Windows Server DHCP: Complete Guide (2025): Setup, Issues & Best Practices 🛠️

If you are in the world of networking and server systems, you have probably heard of DHCP (Dynamic Host Configuration Protocol). DHCP is actually one of the most vital services in modern networks, playing a crucial role in automatically assigning IP addresses to devices connected to the network. In this article, we will thoroughly review DHCP in Windows Server, explain its technicalities, discuss the problems and new features of version 2025, and finally help you configure and manage this service properly.

What Is Windows Server DHCP & How It Works?

In majority of the contemporary networks the automatic assignment of IP is a must so that devices can connect without any manual configurations. That is the point where Windows Server DHCP appears to help administrators to centrally manage IP addresses and to avoid conflicts or duplications. The service operates on the client-server model, where address assignment is done through four main messages known as DORA.

The DORA process

This process goes as follows:

• Discover: This is the first step that a newly arrived client takes. Since it does not yet have an IP address, it sends a Broadcast message to the address 255.255.255.255 to find a DHCP server.

• Offer: After receiving the Discover message, the DHCP server offers the client a free IP address from the defined scope along with network parameters such as Gateway and DNS.

• Request: If the client accepts the proposed address, it sends a Request message as a broadcast so that all servers know which address it has chosen and release the rest of its offers.

• Acknowledge: The selected server activates the address lease by sending an ACK packet and provides the final network settings to the client. At this point, the client is ready to communicate with the network.

In this process, two UDP ports (67 and 68) are used for communication between the device and the DHCP server. Also, the behavior of this protocol is usually broadcast, but in some cases, it may also be unicast.

Before we continue, if you want a deeper understanding of this service and how it works, you can read the full article What is DHCP.

How to Configure DHCP on Windows Server (Step by Step)

Here we explain the installation and initial configuration steps of a DHCP server in full and step by step so that you can implement it with complete confidence in your infrastructure.

1. Prerequisites and Network Planning

Before you start the installation, you need to make sure that your infrastructure is ready:

1.1.  Static and permanent IP

Your DHCP server must have a static (fixed) IPv4 address. This address must be outside the range that you plan to distribute in the DHCP Scope. To set a static IP for the server:

• Go to Control Panel > Network and Sharing Center > Change adapter settings.

• Then Right-click on the server's main network card > Properties.

•  Select the Internet Protocol Version 4 (TCP/IPv4) option and click Properties.

• Enable the Use the following IP address option and manually enter the IP address, Subnet mask, Default gateway, and DNS server.

Finally, Click OK and save the settings.

1.2. Network Addressing Planning

You must specify the required IP address range for Scope (for example, 192.168.10.10 to 192.168.10.200), the correct Subnet Mask, as well as the Default Gateway (router) address and DNS Server addresses in advance.

You can set aside a few IPs (for example, 192.168.10.1 to 192.168.10.9) for Exclusion Range so that they are not automatically assigned.

1.3. Backup

If you already have DHCP, run the following command in PowerShell to backup the current settings:

netsh dhcp server export C:\dhcp-backup.txt all

remember, you must use a user account with Administrator or equivalent privileges for installation and configuration.

2. Installing the DHCP Server Role

There are two ways to install the DHCP role in Windows Server: You can install this role either through the graphical environment (Server Manager) or through the PowerShell command line.

Installing through Server Manager (GUI)

This method is suitable for users who are more comfortable with the graphical environment:

• Open Server Manager: From the Windows desktop, open the Start menu and select Server Manager.

• Add roles and features: In the Manage menu, select the Add Roles and Features option.

• Select the installation type: Select Role-based or feature-based installation and click Next.

• Select the server: Select the destination server.

• Select the DHCP role: On the Select server roles page, check the DHCP Server option. The system will also ask you to add the required management features (Management Tools), which you must confirm.

• Confirm and install: Continue the steps and finally select Install.

Installing this role does not require a server reboot, but if you do, it will be fine.

Install via PowerShell (Recommended for automation)

If speed and repeatability are important to you, use PowerShell. This method is much more efficient for larger environments:

Open a PowerShell console with Administrator privileges.

Run the following command to install the DHCP role along with its management tools:

Install-WindowsFeature DHCP –IncludeManagementTools

For more advanced configurations, you can also use the netsh dhcp add securitygroups command to create the local security groups DHCP Administrators and DHCP Users, and then restart the service.

