It’s simple to migrate the DHCP service from the old server to the new Windows Server 2016/2019 while keeping all of the previous server’s configuration. You can easily transfer DHCP settings, zones, and reservations if the old DHCP server is running Windows Server 2008/R2 or Windows Server 2012/R2.
Deploying DHCP Server Role on Windows Server 2016/2019
First and foremost, you must install the DHCP Server role on a new Windows Server 2016/2019 server. The DHCP Server role can be installed from the Server Manager console by running the Add Roles Wizard from the Manage > Add Roles and Features menu and selecting DHCP Server.
However, installing the DHCP role and role management tools from RSAT (the DHCP MMC console and the PowerShell module to interact with the DHCP server) using PoSh is significantly easier. Run the following command on the PowerShell console as Administrator:
Add-WindowsFeature -IncludeManagementTools DHCPTo install the DHCP server management console, use the -IncludeManagementTools argument. The DHCP server role is installed without the proper console by default when using the Add-WindowsFeature cmdlet.
Create local DHCP security groups (DHCP Administrators and DHCP Users) next:
Add-DhcpServerSecurityGroupNote that the local DHCP server is managed by these security groups:
- Users having complete DHCP server permissions (they may alter any option) but no local admin permissions on Windows Server are known as DHCP Administrators.
- Users with access to DHCP server settings and statistics are known as DHCP Users (including the DHCP Leases info).
Restart the DHCP Server service to enable DHCP security settings associated with the newly created local security groups:
Restart-Service DHCPServerAuthorize DHCP Server in Active Directory
The new DHCP server must then be authorised in the Active Directory domain. To prevent rogue DHCP servers from running on the network, authorization in Active Directory is conducted by an account with Enterprise Admins access.
The following is the list of permitted DHCP servers in the AD domain:
Get-DhcpServerInDCIn order to authorize the new DHCP server in the Active Directory domain:
Add-DhcpServerInDC host1.contoso.com 192.168.10.35
If you want to start a DHCP server without authorization in AD, you need to change the DisableRogueDetection registry parameter:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters" -Name DisableRogueDetection -Value 1 -ForceHowever, you are unable to connect to the DHCP Server after installing the DHCP role and performing the post-installation PowerShell settings. An alert message appears in the Server Manager interface, stating that a post-installation configuration is necessary, despite the fact that it has already been completed. In this instance, even a server reboot will not be enough to remove the alert.
You must change the ConfigurationState registry value to eliminate the warning notice and alert Server Manager that the post-install DHCP configuration is complete. To show that the actual DHCP server role has already been configured, use the PowerShell command:
However, you are unable to connect to the DHCP Server after installing the DHCP role and performing the post-installation PowerShell settings. An alert message appears in the Server Manager interface, stating that a post-installation configuration is necessary, despite the fact that it has already been completed. In this instance, even a server reboot will not be enough to remove the alert.
Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftServerManager\Roles12 –Name ConfigurationState –Value 2After that, you need to restart the DHCP service:
Restart-Service -Name DHCPServer -ForceMoving DHCP Server from Windows Server 2008/R2/2012 to 2016/2019
In Windows Server 2012 special PowerShell cmdlets have been added, allowing you to import/export any DHCP server settings. Note that Microsoft simplified the procedure as much as possible, and we will need to execute only two PowerShell commands: Export-DhcpServer and Import-Dhcpserver, which can work remotely. All commands can be executed on one machine (the one to which the server migrates).
Create the folder C:\DHCP (new-item C:\DHCP -type directory) and run the command to export the configuration of the old DHCP server to the XML file named OldDHCPConf.xml.
Export-DhcpServer -ComputerName "oldDhcp.contoso.com" -Leases -File "C:\DHCP\OldDHCPConf.xml" –Verbose
Now you can perform a full import of the DHCP configuration on the new server:
Import-DhcpServer -Leases –File "C:\DHCP\OldDHCPConf.xml" -BackupPath "C:\DHCP\Backup" –Verbose
Everything is ready. Run the DHCP console and check that all the DHCP scopes, reservations, and IP leases are in place.
After the migration of the DHCP server completed, do not forget to reconfigure the DHCP Relay (IP Helper) agents on the routing network devices. Reconfigure them to the IP address of the new DHCP server.
DHCP Server Migration from Windows Server 2003 to 2016/2019
You must utilise a different migration approach if you are utilising a legacy DHCP server on Windows Server 2003/R2. This is because the PowerShell cmdlets for exporting DHCP settings that are available in newer versions of Windows Server do not work with Windows Server 2003.
Open the command prompt on the Windows Server 2003 computer. To export DHCP server settings to a binary file, run the following command:
netsh dhcp server export C:\ps\dhcp2003_config.dat allNow copy the dhcp2003_config.dat file to the new DHCP Server running Windows Server 2016/2019 and import the configurations from a local file or over the network (using a UNC path):
netsh dhcp server import \\winsrv2003dhcp\c$\ps\dhcp2003_config.dat allMigrating DHCP Failover Configuration
If you’re using a DHCP failover or load balancing DHCP setup, you simply need to import the server configuration on the second Windows Server after importing the DHCP settings on the first server:
Import-DhcpServer -Leases –File "C:\DHCP\OldDHCPConf.xml" -ServerConfigOnly -BackupPath "C:\DHCP\Backup" –VerboseAfter that, you need to perform the standard DHCP Failover configuration.
Remove the Old DHCP Server
Now you need to disable the DHCP service on the old server:
Stop-Service DHCPserver
Set-Service -Name DHCPServer -StartupType "Disabled"And unauthorize the old DHCP server from Active Directory using the DHCP console (Right click on the DHCP server name > Unauthorize)
Or unauthorize your old DHCP Server in AD, using the following PowerShell command:
Remove-DhcpServerInDC -DnsName "oldDhcp.contoso.com” -IPAddress 192.168.10.36Then uninstall the DHCP Server Role:
Uninstall-windowsfeature dhcp -remove
Uninstall-WindowsFeature RSAT-DHCPAnd reboot the server:
Restart-Computer -Force