Bringing PowerShell to DHCP Server

Windows server 2012 comes with PowerShell support for DHCP server role. It provides DHCP administrators a modern, uniform way to manage DHCP servers both locally and remotely, through the command line. These cmdlets get enabled by default when you install DHCP role or DHCP RSAT (Remote Server Administration Tools). The DHCP cmdlets have been designed to follow the PowerShell rulebook which means:

-   They are easy to use and intuitive, and

-   each cmdlet performs one simple task.

It’s when you put them together to perform complex tasks that you get to realize their real power. Each cmdlet returns a well-defined object having a list of properties. It can either be assigned to a variable for further use or pipelined to another cmdlet to perform complex tasks with ease. These features combined with the rich scripting capability of PowerShell make it a real smart and powerful tool to manage DHCP servers.

The complete set of DHCP cmdlets is broadly classified as:

  • DHCPv4 cmdlets
  • DHCPv6 cmdlets
  • Cmdlets common to both - DHCPv4 and DHCPv6

Another classification is defined by the verb in the cmdlet. For each DHCP server property (for example: scopes, reservations), you can perform following operations:

  • Add a new configuration with Add verb. For instance, Add-DhcpServerV4Scope cmdlet is used to add a new IPv4 scope to the DHCP server.
  • Fetch information about an existing configuration with Get verb. For instance, Get-DhcpServerV4Scope cmdlet is used to fetch information about an existing IPv4 scope.
  • Modify an existing configuration with Set verb. For instance, Set-DhcpServerV4Scope cmdlet is used to modify the settings of an existing IPv4 scope.
  • Delete a configuration with Remove verb. For instance, Remove-DhcpServerV4Scope cmdlet is used to remove an existing IPv4 scope from the DHCP server.

So what are the different DHCP server configuration elements supported by PowerShell? Well, PowerShell on Windows Server 2012 supports all DHCP server properties: scopes, superscopes, leases, reservations, option definitions, option values, exclusion ranges, classes and interface bindings.  The new DHCP server features introduced in Windows Server 2012 viz. policies, failover and IPv6 stateless store can be managed completely using PowerShell! In addition to this, there are cmdlets to configure DHCP server and define its settings. You can authorize or de-authorize the DHCP server in Active Directory domain, enable the audit log and define its settings, take a backup of database and restore it, and much more.

Migrating the DHCP Server from one system to another is pretty simple with PowerShell. You can export out the entire DHCP server configuration from source DHCP server to an XML file and then import them to the target server. The source DHCP server may be running on Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012whereas the target server can only be Windows Server 2012. There are a bunch of options to let the user control on what gets migrated and what doesn’t. You can choose to migrate entire
DHCP server configuration or only a list of scopes specified. There is also an option to migrate IP address leases in addition to the configuration information.

To view the complete list of DHCP cmdlets on Windows Server 2012, run the following PowerShell command after installing the DHCP server role.

Get-Command –Module DhcpServer

With all the above features supported, PowerShell has become a comprehensive solution to manage DHCP servers. The rich scripting support of PowerShell can be leveraged to simplify the task of managing and monitoring DHCP server. Administrators typically write a bunch of batch files, custom tools and VB scripts to achieve this. With PowerShell support for DHCP server, all this can be accomplished by writing scripts in PowerShell language.

All DHCP PowerShell cmdlets have been designed to work with PowerShell pipeline which is an extremely powerful tool, yet simple to use. Multiple cmdlets can be used together logically to perform a complex operation with the object returned by one cmdlet getting pipelined to another one.

Another advantage of using PowerShell to manage DHCP server is the capability to do so remotely. All DHCP PowerShell cmdlets support ComputerName and CimSession parameters. Either one can be used to perform an operation on a remote DHCP server (as explained below). The system where the PowerShell command gets invoked should be running Windows Server 2012 or Windows 8 client with DHCP Remote Server Administration Tools (RSAT) installed. Installing DHCP RSAT enables the DHCP Powershell cmdlets on thatmachine.

Examples

Let’s walk through a bunch of examples that illustrate the usage of DHCP cmdlets.

Note: The examples below illustrate DHCPv4 cmdlets. However, similar cmdlets are available for DHCPv6 as well.

Configuring a new DHCPv4 Server through Powershell

You can install the DHCP server role on Windows server 2012, by running the following PowerShell command.

Install-WindowsFeature –Name DHCP

This would automatically install the DHCP RSAT which includes DHCP MMC, DHCP netsh context and DHCP PowerShell.

If you only wish to install DHCP RSAT, you can run the following command.

Install-WindowsFeature –Name RSAT-DHCP

Next step is to bind the DHCP server to a network interface where it can listen for the client requests and lease out IP addresses. This network interface should be configured with a static IPv4 or IPv6 address. The following PowerShell command would bind the DHCP server to
the network interface.

Set-DhcpServerv4Binding -BindingState $true -InterfaceAlias “Local Area Connection”

If your network operates in Windows domain environment then you will need to authorize the DHCP server in Active Directory so that it can serve IP addresses to client computers. Run the following command to authorize the DHCP server. In this case the IP address of DHCP
server is obtained by looking up in DNS. You can also choose to explicitly specify an IP address of DHCP server.

Add-DhcpServerInDC -DnsName “DhcpServer.DomainName.com”

A scope defines a range of IP addresses that are available to be leased out to client computers on a particular subnet. Here is an example of how to add a new scope through Powershell. The Add-DhcpServerV4Scope cmdlet also gives you options to specify the state of a scope, enable Network Access Protection (NAP), add the scope as part of a superscope and so on.

Add-DhcpServerv4Scope -Name "Friendly Name of Scope" -StartRange 10.10.10.1 -EndRange 10.10.10.254 -SubnetMask 255.255.255.0

In a network that uses DHCP, it is a common requirement to permanently reserve an IP address for specific clients. It is typically needed for devices like printers and application servers that always have a fixed IP address on the network. Here’s how to add a reservation on the DHCP server.

Add-DhcpServerv4Reservation -IPAddress 10.10.10.8 -ClientId F0-DE-F1-7A-11-6A -Description "Friendly name of reservation"

In addition to IP address leases, DHCP server also provides other configuration information to the clients. It can provide the IP address of DNS server, default gateway, router, WINS server and nmore. Network administrator has to define these properties on DHCP server by means of DHCP option values.

With PowerShell you can define :

-  A server wide option value which is applicable to all scopes on the DHCP server

-  An option value for a  specific scope or a reservation

For instance, the following command defines an option value to apply on all scopes.

Set-DhcpServerv4OptionValue -OptionId 6 -value 192.168.1.1

Note: option id 6 is for Dns Server

MAC address filtering is used to define a list of clients that can acquire IP addresses from the DHCP server. Any foreign client that is not on the list will fail to get an IP address. This greatly enhances security of corporate network. You can define two types of MAC Addresses
lists on DHCP servers. The clients in Allow list are provided services by the DHCP server and ones in Deny list are denied the services. Here is how you add a new MAC address to the deny list.

Add-DhcpServerv4Filter -List Deny -MacAddress F0-DE-F1-7A-11-6B -Description "Friendly name of filter"

Pipelining the object returned by one cmdlet to another

Let’s take a look at few more examples that use the PowerShell pipeline.

Quite a few organizations deploy DHCP but choose to have complete control over the IP addresses given out to client computers. This is achieved by reserving an IP address for each client as opposed to letting them acquire a lease dynamically. So you have got a long list of reservations to add in this case and adding them manually one at a time is laborious. You can use the followed pipelined command to add the reservations specified in a file – in this example Reservations.csv:

Import-Csv Reservations.csv | Add-DhcpServerv4Reservation

The file reservations.csv should contain reservations in the following csv format:

ScopeId,IPAddress,Name,ClientId,Description

10.10.10.0,10.10.10.10,Computer1,1a-1b-1c-1d-1e-1f,Reserved for Computer1

20.20.20.0,20.20.20.11,Computer2,2a-2b-2c-2d-2e-2f,Reserved for Computer2

30.30.30.0,30.30.30.12,Computer3,3a-3b-3c-3d-3e-3f,Reserved for Computer3

Another common scenario is where an admin lets clients acquire IP address leases dynamically the first time from the DHCP server but soon converts them into reservations so that the IP addresses of these clients do not change. This requires some or all of these leases to be turned into reservations. Doing this with PowerShell is quite simple. Get-DhcpServerV4AddressLease cmdlet fetches the object corresponding to IP address lease which is pipelined to Add-DhcpServerV4Reservation cmdlet in order to reserve it.

Get-DhcpServerV4Lease -IPAddress 10.10.10.11 | Add-DhcpServerV4Reservation

Alternatively, you can use the ScopeId as the parameter and either convert all leases into reservations or filter the output based on hostname or MAC address and then pipeline it to Add-DhcpServerv4Reservation to convert a specific lease to a reservation.

Remove-DhcpServerv4Lease is a cmdlet that is used to remove specific set of leases or all leases from a scope. It also supports an option to clear all the declined IP address leases (BAD Address) within a scope. Doing so is a common requirement because declined leases are a hog when the scope is running at high address utilization.

Remove-DhcpServerv4Lease –ScopeId 10.10.10.0 –BadLeases

With pipeline, you can remove all declined IP address leases across all scopes on a DHCP server.

Get-DhcpServerv4Scope | Remove-DhcpServerv4Lease –BadLeases

Monitoring DHCP Server

Network administrators must monitor the health and performance of DHCP server to ensure uninterrupted availability of DHCP service. PowerShell has got a number of features that make it easier to monitor a DHCP server in addition to managing it. You can fetch the statistics signifying the overall performance of DHCP server with the following command. It tells you the server start time, the total number of scopes configured, a consolidated view
of how occupied or free the scopes are,  the number of DHCP protocol packets (Discover, Offer, Request and Ack) sent and received.

Get-DhcpServerv4Statistics

The command below fetches you the statistics pertaining to a specific scope. It tells you the number of free and in-use IP addresses in that scope. It will give you the name of superscope, if that scope is part of one. If that scope is a part of a failover relationship, you also get the
number of free and in-use IP addresses for each of the two servers: primary server and its partner. With this cmdlet you get the option to specify a list of scopes and if a scope is not specified, you’ll get the information about all scopes present on the server.

Get-DhcpServerv4ScopeStatistics –ScopeId 10.10.10.0 -Failover

Both the statistics cmdlets return well defined objects that can be used for further processing. With the help of pipeline you can filter the information and bubble up the values that cross a certain threshold. For instance you might be looking for scopes that are more than 80% utilized. Here’s how you achieve that -

Get-DhcpServerv4ScopeStatistics | where {$_.PercentageInUse -gt 80}

You can also use the various Get cmdlets to monitor the state of DHCP server. For instance, you might want to view a list of all declined IP address leases (BAD Address) across all scopes. Just like Remove-DhcpServerv4Lease cmdlet, Get-DhcpServerv4Lease cmdlet also supports –BadLeases option that makes this operation effortless.

Get-DhcpServerv4Scope | Get-DhcpServerv4Lease -BadLeases

Some common parameters supported by DHCP cmdlets

  1. ComputerName

All DHCP cmdlets support ComputerName parameter. When specified with a cmdlet, it enables the corresponding operation to be performed on a remote server. For instance, the following command reserves an IP address on DHCP server named dhcpserver.contoso.com. In this case PowerShell makes an RPC call to the remote DHCP server to get the job done.

Add-DhcpServerv4Reservation -IPAddress 10.10.10.8 -ClientId F0-DE-F1-7A-11-6A -Description "Friendly name of reservation" –ComputerName dhcpserver.contoso.com

       2. CimSession

CimSession parameter also enables a command to be executed on a remote DHCP server. Only difference is that CimSession uses Windows Remote Management (WinRM) to execute a command remotely as opposed to RPC that is used by ComputerName. An advantage of CimSession over ComputerName parameter is that it accepts an array of server names as argument. So you can execute a specific command on multiple remote servers in one go. To differentiate between objects coming from different servers, an extra field called PSComputerName is inserted in the output object. The following command lists down the DHCPv4 scopes present on dhcpserver.contoso.com and dhcpserver2.contoso.com.

Get-DhcpServerv4Scope -CimSession @(" dhcpserver.contoso.com", "dhcpserver2.contoso.com")

       3. PassThru

Each DHCP cmdlet having Get verb returns a well-defined object. By default it gets displayed on the console. But you can assign it to a variable for further use or pipeline it to another cmdlet. With PassThru parameter, even the other cmdlets (Add, Set and Remove) can be made to return objects. For instance, the following command deletes the reserved IP address and also returns the object corresponding to that reservation.

Remove-DhcpServerv4Reservation -IPAddress 10.10.10.8 -PassThru

In conclusion, with DHCP PowerShell in Windows Server 2012, you get even more closer towards the holy grail of complete automation. With 100+ DHCP cmdlets, need we say - May the Power(Shell) be with you!

 

Team DHCP