3. Post-Installation Configuration and Authorization

After installation, the next critical step in Active Directory environments is to authorize the server. If your server is not a domain member (stand-alone), skip this step.

If the server is a domain member, you must authorize it. Otherwise, your server will not distribute any addresses.

Authorization via GUI:

Follow these steps:

• Open the DHCP console (Windows Administrative Tools > DHCP).

• Right-click on the DHCP server name and select Authorize.

After a few seconds, by refreshing (F5), you should see a green check mark next to IPv4, indicating successful authorization in Active Directory.

Authorization via PowerShell:

In an elevated PowerShell console, run the following command (replacing the domain name and server IP):

Add-DhcpServerInDC -DnsName DHCP1.corp.contoso.com -IPAddress 10.0.0.3

You can verify the authorization status with the Get-DhcpServerInDC command.

4. Creating Scopes, Exclusion Ranges, and Lease Duration

A Scope is a range of IP addresses that your DHCP server is authorized to distribute. To create a scope:

• In the DHCP console, right-click IPv4 and select New Scope.

• Enter a name and description for the Scope.

• IP Address Range: Enter the start and end addresses of your scope and specify the Subnet Mask.

Now it’s time for the Exclusion Ranges, which we talked about earlier. These are the addresses that you have defined inside the Scope, but that you don’t want the DHCP server to assign to clients. You use these addresses for devices that need to have a static IP (such as routers, DNS servers, or stationary printers).

You can add exclusion ranges in the DHCP console (Address Pool) or via PowerShell:

Add-DhcpServerv4ExclusionRange -ScopeId 192.168.1.0 -StartRange 192.168.1.1 -EndRange 192.168.1.10

The next setting is for Lease Duration, which is the length of time a client leases an IP address. It can be one of two:

• Persistent networks: For traditional work environments or AD domains where devices are static, you can set the lease duration to be longer (e.g. 8 days or more).

•  Ephemeral networks: For public Wi-Fi networks or environments with high device mobility, set the lease duration to be short (e.g. a few hours) so that free addresses are returned to the pool quickly.

These settings depend entirely on your goals and needs.

5. Adding IP Reservations

We strongly recommend that you use the Reservation feature in your DHCP server instead of manually setting static IPs on clients. This centralizes the management of static addresses and prevents addressing conflicts.

To reserve an IP, you bind a specific IP address to the MAC address of a specific device. Quick way to reserve:

•  In the DHCP console, go to the Address Leases section.

•  Find the device you want in the list (the ones that have received a dynamic IP).

•  Right-click on the entry for that device and select Add to Reservation.

In this case, the current IP of that device will be permanently reserved to its MAC Address and the DHCP server will no longer assign this address to another client.

6. Full DNS Integration

To maintain the health of your domain, you need to make sure that the communication between DHCP and DNS is strong. You configure this setting in the server Properties or in the Scope Options.

Best Practice: Allow the DHCP server to update both A (Forward Lookup) and PTR (Reverse Lookup) records. You do this by selecting the appropriate options on the Dynamic DNS tab of the DHCP server. Additionally, you need to make sure that Option 15 (Domain Name) in your configuration sends the correct domain name to clients so that they can properly resolve hostnames in your domain's DNS.

7. Test and Verify DHCP Operation

Now it’s time to test DHCP operation and make sure that the previous steps were followed correctly. On a client (e.g. Windows 10), enter Command Prompt and type:

ipconfig /release

ipconfig /renew

If everything is correct, you should get a new IP from the defined range.

To view the active leases on the DHCP server, check the Address Leases path in the DHCP console or use the following command:

Get-DhcpServerv4Lease -ScopeId 192.168.10.0

Finally, for proper DHCP operation, make sure the server IP is static, the server is Authorized in AD, the Scope is active and valid, UDP ports 67 and 68 are open in the firewall, and always back up the DHCP settings so that you can quickly restore them in case of an error.

Advanced Features: Failover and Load Balancing

The heavy dependence of the network on DHCP makes redundancy of this service critical. The DHCP Failover feature in Windows Server allows you to configure two servers to share Lease and Scope information with each other and the IP assignment service continues without interruption.

