Migrating DHCP from SBS to Windows Server 2016

Back to Blog
30Jun2016

Migrating DHCP from SBS to Windows Server 2016

If you have a small network without much complexity (e.g. single subnet, a firewall, a few devices), you might consider having DHCP handled by the firewall rather than your new Windows Server–in that case, see Option 1 below. Otherwise, if would rather continue managing DHCP from Windows Server, then you can just follow the steps for Option 2.

Microsoft is starting to recommend Option 1 for most small business networks. The goal, I believe, is to further de-emphasize the role of Windows Server in the small to midsize business, as more services move to the cloud. For very small networks, I agree with this approach. However, I typically use Option 2 in practice. This is because I tend to work with larger or “mid-size” networks, where Windows Server has a stronger presence and we may be dealing with multiple subnets and routers.

Option 1: Move DHCP Services to your Firewall/Router

This option assumes you have little or no special DHCP settings or server/scope options to bring over. If you do, you might want to consider using Option 2, instead. Otherwise, begin by deactivating the DHCP scope on the source server.

Step 1. Deactivate the scope

Open the DHCP console on the source server, right-click on the scope and choose Deactivate. Note: new IP addresses will not be handed out until you activate the service on your firewall.

dhcp-deactivate

Step 2. Activate DHCP on your router/firewall

Every vendor is a little bit different. I recommend WatchGuard firewalls to all my clients, so that is what I am going to show here, but you can also just refer to the support / documentation for your own vendor–Cisco, Sonicwall or whomever.

Typically, you will find DHCP somewhere under the “Network” area in your firewall’s settings.

dhcp-firewall

You may also have to configure the actual Ethernet interface that connects to your LAN (referred to as the “Trusted” interface in WatchGuard).

dhcp-interface

In this case, we would just select Use DHCP Server to enable the services. Make sure to exclude any statically set IP addresses from this range, such as your server, printers, or anything else that might be set with a static address (my range starts at .50 in this example, to leave room for statically configured devices).

We need to specify the DNS servers for this network–so do not skip that setting! Note: we also have a place to add Reservations (if applicable) and DHCP Options, as well–in case you have a phone system that requires them, for example. Refer to your source server’s configuration and try to get all these settings to match.

Finally, do not forget to save your configuration. Many vendors allow you to manipulate settings in memory, but they won’t actually go live, or be made permanent, until you save the changes.

dhcp-savefw

Step 3. Unauthorize the server

Once you are successful with the above steps, you can permanently disable the legacy DHCP service by right-clicking on the server in the DHCP console and choosing Unauthorize.

dhcp-unauthorize

Last, you should verify things are working by having client computers & devices reboot to obtain a new IP address lease from the firewall. In this example, we can see from running ipconfig /all that the default gateway (the firewall) and the DHCP server are the same.

dhcp-verify

Option 2: Move DHCP Services to your new Windows Server

This can be accomplished in the GUI or in PowerShell. I will share both methods here.

Step 1. Prepare the destination server

You will want to add the DHCP role to your destination server. From PowerShell (as Administrator):

Install-WindowsFeature DHCP -IncludeManagementTools

You can do this from Server Manager also: Dashboard > Add roles and features.

dhcp-addgui

Check tasks in Server Manager, as you will need to click Complete DHCP configuration. Just step through the wizard and click Commit.

complete-dhcp

Set the credentials for DNS dynamic updates from the DHCP console, right-click IPv4 > Properties > Advanced tab > Credentials…

Step 2. Backup settings from the source server

This is a classic export/import scenario. To back up the DHCP settings on the source server, open the DHCP console, right click on the server and choose Backup…, and select a location to save the file.

dhcp-backup

Copy the contents of the backup folder to the local path on the destination server: \\DestinationServer\C$\Windows\System32\dhcp\backup

Step 3. Disable the DHCP scope on the source server

Now right-click on the scope and choose Deactivate. If you have more than one scope, do it for each scope on the server. During this time, new IP addresses will not be distributed, until you complete the import procedure on the destination server in the next step.

dhcp-deactivate

Step 4. Restore settings on the destination server

Now, from the DHCP console, you can right-click the server, choose Restore…, and select the backup folder to import the settings.

dhcp-restore

Your DHCP service will stop and restart, and that should complete the migration–new IP addresses will be handed out by the destination server from here forward. You can verify this from any client computer with a reboot and checking ipconfig /all to see if the DHCP Server lists the new server’s IP address.

Step 5. Unauthorize the source server

Finally, you can unauthorize the source server, which will permanently disable it from being an active DHCP server on the domain. From the DHCP console, right-click on the source server, select Unauthorize.

dhcp-unauthorize

Option 2 (b): Move DHCP Services… with PowerShell!

