+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
Windows Thread, DHCP on a DC... good or bad? in Technical; Just thinking if we can save on a few servers this summer. We've got DHCP sitting on a separate server ...
  1. #1
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,650
    Thank Post
    164
    Thanked 217 Times in 200 Posts
    Rep Power
    66

    DHCP on a DC... good or bad?

    Just thinking if we can save on a few servers this summer. We've got DHCP sitting on a separate server (well 2 actually, split scope) but was wondering if I could put the role on the DCs? The officialy guidance suggests it's not recommended but might be out of date?

  2. #2

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,037
    Thank Post
    160
    Thanked 908 Times in 712 Posts
    Blog Entries
    3
    Rep Power
    270
    We used to have DHCP Sitting on the Domain Controller, But since external services have come in the sum DHCP was put on it's own 2008 Box (Virtualised)

    James.

  3. #3

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,729
    Thank Post
    1,271
    Thanked 1,644 Times in 1,100 Posts
    Blog Entries
    22
    Rep Power
    505
    The issue is that when DHCP is installed on a DC, the DCHP service inherits the permissions of a Domain Controller which could, potentially, be a security risk.
    Best practice is to configure a user for the service instead.

  4. #4

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,641
    Thank Post
    894
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    We use clustered DHCP services here and the nodes are not DC's but tbh I dont think its that bad to have DHCP on a DC.

  5. #5

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,751
    Thank Post
    1,622
    Thanked 1,876 Times in 1,394 Posts
    Blog Entries
    2
    Rep Power
    422
    We have had NO issues with the DHCP being on the DC.

  6. #6
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    We have our dhcp on a domain controller and ours works ok.

    Richard

  7. #7

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,799
    Thank Post
    272
    Thanked 1,134 Times in 1,030 Posts
    Rep Power
    349
    We have it here, split scope across two dc's to enable some sort of fai lover protection if one dc decides not to play ball.

  8. #8

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,729
    Thank Post
    1,271
    Thanked 1,644 Times in 1,100 Posts
    Blog Entries
    22
    Rep Power
    505
    The issue isn't whether it works or not, clearly having DHCP on a DC 'works' but rather that MS *used* to recommend to put it on a non DC (in server 2000 days) and the most recent advice I can find is if you run DHCP on a DC you should configure a user for the service rather than letting it run with DC privileges.

  9. #9

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,607
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    828
    We've been running DHCP on a DC since this network was first installed in 2003 and we've never had an issue.

  10. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Walking along a cliff edge 'works', but that doesn't mean it's safe or best practice.
    Last edited by powdarrmonkey; 12th May 2010 at 03:11 PM.

  11. Thanks to powdarrmonkey from:

    ahuxham (12th May 2010)

  12. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,607
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    828
    Quote Originally Posted by powdarrmonkey View Post
    Walking along a cliff edge 'works', but that doesn't mean it's safe or best practice.
    When schools get the millions of pounds of funding that is afforded to those who can stick to 'best practice' for everything, I'll be sure to change it.

  13. Thanks to localzuk from:

    SimpleSi (13th May 2010)

  14. #12

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by localzuk View Post
    When schools get the millions of pounds of funding that is afforded to those who can stick to 'best practice' for everything, I'll be sure to change it.
    Right, because changing the account that the service runs under to something unique is soooo costly.

  15. Thanks to powdarrmonkey from:

    ahuxham (12th May 2010)

  16. #13

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,607
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    828
    Quote Originally Posted by powdarrmonkey View Post
    Right, because changing the account that the service runs under to something unique is soooo costly.
    Sorry what? I simply stated that this school has been running DHCP on a DC. Did I say it was running as domain admin, or system or anything other than its own dedicated account? Your reply indicated that our running the service at all on a DC was poor - which the only outcome of would be to put it on its own server. As we don't have the capacity to stick it on other servers, that'd mean buying more servers... Hence cost.

    Or were you just trying to bait me, like an increasing number of users on here appear to be doing lately?
    Last edited by localzuk; 12th May 2010 at 03:14 PM.

  17. #14

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    In general terms, the number of people saying "it works for me" is irritating. It's probably true to say that most of these are running DHCP under a highly privileged account, because that's what happens by default. Hence, "it works for me" is not necessarily a safe recommendation.

    If you already operate a healthy best practice/cost balance, I don't understand why you're so insulted. You should be proud to be in such a position. Meanwhile, there are many, many administrators who don't follow the parts of best practice that don't actually cost anything.

  18. #15
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,650
    Thank Post
    164
    Thanked 217 Times in 200 Posts
    Rep Power
    66
    Thanks for the replies, looks like it's as I suspected, do-able but better to leave it as it is for now (running on dedicated servers) I think. Bring on VMWare!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [News] When Good Techs Go Bad.
    By SYNACK in forum Jokes/Interweb Things
    Replies: 5
    Last Post: 18th August 2009, 09:53 PM
  2. Halcyon good or bad?
    By Jobos in forum Recommended Suppliers
    Replies: 4
    Last Post: 15th October 2008, 09:31 AM
  3. Good or Bad?
    By Gatt in forum Educational IT Jobs
    Replies: 25
    Last Post: 5th October 2006, 03:23 PM
  4. DFS - Any experiences? (Good or Bad!)
    By Netman in forum Windows
    Replies: 13
    Last Post: 26th July 2006, 04:21 AM
  5. CSE - Good or bad?
    By tarquel in forum Bad Experiences
    Replies: 2
    Last Post: 15th February 2006, 06:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •