Old DHCP Servers appear in the list of Authorized servers after a Domain Rename

After running a Domain Name Rename of a domain that has Authorized DHCP servers in Active Directory, you may see the old server’s name still listed when you view DHCP Authorized servers. This will not prevent the servers from handing out IP Addresses, but you will want to clean up the directory. You can view your Authorized DHCP Servers via the GUI or via a NETSH command. In the GUI, you will bring up DHCP management console and right-click on DHCP at the top level and then click Manage Authorized Servers.


You can also use the following command: “Netsh DHCP show server”. If you find the DHCP servers listed here with the old domain name, you can try deleting them from the command prompt by typing the following command:

“Netsh DHCP delete server ServerFQDN ServerIP address”


Netsh DHCP delete server 2003-dc1.contoso.com

However, you may get the following error: "There is no such object on the server”. If you do, you will need to use the ADSIEDIT MMC to remove the objects from Active Directory. This GUI tool is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. This tool is part of the Windows Server Support tools. More information about Adsiedit can be found here:


How to remove the objects from Active Directory using ADSIEDIT:

1. Start Adsiedit.msc.
2. Open the configuration Container.
3. Expand Services.
4. Expand Net Services.
5. On the right hand side you will find a record named CN=DHCPRoot as shown below:image

6. Right Click the CN=DhcpRoot entry and then click Properties:image

7. Highlight DhcpServers Attribute and click Edit. The following dialog will appear:image

8. Highlight the entry with the old Domain name and click Remove from DHCPServers Attribute. Click OK to close DHCPServers editor’s screen.

9. Once deleted the DHCPServers value will be “not set":image

10. Save the change by clicking OK and close Adsiedit.

11. Restart the DHCP server service.

Once you have restarted the DHCP Server service, run the following command: “Netsh DHCP show server”. You should no longer see the old servers listed as Authorized. Take into account that you may have to wait on AD replication. Also, if the servers are still listed, you can now run the command “netsh DHCP delete server ServerFQDN ServerIPAddress” without error.

“Netsh DHCP delete server serverFQDN serverIP address”


Netsh DHCP delete server 2003-dc1.contoso.com

- Louis Hardy