The following command lists down the DHCPv4 scopes present on dhcpserver.contoso.com and dhcpserver2.contoso.com.

Get-DhcpServerv4Scope -CimSession @(" dhcpserver.contoso.com", "dhcpserver2.contoso.com")

       3. PassThru

Each DHCP cmdlet having Get verb returns a well-defined object. By default it gets displayed on the console. But you can assign it to a variable for further use or pipeline it to another cmdlet. With PassThru parameter, even the other cmdlets (Add, Set and Remove) can be made to return objects. For instance, the following command deletes the reserved IP address and also returns the object corresponding to that reservation.

Remove-DhcpServerv4Reservation -IPAddress 10.10.10.8 -PassThru

In conclusion, with DHCP PowerShell in Windows Server 2012, you get even more closer towards the holy grail of complete automation. With 100+ DHCP cmdlets, need we say - May the Power(Shell) be with you!

 

Team DHCP

Comments

  • Anonymous
    January 01, 2003
    Import-Csv doesn’t have a concept of importing one of the fields into an array so this might not work with import-csv.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Rider, it seems the DHCP server PowerShell module is not present on your system. Please install DHCP server management tools through Server Manager.

  • Anonymous
    January 01, 2003
    Rider, Apologies - I overlooked the error which was mentioned in the command output. 20018 stands for ERROR_DHCP_NOT_RESERVED_CLIENT. You can get all the DHCP server management related errors at - http://msdn.microsoft.com/en-us/library/windows/desktop/aa363378(v=vs.85).aspx
    Relooking at your csv, the Scope ID and reservation are mismatched. Scope ID reads 1.3.0.0 instead of 10.3.0.0 - which would match the IP address mentioned.

  • Anonymous
    January 01, 2003
    Thanks Jeffrey. The DHCP Server PowerShell documentation is now available for download. You can download the documentation for DHCP server PowerShell cmdlets by running the following PowerShell command - Update-Help –Module DhcpServer –Force –Verbose

  • Anonymous
    January 01, 2003
    Hi Thierry, can you please paste sample content of myoptionvalue.csv so that we can take a look.

  • Anonymous
    January 01, 2003
    Awesome. Thanks for sharing.

  • Anonymous
    January 01, 2003
    Mike, have you been able to import now. If not, please share a few lines from your csv file.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Chris, DHCP PowerShell cmdlets are compatible with DHCP server running on Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012. Windows Server 2003 is not supported.

  • Anonymous
    January 01, 2003
    Hi Julian
    I guess you are running this script while you are on DHCP Server 2012 and 172.16.255.185 is your DHCP Server 2008. The problem is that the session from which you are logged in on your server 2012 does not have permissions to access the DHCP Server 2008. This command shall work only if the the user session you are logged in from has permission to both the DHCP servers
    Thanks

  • Anonymous
    January 01, 2003
    Hi Mike, could you paste the first few lines of the .csv file here. It seems there may be a problem with names of the column headers specified.

  • Anonymous
    January 01, 2003
    Rider, just to be sure, you are running this either on Windows8/Windows 8.1 with RSAT installed or on Windows Server 2012/2012R2. Correct ? Prior versions do not support DHCP PowerShell - it was shipped for the first time in WS 2012/Windows 8 RSAT.

  • Anonymous
    January 01, 2003
    Hi Steve, DHCPServer PowerShell module cannot be installed on Windows Server 2008 R2. You can install it on Windows Server 2012/2012 R2 OR using RSAT, you can install it on Windows 8/8.1 and use the same to manage DHCP server running on Windows Server 2008 R2.

  • Anonymous
    January 01, 2003
    The Get-DhcpServerv4Lease returns an array of DhcpServerv4Lease object which contains the LeaseExpiryTime. This should give you what you are looking for. See the below link for the complete object:https://msdn.microsoft.com/library/hh832708.aspx

  • Anonymous
    January 01, 2003
    Thanks xman for pointing that out. The blog has been corrected for it now.

