After installing the DHCP role on Windows Server 2016 (or earlier versions), one of the first actions that will need to be completed is to authorize the server in the Active Directory infrastructure.
This action is necessary so that the DHCP Server can distribute IP addresses to Active Directory clients. Otherwise, if a DHCP Server is unauthorized, then the IP address distribution will stop.
To authorize or unauthorize a DHCP Server, you must use a user account that is a member of the Enterprise Admins security group or an account with delegated permissions for that domain.
If you install the DHCP role on a Domain Controller, then the server is automatically authorized. If you install it on a member server, you will need to manually perform the authorization process using one of the following methods.
Authorize DHCP Server using the GUI
In an open DHCP administration console, right-click the server name and then select Authorize.
Wait a few seconds, and after refreshing the list, you can confirm that the DHCP Server is now authorized when you’ll see the green icon that will appear in each scope.
Accordingly, to unauthorize a DHCP Server, right-click the server and then click Unauthorize.
Authorize DHCP Server using Netsh
Open the command line with administrator permissions and type the following command to authorize the DHCP Server.
netsh dhcp add server <server name> <ip address>
For example, for a server named DHCP01 and IP address 10.10.10.50, the command will be something like this.
netsh dhcp add server DHCP01.contoso.com 10.10.10.50
Accordingly, to unauthorize a DHCP Server, use the following command.
netsh dhcp delete server <server name> <ip address>
netsh dhcp delete server DHCP01.contoso.com 10.10.10.50
To confirm that your action has been successful and to see the authorized DHCP Servers in the Active Directory infrastructure, use the following command.
netsh dhcp show server
Authorize DHCP Server using PowerShell
First, to see the list of all authorized DHCP Servers in Active Directory, use the following command.
To authorize a DHCP Server, use the command below and replace the corresponding parameters with your own.
Add-DhcpServerInDC -DnsName "dhcp01.contoso.com" -IPAddress 10.10.10.50
To unauthorize a DHCP Server, use the following command and replace the corresponding parameters with your own.
Remove-DhcpServerInDC -DnsName "dhcp01.contoso.com -IPAddress 10.10.10.50