Showing results for 
Search instead for 
Did you mean: 

DHCP and DNS without a Domain Controller

Iron II
Iron II

The question of how to handle DCHP and DNS without a domain controller comes up during migrations to cloud directories. The answer is there are alternatives, and the DHCP server role shouldn't installed be on a DC anyway.

This brings back a few harrowing memories from when I was an IT admin. We didn't have high availability set and any reboot during work hours meant that (i) people weren't happy with IT (ii) work didn't happen. We weren't about to manually assign IPs, and were sitting and waiting to see whether everything was working when it came back up (including internet). No IT person likes the feeling of being powerless to do anything as peoples' days are ruined.

Doing it the traditional way can get expensive for a smaller IT shop, because there should be two domain controllers and two DHCP servers per site. That way a simple reboot don't take down down Internet access for everyone. Let's face it, changing network settings on a DC during regular operating hours is a risky ordeal that's best avoided. The prior IT team's solution to that was simply not to update, which isn't at all advisable in today's threat environment.

For the skeptics: Microsoft recommends, "not to install the DHCP Server role on domain controllers, but to install the DHCP Server role on member servers instead". My department took that advice a step further and configured DHCP on our higher end firewall. We were an AD shop and still ran AD DS/DNS; however, even that isn't necessary when you're migrating from AD. Here are some great DHCP and DNS services that will get the job done for you:

  • Cloud based SaaS options such as AWS® Route 53 or Dyn®
  • Cloud based or local unmanaged options running open source DNS including Bind
  • Alternatives to DHCP are generally already present in a network. Local hardware including WiFi access points, firewall appliances or other network hardware normally have built in DHCP services.

Consult your hardware vendor or network engineer for the options available on your existing equipment.