In this post we will see interoperability of Running DHCP on DC.
Following points to take care of when running DHCP on a DC.
1. Usually when you a run a DHCP then it will register host A and PTR records on behalf of DCHP enabled clients however if we are running DHCP on DC we need to keep in
mind the security involved because DHCP server service would run under Local System Account context. To mitigate this factor we can create a dedicated user account and
configure DHCP servers to perform DNS dynamic updates with the user account credentials (user name, password, and
domain). The credentials of one dedicated user account can be used by multiple DHCP servers.
A dedicated user account is a user account whose sole purpose is supplying DHCP servers with credentials for DNS dynamic update registrations. When you create a
dedicated user account and configure DHCP servers with the account credentials, each DHCP server supplies these credentials when registering names on behalf of DHCP
clients using DNS dynamic update. The dedicated user account should be created in the forest where the primary DNS server for the zone to be updated resides.
When the DHCP Server service is installed on a domain controller, configuring the DHCP server with the credentials of the dedicated user account will prevent the server from
inheriting, and possibly misusing, the power of the domain controller. When installed on a domain controller, the DHCP Server service inherits the security permissions of the
domain controller and has the authority to update or delete any DNS record that is registered in a secure Active Directory-integrated zone (this includes records that were
securely registered by other computers running Windows 2000 or a Windows Server 2003 operating system, including domain controllers).
It is necessary to configure a dedicated user account and configure the DHCP server with the account credentials under the following circumstances:
* A domain controller is configured to function as a DHCP server.
* The DHCP server is configured to perform DNS dynamic updates on behalf of DHCP clients.
* The DNS zones to be updated by the DHCP server are configured to allow only secure dynamic updates.
Once you have created a dedicated user account, you can configure DHCP servers with the user account credentials by using the DHCP console or by using the Netsh DHCP context command server set dnscredentials.