Using the Microsoft Management Console (MMC) DHCP snap-in to set up a DHCP server, authorize it, and create a DHCP scope is a fairly trivial task.
Unfortunately, if you have to create and manage dozens if not hundreds of subnets on a regular basis, using a GUI to create DHCP scopes with all the options you want, such as exclusions and reservations, is far from ideal. If you're sick of going through the MMC to create your new DHCP scopes, you'll be glad to hear that you can accomplish the necessary tasks at a command prompt. Windows Server 2003 includes a utility called Netsh that you can use to manipulate DHCP server parameters at the command prompt. This, of course, means that you can script DHCP scope setting and even incorporate it as part of an automated workflow.
According to Microsoft's documentation, "Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running." You can think of Netsh as just another command-line utility like xcopy.exe or net.exe, but it's really more of a command shell similar to Telnet or FTP. In fact, if you open a command prompt and type
you get a netsh prompt at which you can enter commands interactively with the shell.
You can use Netsh to view and make changes to network configurations, including DHCP, RAS, routing, and WINS configurations. Netsh is included with Windows XP and Windows 2003, but there are some slight differences between the two commands in the different OS versions. For example, you can't use the XP version of Netsh to access DHCP server configuration information. You can find out more about Netsh in "Netsh overview" (http://technet2.microsoft.com/windowsserver/en/library/61427fbd-de1f-4c8a-b613-321f7a3cca6a1033.mspx?mfr=true).
The CreateDHCPScope Script
The CreateDHCPScope.cmd Windows shell script, which Listing 1 shows, uses Netsh to do the bulk of its work. The script performs the following actions:
- Creates a DHCP scope on a designated server.
- Sets the IP range and default gateway.
- Activates the scope.
I will also show how you can modify the script to create exclusions and reservations.
The CreateDHCPScope script takes eight parameters, which represent the minimum settings a DHCP scope should have in order to be useful. After retrieving the parameters from the command line and assigning them some more useful variable names, the script's first task is to create the scope. In the code at callout A, you can see how the script creates a scope and gives it a name and a comment (which is the same as the description in the DHCP snap-in).
After the script has created the scope, it sets up the IP range and default gateway in the code at callout B. You'll notice that there's an explicit command to set the IP range, but setting the default gateway is done by setting the value of option 003. You can use this method to set other options. Table 1 shows a list of some of the more common DHCP options available and their descriptions.
The script's last step is to activate the scope (see the code at callout C). Using Netsh to create the scope leaves it in a deactivated state by default—you need to set the value of state to 1 to mark it as active. If you're testing this script in an environment that's visible from your production network, I suggest either commenting this section out or explicitly setting the state value to 0 to leave the scope inactive until you've verified that all the settings in the scope were correctly set.
Many DHCP scopes contain two additional settings that the Create-DHCPScope script doesn't show. These are DHCP exclusions and DHCP reservations. DHCP exclusions allow you to specify a range of IP addresses within a DHCP scope's inclusion ranges that the server should not assign. The excluded IP addresses are often set aside for routers and for nodes such as servers and printers that need static IP addresses.
Another way that you can assign static IP addresses without visiting each node is by implementing DHCP reservations. Reservations hold an IP address for a device (specified by the device's media access control—MAC—address) so that whenever that node tries to obtain an IP address from the DHCP server, it always receives the same IP address. In addition to letting you implement static IP addresses for nodes that require them (such as printers) without having to manually change the nodes' settings, reservations make it easy to keep track of the static IP addresses over time because they're all stored centrally on your server. Reservations are also useful for changing the subnet, subnet settings, DNS servers, and routers without visiting individual devices.
The command to exclude an IP range is similar to setting the IP range for a particular DHCP scope. For example, the command
Netsh dhcp server \\mydhcpserver scope 192.168.100.0 add excluderange 192.168.100.1 192.168.100.10
would exclude any IP address from 192.168.100.1 through 192.168.100.10 from being assigned by the DHCP server named mydhcpserver. It's important to note that the exclusion range must fall within the IP inclusion range you set earlier because you're only excluding a subset of IP addresses within the IP range for that scope.
A sample command for creating a DHCP reservation is:
Netsh dhcp server \\mydhcpserver scope 192.168.100.0 add reservedip 192.168.100.2 00433FBB0023 printerA "test printer" BOTH
This sample command would reserve the IP address 192.168.100.2 for the node with the MAC address 00433FBB 0023. It gives the reservation the name printerA and the comment test printer. BOTH is the client type, indicating that the reservation should work for both DHCP and BOOTP client requests.
Making the Script Work
The CreateDHCPScope script must be executed from a Windows 2003 server due to its dependence on the Netsh dhcp command. It's important to note that the script does no error checking to verify that the scope was created successfully, so I highly recommend that you verify in the DHCP snap-in that the scope you specified when running the script was created successfully. Typically, if the script is unsuccessful in creating a scope, it's because the operator provided an incorrect subnet mask for the network ID of the scope.
As you can see, just a few lines of code can make it much easier to manage your DHCP environment. You can take this code and expand it for your own purposes. For example, for every scope created, a script could create a certain number of "dummy" reservations to accommodate any reservations that might be necessary in the future, such as if a new printer is added to the subnet. You can also back up and migrate DHCP scopes by using the Netsh dhcp export and import subcommands.