  • Anonymous
    December 04, 2012
    The comment has been removed

  • Anonymous
    December 04, 2012
    Thanks for the clarification.

  • Anonymous
    February 28, 2013
    Can this be downloaded and installed on a Windows 7 workstation that I use to manage DHCP?

  • Anonymous
    October 30, 2013
    Recently configured a Win Server 2012; it has powershell already.  I've downloaded the .msu's and tried to install but it says "This update does not apply to this server."  What gives?

  • Anonymous
    October 30, 2013
    Greg, if you have Win Server 2012 then it will have DHCP PowerShell module already. You do not need to download separately. Downloading (RSAT) separately is required if you want to run it on Windows 8 client.

  • Anonymous
    February 07, 2014
    Hi Guys, Unable to import the DHCPServer module using (Import-Module DHCPServer - Command) in Windows server 2008 R2 which is workgroup computer. Giving me error Message: Import-Module: The specified Module "DHCPServer" was not loaded because no valid module file was found in any module directory.

  • Anonymous
    March 29, 2014
    The comment has been removed

  • Anonymous
    March 30, 2014
    I actually think what the problem was that I had to capital D's for both IDs after that i had basic problems of existing reservations

  • Anonymous
    April 15, 2014
    I am getting this error when try to do an import
    + Import-Csv dhcpdump.csv | Add-DhcpServerv4Reservation
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (10.3.0.31:root/Microsof
    on], CimException
    + FullyQualifiedErrorId : DHCP 20018,Add-DhcpServerv4Reservation

    first lines in csv
    ScopeId IPAddress Name ClientId Description
    1.3.0.0 10.3.0.5 wireless_controller_cisco 88-43-e1-30-c6-e4 Cisco wireless controller
    1.3.0.0 10.3.0.20 ASI 20-7c-8f-18-c2-b9 ASI Classmate PC

  • Anonymous
    April 16, 2014
    i have checked and DHCP server tools are installed

  • Anonymous
    April 16, 2014
    running on Windows Server 2012 this is the DHCP server for our network

  • Anonymous
    April 16, 2014
    yes that was the problem. thanks very much for your assistance very much appreciated

  • Anonymous
    July 14, 2014
    The comment has been removed

  • Anonymous
    August 19, 2014
    The comment has been removed

  • Anonymous
    September 04, 2014
    The comment has been removed

  • Anonymous
    September 12, 2014
    I copied the module from the C:windowsSystem32WindowsPowerShellv1.0Modules directory to my Windows 7 client running powershell 4.0 and it works. Modules are really easy. Snap-ins are the hard part.

  • Anonymous
    October 15, 2014
    The comment has been removed

  • Anonymous
    February 15, 2015
    The comment has been removed

  • Anonymous
    February 25, 2015
    I believe your statement : You can install the DHCP server role on Windows server 2012, by running the following PowerShell command.

    Install-WindowsFeature –Name DHCP

    This would automatically install the DHCP RSAT which includes DHCP MMC, DHCP netsh context and DHCP PowerShell.


    needs revising. When performing this task on win 2012 r2 the RSAT for DHCP aren't automatically installed.
    Need to use -IncludeManagementTools flag

  • Anonymous
    August 05, 2015
    DHCP PowerShell in Windows Server 2012, in addition to providing cmdlets for DHCP server management,

  • Anonymous
    September 22, 2015
    The comment has been removed

  • Anonymous
    September 23, 2015
    Dave, what is the error codes that you are getting in these two cases.

  • Anonymous
    November 30, 2015
    And this is really better than actually SEEING what systems are using IP addresses in the scope via a easy to browse console? Once DHCP is set up, 99% of the PS commands are unnecessary. Monitoring is the only thing left to do and PS does not facilitate that task.

  • Anonymous
    November 30, 2015
    Russell, DHCP MMC provides a view of IP address leases on the DHCP server. PowerShell cmdlets are intended to aid automation/scripting.