Friday, December 30, 2005

Finding and Removing an old DHCP server in/from AD

My home network has been running in its most recent form for around two years now. As you can imagine, in that time it has seen a large number of changes, with hardware dieing and virtual server coming and going.

There is therefore rather a lot of old data knocking around in AD!

One particular problem I have found recently, was when I looked at the list of authorised DHCP servers in the DHCP MMC snap-in. It shows an old server "DC2" which is long since dead.

However, when looking in AD, under the "CN=NetServices,CN=Services,CN=Configuration,(cont)
DC=gaots,DC=co,DC=uk" branch, there was no mention of DC2. This was strange!!

To confirm the entry, I tried the command:

netsh dhcp show server

This also showed the old server.

To track down the offending entry, I began by posting on the Mark Minasi fourms. Here is a link to the post:

This lead me down the route of using LDP.exe to search the directory. Personally, I found this rather tricky and something which would require a little more study of LDAP syntax! Some articles to get you started are at:

Anyhow, I started thinking of another way to search. In the end I used LDIFDE to export the configuration partition of AD. The command I used was as follows:

ldifde -f c:\out2ad.ldf -d CN=Configuration,DC=Gaots,DC=co,DC=uk

This output all 4741 entries in the partition to the out2ad.ldf file on the C:.

Next I opened the file in Notepad and used the search funtion to search for "DC2".

This turned up the following object:

dn: CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=gaots,DC=co,DC=uk
DhcpRootdistinguishedName: CN=DhcpRoot,CN=NetServices,CN=Services,CN=Configuration,DC=gaots,DC=co,DC=uk
instanceType: 4
whenCreated: 20030118180051.0Z
whenChanged: 20050604125912.0Z
uSNCreated: 8226
uSNChanged: 8226
showInAdvancedViewOnly: TRUE
name: DhcpRootobject
GUID: byMqK1mKH02svsUyn66oTw==dhcp
0dhcpFlags: 0dhcp
Identification: This is a server
dhcpServers: i192.168.1.11$$f0x00000000$$
objectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=gaots,DC=co,DC=uk

So, it turns out that the entry is under the DHCPRoot object. Having discovered this, I had to decide what to do next.

Obviously I want to get rid of the DC2 entry but how? First, I compared the DHCPRoot object with one in another domain. I found that it had one extra attribute: dhcpServers:

Having discovered this, I then opened ADSIEdit.msc and navigated to the DHCPRoot object. I cleared the attribute "dhcpServers" so that it showed as "Not Set" as on the test network I used to check as mentioned above.

I then closed down all the utilities I had open and opened up the DHCP MMC snap-in. On checking the Authorised servers list I found that the DC2 entry had gone!

Hope this helps someone. It was certainly interesting tracking it down and has pointed out to me that I need to spend a little time looking at LDP.exe and LDAP queries!




At 1:44 am, Anonymous Anonymous said...

Thanks i needed to fix this also


Post a Comment

Links to this post:

Create a Link

<< Home