Share via

Turn off or remove the Dynamic Host Configuration Protocol (DHCP) Server service installed on any of the domain controllers

Why Consider this

The DHCP Server service performs TCP/IP configuration for DHCP clients, including dynamic assignments of IP addresses, specification of DNS servers, and connection-specific DNS names. Domain controllers do not require the DHCP Server service to operate and for higher security and server hardening it is recommended not to install the DHCP Server role on domain controllers.

Watch a Customer Engineer explaining the issue

Context & Best Practices

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. DHCP allows hosts to obtain the required TCP/IP configuration information from a DHCP server. DHCP can also update DNS records on behalf of its clients.

Domain controllers do not require the DHCP Server service to operate and for higher security and server hardening, it is recommended not to install the DHCP Server role on domain controllers, but to install the DHCP Server role on member servers instead.

Suggested Actions

To address this issue, run the following actions:

  1. Stop the DHCP Server service and turn off it on all affected domain controllers.
    1. Select Start, type Run, type services.msc, and then select OK.
    2. In the list of services, look for a service titled DHCP Server.
    3. If it exists, double-click DHCP Server.
    4. On the General tab, under Startup type, select Disabled.
    5. If the Service status says ‘Running’, select Stop.
    6. Select OK.
    7. Repeat these steps for all affected domain controllers.
  2. If you have verified that your domain controllers do not need DHCP services installed on them, you could also remove the DHCP Server role from the domain controllers in theServer Manager.
    1. In the Server Manager, select Manage, and then select Remove Roles and Features.
    2. Select Next.
    3. Select the local server, and select Next.
    4. On the Remove server roles page, uncheck the checkbox for DHCP Server.
    5. Select Remove Features, then select Next.
    6. On the Remove features page, select Next.
    7. Select Remove.
    8. When the removal is complete, select Close.
    9. Repeat these steps for all affected domain controllers.

Note: Removing the DHCP Server role, also removes the DHCP server service from the list of services.