Note that Failover is only supported for DHCPv4 Scopes and can always be implemented only between two DHCP servers.

1. Two Failover Operational Modes

You can choose one of these two modes according to the operational needs of your network:

1. 1. Load Balance Mode

This is the default mode. In this scenario, both servers are active at the same time and share DHCP client requests. By default, the load is divided between the two servers in a 50/50 ratio. . The advantage of this mode is that, in addition to redundancy, it also guarantees higher performance in responding to a large number of requests. For this reason, Load Balance mode is ideal for very large networks or data centers that require high throughput

1. 2. Hot Standby Mode

In this mode, one server acts as Active and the other as Standby. The Standby server only distributes IPs when the Active server fails. A parameter called MCLT (Maximum Client Lead Time) determines how long the Standby server waits to take control of the Scope if the connection between the two servers is lost. Hot Standby mode is suitable for scenarios where the central server in the data center is a backup server for remote sites and the main goal is network stability rather than load sharing.

2. Failover Configuration Steps

You need to start this process by right-clicking on the desired Scope in the DHCP console and selecting Configure Failover.

• Set Partner: Add the second server you want to failover with as a Partner Server.

• Set Mode: Select Load Balance or Hot Standby mode. If you select Load Balance, you can change the load sharing percentage.

•  Message Authentication: Be sure to check the Enable Message Authentication option and enter a strong Shared Secret. This password ensures the security of communications between the two DHCP servers and prevents the injection of unauthorized messages.

Finally, for Failover to work properly, the system clock and time between the two servers in the Failover relationship must be exactly synchronized.

Monitoring, Logging, and Troubleshooting DHCP (From Logs to CLI)

Proactive DHCP management requires close monitoring of lease status and server events.

1. Where to Find DHCP Logs?

By default, windows server dhcp logs are enabled and you can view them in the Windows Server Event Viewer. The exact path to access these logs is as follows:

Applications and Services Logs > Microsoft > Windows > DHCP-Server

You should actively monitor these logs for critical events (such as service stops, address expiration, or IP conflicts) to resolve issues before users notice.

2. Diagnosing Common Errors

While troubleshooting, you will encounter two common issues in the DHCP console, understanding which are key to resolving the issue:

2. 1. windows server dhcp bad address

If you see entries with the name BAD_ADDRESS in the Lease list, it means that the IP address issued by DHCP is already in use by another device on the network. This usually happens when:

• A device has manually (statically) configured an IP address that is part of the DHCP dynamic range.

• Another rogue DHCP server is operating on the network.

• The Conflict Detection feature in DHCP (which is usually disabled due to high overhead) has detected a conflict.

Action: You should first remove the Bad Address entries and then use network monitoring tools to look for the source of the conflict. If the source of the conflict is a device with an unnecessary static IP, move it to a DHCP reservation.

2.2.  Blue Exclamation Mark on Scope

Seeing a blue exclamation mark on the Scope icon in the DHCP console can be a serious warning. This usually means two main things:

• Scope disabled: The scope has been manually disabled by an administrator (or due to a system error). This is the most common reason.

• Addresses exhausted: All IP addresses in the pool (Scope) have been assigned to clients and there are no free addresses left.

Action: First, right-click on the Scope and make sure that the Activate option is enabled. If the problem persists, expand the address range (End IP) or reduce the Lease time to free unused addresses faster.

3. Command-line tools for diagnostics (Netsh and PowerShell)

If the graphical interface is not available or you need automation, command-line tools come to your aid:

3.1 ipconfig /all

This is the first tool you will use on the client side. By running it, you can see the assigned IP address, the Lease expiration time, and most importantly, the IP address of your DHCP server.

3.2. netsh

The Network Shell (netsh) tool has been available in Microsoft's operating system since Windows 2000 and is very powerful for network administration. You can enter the netsh interactive environment and then navigate to the dhcp subcommand. For example, to view the authorized DHCP servers in a domain:

netsh dhcp show server

3.3. PowerShell Cmdlets

For modern administration and scripting, use the DHCP-specific cmdlets, such as Get-DhcpServerv4Lease to check active leases or Restart-Service dhcpserver to restart the service.

We'll cover the latest known bugs in the next section.

