Disclamer

Visit our disclaimer policy before making any changes to your system which may negatively impact the performance or make your system unresponsive.

Delegating Access to DHCP in Windows

DHCP, Windows Server

Managing DHCP either Active Directory or locally.

Security Groups

Two security groups are responsible for managing DHCP locally or through Active Directory. The two groups are:

DHCP Users: Members who have view-only access to the DHCP service
DHCP Administrators: Members who have administrative access to the DHCP service

Users to both groups will receive the highest permission level.

Finding Root Cause

Open computer management
1. If the DHCP server has a GUI, with an account that has administrative privileges open computer management locally; or,
2. If the DHCP server does not have a GUI or is managed remotely from a different device, open computer Management on the device -> right-click Computer Management (Local) -> Connect to another computer… -> in the pop-up window, either type the computer name in the box; or,
  1. Click the button Browse… and find the DHCP server -> Once the DHCP server is located, hit the Ok button
3. Hit the Ok button

Once connected to the DHCP server, expand System Tools -> Local Users and Groups ->Click the Groups folder. If you see DHCP Administrators and/or DHCP Users. It means the server uses the local security group; otherwise, it uses the Active Directory group.

Resolution

Managing DHCP Groups via Active Directory (requires the server to be on the domain)

Open up Computer Management and navigate to the Groups folder just like the Finding Root Cause section
1. Delete both DHCP Administrators and/or DHCP Users groups
Restarting DHCP Server service
1. Open up Services the same way we opened up Computer Managed in the Finding Root Cause section but with Services
2. Locate the service DHCP Server and right-click -> Restart
Active Directory will now start managing the access control

Managing DHCP Groups Locally

Open up Computer Management and navigate to the Groups folder just like the Finding Root Cause section
1. Locate the DHCP Administrators and/or DHCP Users groups are missing, it means that Active Directory is managing DHCP permissions
On the DHCP server, open up PowerShell and type:
1. Add-DhcpServerSecurityGroup
2. Restart-Service DHCPServer

Refresh Computer Management, and DHCP Administrators and DHCP Users groups will be a part of the Groups
1. If the server is part of a domain, you can add domain-level groups into the respective local groups to allow users at the domain-level security group to manage the server; Otherwise,
2. Individual users and/or groups can be added to the local DHCP Administrators and/or DHCP Users groups

Murphy

Michael “Murphy” has BA in Computer Technology from Wayne State University and is a System Engineer for a food manufacturer in the Chicagoland area.

Local Exchange Mailbox Users Can’t Email 365 Only Accounts

August 21, 2024

Unable to send emails from mailbox from your local Exchange server to a mailbox that only exist in 365. Find the fix here.

Migrating Azure AD Connect

July 30, 2024

Don’t waste time figuring out how to migrate Azure Active Directory from one server to another. Do it quick and don’t waste your time and get it done within an hour.

Creating a Certificate Signing Request Using OpenSSL

November 11, 2023

Find out how to quickly create a Certificate Signing Request in Windows using OpenSSL. With minimum software needed.