DHCP on domain controller or member server

We have a W2K-domain with 3 DC (singel-domain) , DNS is AD-integrated and in
secure mode.
We are going to install DHCP on 2 of the 3 DC:s.
For 2 years ago (in W2K-book) a read something about not installing DHCP on
DC:s, something about ownership of records and about the group DNSProxy.
This summer a read a book about DHCP with Windows 2003 and is says that I
should not install DHCP on DC:s.

Can anybody gives me more info or any tips.

Regards Mikael

Hi Mikael,

One of rare services that I allow to be installed on DCs is DHCP (along with
DNS, ...) and till now I didn't have any problems. It is also configuration
supported by Microsoft.

The only thing to watch out for when setting up DHCP is after you install
first DHCP on first DC allow enough time for data to be replicated through
the AD before you install next DHCP.

Corrupted Security Groups Are Created When You Install DHCP or WINS on
Multiple Domain Controllers
http://support.microsoft.com/default...uct=winsvr2003

Again, this is just my experience. I hope it helps,

Mike

"Oskarsson Mikael" <mo-(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We have a W2K-domain with 3 DC (singel-domain) , DNS is AD-integrated and
in
> secure mode.
> We are going to install DHCP on 2 of the 3 DC:s.
> For 2 years ago (in W2K-book) a read something about not installing DHCP
on
> DC:s, something about ownership of records and about the group DNSProxy.
> This summer a read a book about DHCP with Windows 2003 and is says that I
> should not install DHCP on DC:s.
>
> Can anybody gives me more info or any tips.
>
> Regards Mikael
>
>
>

Oskarsson Mikael wrote:
> We have a W2K-domain with 3 DC (singel-domain) , DNS is AD-integrated
> and in secure mode.
> We are going to install DHCP on 2 of the 3 DC:s.
> For 2 years ago (in W2K-book) a read something about not installing
> DHCP on DC:s, something about ownership of records and about the
> group DNSProxy. This summer a read a book about DHCP with Windows
> 2003 and is says that I should not install DHCP on DC:s.
>
> Can anybody gives me more info or any tips.

To follow on from Miha's points, I too use DHCP running on DCs without a
problem.

Quite often, a book will talk about a possibility of a problem, or a
theoretical lapse in security from a certain scenario. Now the book can be
perfectly accurate in what it says, but it may be that many "real life"
networks are not worried about the problem mentioned or don't need that
level of security (security is very important to me, and a big part of my
job, but I am not securing the secrets of the NSA, CIA, MI5 or the Bank of
England).

More likely, the cost of preventing something vs. the likelyhood of it
happening vs. trying to make your budget stretch to do all you want dictate
that you shrug your shoulders and ignore what books say sometimes. You have
to be pragmatic about these things.

Regards
Rob Moir [ms mvp]