How often do DHCP servers authorize with Active Directory (AD)?

A. Before a Windows 2000 Server or later DHCP server that's either part of a domain or on a network that has an AD domain can start its DHCP service, the service must be authorized with AD. When the DHCP service starts, it queries AD to confirm its authorization status and continues to query AD every 60 minutes thereafter to confirm that it's still authorized.

DHCP servers that are members of a workgroup send out DHCPINFORM messages asking other DHCP servers on the network to respond. If a DHCP server that's part of an AD domain responds, the DHCP service won't start.

You can change the 60-minute authorization check by performing this registry change:

  1. Start the registry editor (regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters registry subkey.
  3. From the Edit menu, select New, DWORD value.
  4. Enter the name RogueAuthorizationRecheckInterval and press Enter.
  5. Double-click the new value and set it to the number of minutes between authorization checks (e.g., 120 for 2 hours) and click OK.
To disable DHCP server authorization checks, perform these steps:
  1. Start the registry editor.
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters subkey.
  3. From the Edit menu, select New, DWORD value.
  4. Enter the name DisableRogueDetection and press Enter.
  5. Double-click the new value and set it to 1. Click OK.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish