Disable or remove the Dynamic Host Configuration Protocol (DHCP) Server service installed on any of the domain controllers
Why Consider this
The DHCP Server service performs TCP/IP configuration for DHCP clients, including dynamic assignments of IP addresses, specification of DNS servers, and connection-specific DNS names. Domain controllers do not require the DHCP Server service to operate and for higher security and server hardening it is recommended not to install the DHCP Server role on domain controllers.
Watch a Customer Engineer explaining the issue
Context & Best Practices
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. DHCP allows hosts to obtain required TCP/IP configuration information from a DHCP server. DHCP can also update DNS records on behalf of its clients.
Domain controllers do not require the DHCP Server service to operate and for higher security and server hardening, it is recommended not to install the DHCP Server role on domain controllers, but to install the DHCP Server role on member servers instead.
Suggested Actions
To address this issue, carry out the following actions:
- Stop the DHCP Server service and disable it on all affected domain controllers.
- Click Start, type Run, type services.msc, and then click OK.
- In the list of services, look for a service titled DHCP Server.
- If it exists, double-click DHCP Server.
- On the General tab, under Startup type, select Disabled.
- If the Service status says ‘Running’, click Stop.
- Click OK.
- Repeat these steps for all affected domain controllers.
- If you have verified that your domain controllers do not need DHCP services installed on them, you could also additionally remove the DHCP Server role from the domain controllers in theServer Manager.
- In the Server Manager, click Manage, and then click Remove Roles and Features.
- Click Next.
- Select the local server, and click Next.
- On the Remove server roles page, uncheck the checkbox for DHCP Server.
- Click Remove Features, then click Next.
- On the Remove features page, click Next.
- Click Remove.
- When the removal is complete, click Close.
- Repeat these steps for all affected domain controllers.
Note: Removing the DHCP Server role, also removes the DHCP server service from the list of services.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for