Key Issues and Bugs (june 2025 windows server dhcp issues)

For a system administrator, it is critical to be aware of the impact of updates on infrastructure services such as DHCP, and the June 2025 incident was a reminder of this. That month, Microsoft released Cumulative Security Updates that included an unpatched bug that disrupted the performance of the DHCP Server service. It affected the following versions:

•  Windows Server 2025 (KB5060842)

• Windows Server 2022 (KB5060526)

•  Windows Server 2019 (KB5060531)

•  Windows Server 2016 (KB5061010)

The main symptoms of this issue included the inability of clients to renew their leases or obtain new IP addresses, which led to widespread network disruption.

Solutions and Crisis Management

The only reliable way initially suggested to quickly restore service was to uninstall the problematic update from the Update History section and then reboot the server; however, this left the server defenseless against the June 2025 security vulnerabilities.

However, after reviewing the update, Microsoft released the final patch in the July 8, 2025 updates (KB5062572) and fixed the DHCP issue.

This incident showed that even Cumulative Security Updates should be evaluated in a staging environment before being applied to the main environment. Strict implementation of Change Management in the infrastructure is an inevitable necessity.

Practical Scenarios and "How to..." Instructions

In this section, we'll show you how to perform some of the most common configurations in Windows Server DHCP in practice:

how to reserve ip address in dhcp windows server?

To reserve an IP for a specific device (such as a print server or firewall):

• Open the DHCP console.

• Open the desired Scope and go to the Address Leases section.

• If your device has received an IP, right-click its entry in the Address Leases list and select Add to Reservation.

• If the device has not yet received an IP, go to the Reservations section, right-click it, select New Reservation, and manually enter the desired IP address, the device's MAC address, and the device name.

Save the settings at the end.

how to find dhcp server ip address in windows?

If you want to know from which server your client got the IP, use the following command in Command Prompt or PowerShell on the client side:

ipconfig /all

The output of this command will show you the DHCP Server IP and Lease details. If you are a network administrator, you can use netsh dhcp show server to see the authorized DHCP servers in the domain.

"DHCP blue exclamation point" - what does it mean?

As mentioned earlier, this warning sign usually means that the Scope is not active or the address pool is empty. To quickly solve the problem, first check if the Scope has been manually disabled. Right-clicking and activating the Scope will solve the problem in most cases.

How to disable the DHCP server?

If you need to disable windows server dhcp or move it to another server, it is not enough to just stop the service. You need to follow these steps:

• Unauthorize: In the DHCP console, right-click the server name and select Unauthorize. This will prevent the server from distributing IP addresses in the domain environment.

•  Stop the service: Stop the DHCP Server service through the Services console or with PowerShell (Stop-Service dhcpserver command).

This will stop the service until you restart it.

Best Practices & Pitfalls to Avoid

To create a secure, reliable, and maintainable DHCP service, you must follow best practices.

• Non-overlapping Scopes: Define each DHCP scope in a separate subnet to prevent IP conflicts and avoid overlapping ranges.

• Use Reservations Instead of Static IPs: For devices that require a fixed IP, use Reservations to keep IP management centralized and organized.

• Prevent Rogue DHCP Servers: Devices like home routers can unintentionally broadcast incorrect DHCP info, potentially disrupting the entire network.

• DHCP Snooping & Port Security: Enable these features on switches so only authorized ports can send DHCP traffic, blocking unauthorized servers.

• Regular DHCP Backups: Periodically back up the DHCP database to a secure network location or external storage to ensure quick recovery.

• Ensure DNS & DHCP Alignment: Verify that the DHCP DNS option (Option 6) points to the correct DNS servers to avoid name resolution errors.

By following these best practices, you can keep your DHCP infrastructure reliable, secure, and well-managed.

Secure and Reliable DHCP Starts Here

As you’ve seen, managing DHCP on Windows Server goes beyond simple installation. You need to understand the DORA protocol and implement failover to ensure resilience against hardware failures. Keep in mind that the stability and security of this service directly depend on the platform it’s hosted on. That’s why we recommend hosting your network infrastructure, including DHCP servers, on Windows VPS or dedicated servers from 1Gbits. One of the main advantages of using 1Gbits is 24/7 support for your infrastructure, allowing you to focus on managing and optimizing your network rather than worrying about datacenter hardware issues.