Probably even easier, if the source environment is at least Windows Server 2008. Assuming you already prepared the role as per step 1 above, you can simply export and import DHCP settings right from PowerShell on the destination server. Edit the variables at the beginning of this script to suit your environment:

$SourceServer= “SourceName.domain.local”
$SourceIP= “192.168.0.4”
$DestinationServer= “DestinationName.domain.local”
$DestinationIP= “192.168.0.5”
New-Item -ItemType Directory -Path C:\DhcpBackup
Get-DhcpServerv4Scope -ComputerName $SourceServer | Set-DhcpServerv4Scope -ComputerName $SourceServer -State InActive
Export-DhcpServer -File C:\DhcpBackup\dhcp.xml -ComputerName $SourceServer -Force -Leases
Import-DhcpServer -File C:\DhcpBackup\dhcp.xml -ComputerName $DestinationServer -BackupPath C:\DhcpBackup -Force -Leases
Set-DhcpServerv4OptionValue -OptionId 6 -Value $DestinationIP -ComputerName $DestinationServer
Get-DhcpServerv4Scope -ComputerName $DestinationServer | Set-DhcpServerv4Scope -ComputerName $DestinationServer -State Active
Add-DhcpServerInDC -DnsName $DestinationServer -IPAddress $DestinationIP
Remove-DhcpServerInDC -DnsName $SourceServer -IPAddress $SourceIP

I bet you can guess which method I prefer.

Technical , , , 0 Comments
Share:

Leave a Reply

Back to Blog

Related Posts

06Jun

How to perform a Cutover Migration to Office 365

My preferred method for migrating Email to Office 365 is to use the Remote Move (aka "Hybrid") method. If you are coming from SBS 2011 or Exchange 2010, then definitely go that route. If you are coming from older versions such as SBS 2008 or Exchange... read more
29Oct

Windows Server 2019, Windows Server Essentials 2019, Office 2019 and other 2019 Microsoft products for the SMB

So the 2019 lineup of products are basically all here now--Office 2019, Windows Server 2019, Exchange Server 2019, etc.  Now with regard to the SMB space, I would usually be recommending that most organizations, especially very small sized business of 25 users or less, be... read more
Cross-Tenant Access Restrictions
04Jan

Understanding Cross-Tenant Access Settings: Inbound & Outbound Settings Vs. Tenant Restrictions

Before we dive headfirst into the Cross-Tenant Access Settings including the new Tenant Restrictions, let us just quickly review one other area in the Microsoft Entra portal that deals with External collaboration. Based on some recent questions received, I think folks often get these all... read more
16Aug

How to configure anti-spam with end-user digest for Office 365 Exchange Online

Office 365 Exchange Online plans all include Exchange Online Protection (EOP) by default. And by default, the spam filter settings leave something to be desired. You can modify these settings from Exchange Admin Center. Today I will share the recommended "minimum" adjustments which I typically... read more
22Feb

Azure Virtual Machines: Were you aware of the MAJOR caveat to their SLA?

I think this is important to many Azure customers, but very few seem to be aware of it.  So, I decided to record this caveat into a blog post, for future ease of reference. Most people think of the cloud as a great way to provide up-time to... read more
18Apr

How to migrate company file shares and mapped drives to Office 365 using the SharePoint Migration Tool

I debated on writing about this tool for a long time. Because here's the thing: most file servers in production today are just huge garbage piles, built out of years of half-completed thoughts and haphazard document collaboration. Therefore, before we get into it, I first... read more
08Aug

Teams, SharePoint and OneDrive best practices? More like considerations… Part 1: External sharing and communication

This article is part of a series. Also see Part 2, Part 3. Ever since I released the Office 365 Email Security Checklist, I have had a lot of people asking me for similar best practices checklists related to the "other" Office 365 services--especially Teams, SharePoint... read more
Alternatives to SharePoint and OneDrive
01Sep

Alternatives to OneDrive and SharePoint (and when to consider them)

One of the things I often get asked about is how to deal with various limitations in OneDrive and SharePoint Online. For those who don’t know, SharePoint Online is the file storage & sharing solution underpinning the Microsoft 365 universe of applications, including the popular... read more
26Nov

Summary post: How to migrate from SBS to Office 365 & Server 2016

I had a series of posts on the topic of migrating from SBS to Office 365 and Windows Server a while back, and I've been getting a number of requests for a "summary" post with links to all the articles. I get a few people... read more
24Jun

A framework for implementing Device configuration profiles with Microsoft Intune

Last time we looked at the proper methodology for rolling out Device-based Conditional access in conjunction with Compliance policies. In that article, we observed that the workflow is very linear and logical, flowing from one step to the next, and ending in Conditional access, like... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me