How to Migrate DHCP Server to Windows Server 2016/2019?

Migrating the DHCP service from the old server to the new Windows Server 2016/2019 with the saving of all the settings of the old server is quite easy. If the old DHCP server is running Windows Server 2008/R2 or Windows Server 2012/R2, you can directly transfer DHCP settings, zones, and reservations.

Deploying DHCP Server Role on Windows Server 2016/2019

First of all, you need to install the DHCP Server role on a new server which is running Windows Server 2016/2019. You can install the DHCP Server role using the Server Manager console, where you need to run the Add Roles Wizard in the Manage > Add Roles and Features menu and select the DHCP Server.

But it’s much easier to install the DHCP role and role management tools from RSAT (the DHCP MMC console and PowerShell module to interact with DHCP server) using PoSh. Run the PowerShell console as Administrator and run the following command:

Add-WindowsFeature -IncludeManagementTools DHCP

The -IncludeManagementTools parameter must be specified to install the DHCP server management console. By default, the Add-WindowsFeature cmdlet installs the DHCP server role without the appropriate console.

Next, you need to create local DHCP security groups (DHCP Administrators and DHCP Users):

Add-DhcpServerSecurityGroup

Note. These security groups are used to manage the local DHCP server:

  • DHCP Administrators — these are users with full permissions on the DHCP server (they can change any settings), but without local admin permissions on Windows Server;
  • DHCP Users — users with the rights to view DHCP server settings and statistics (including the DHCP Leases info).
READ ALSO  How to Configure, View and Change IIS Log Location on Windows Server 2016?

To enable DHCP security settings associated with the local security groups created, restart the DHCP Server service:

Restart-Service DHCPServer

Authorize DHCP Server in Active Directory

Next, you need to authorize the new DHCP server in the Active Directory domain. Authorization in Active Directory is performed under an account with Enterprise Admins permissions and is needed to prevent rogue DHCP servers from working on the network.

The list of authorized DHCP servers in the AD domain can be displayed as follows:

Get-DhcpServerInDC

In order to authorize the new DHCP server in the Active Directory domain:

Add-DhcpServerInDC host1.contoso.com 192.168.10.35

migrate dhcp from 2008 to 2016

If you want to start a DHCP server without authorization in AD, you need to change the DisableRogueDetection registry parameter:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters" -Name DisableRogueDetection -Value 1 -Force

However, after the DHCP role is installed and the post-installation settings with PowerShell are performed, you can’t connect to the DHCP Server. You can see an alert message in the Server Manager console: a post-installation configuration is required, even though it has actually already been performed. In this case, even the server reboot won’t help to make this alert disappear.

migrate dhcp from 2012 to 2016

To remove this warning message and notify Server Manager that post-install DHCP configuration is complete, you need to modify the ConfigurationState registry parameter. Use the following PowerShell command to indicate that the actual DHCP server role has already been configured:

Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftServerManager\Roles12 –Name ConfigurationState –Value 2

After that, you need to restart the DHCP service:

Restart-Service -Name DHCPServer -Force

Moving DHCP Server from Windows Server 2008/R2/2012 to 2016/2019

In Windows Server 2012 special PowerShell cmdlets have been added, allowing you to import/export any DHCP server settings. Note that Microsoft simplified the procedure as much as possible, and we will need to execute only two PowerShell commands: Export-DhcpServer and Import-Dhcpserver, which can work remotely. All commands can be executed on one machine (the one to which the server migrates).

READ ALSO  Active Directory Migration to Windows Server 2016

Create the folder C:\DHCP (new-item C:\DHCP -type directory) and run the command to export the configuration of the old DHCP server to the XML file named OldDHCPConf.xml.

Export-DhcpServer -ComputerName "oldDhcp.contoso.com" -Leases -File "C:\DHCP\OldDHCPConf.xml" –Verbose

migrate dhcp powershell

Now you can perform a full import of the DHCP configuration on the new server:

Import-DhcpServer -Leases –File "C:\DHCP\OldDHCPConf.xml" -BackupPath "C:\DHCP\Backup" –Verbose

Everything is ready. Run the DHCP console and check that all the DHCP scopes, reservations, and IP leases are in place.

migrate dhcp server 2012 to 2016

After the migration of the DHCP server completed, do not forget to reconfigure the DHCP Relay (IP Helper) agents on the routing network devices. Reconfigure them to the IP address of the new DHCP server.

DHCP Server Migration from Windows Server 2003 to 2016/2019

If you are using a legacy DHCP server on Windows Server 2003/R2, you need to use a different migration method. This is because Windows Server 2003 does not support the PowerShell cmdlets for exporting DHCP settings that are available in newer versions of Windows Server.

Log in to the Windows Server 2003 and open the command prompt. Run the following command in order to export DHCP server configuration to a binary file:

netsh dhcp server export C:\ps\dhcp2003_config.dat all

Now copy the dhcp2003_config.dat file to the new DHCP Server running Windows Server 2016/2019 and import the configurations from a local file or over the network (using a UNC path):

netsh dhcp server import \\winsrv2003dhcp\c$\ps\dhcp2003_config.dat all

Migrating DHCP Failover Configuration

If you are using a DHCP failover or load balancing DHCP configuration, after importing the DHCP settings on the first server, you only need to import only the server configuration on the second Windows Server:

Import-DhcpServer -Leases –File "C:\DHCP\OldDHCPConf.xml" -ServerConfigOnly  -BackupPath "C:\DHCP\Backup" –Verbose

After that, you need to perform the standard DHCP Failover configuration.

READ ALSO  How to Choose Server for Small Business?

Remove the Old DHCP Server

Now you need to disable the DHCP service on the old server:

Stop-Service DHCPserver

Set-Service -Name DHCPServer -StartupType "Disabled"

And unauthorize the old DHCP server from Active Directory using the DHCP console (Right click on the DHCP server name > Unauthorize)

migrate dhcp server to windows server 2016

Or unauthorize your old DHCP Server in AD, using the following PowerShell command:

Remove-DhcpServerInDC -DnsName "oldDhcp.contoso.com” -IPAddress 192.168.10.36

Then uninstall the DHCP Server Role:

Uninstall-windowsfeature dhcp -remove 
Uninstall-WindowsFeature RSAT-DHCP

And reboot the server:

Restart-Computer -Force
Cyril Kardashevsky

6 comments

  1. Hello,
    We have a situation:
    1. A dhcp1 server with about 25 scopes
    2. a dhcpc2 with about 15 scopes
    3. we need to migrate all scopes, leases and reservations from dhcp1 to dhcp2
    4. We want to merge, so we will have all 40 scopes on dhcp2
    5. dhcp1 will be decommissioned as a dhcp server

    Any suggestions?

    1. You’ll need a 3rd DHCP server so move scope 1 and 2 on to dhcp server 3 which will inherit all scopes and be the new primary dhcp server.

      this ensure that any mistakes made will not effect live dhcp servers and you can use them in the event something goes wrong and redo dhcp server 3.

      if you mess up your scope on server 1 and 2 you have no failsafe so it better to migrate both on a new dhcp server and verify before going live and if there are issues turn on both 1,2 respectively.

      if all is well then shutdown scope 1 and 2 and the newly created server 3 will manage all scopes. this way you can verify all scope are on DHCP3 and use that from now on.

  2. Hello
    i tried your DHCP Failover solution and it failed

    I have a failover dhcp server setup and when i use the failover cmd it fails with the message below! and suggestions?

    Import-DhcpServer : Leases cannot be specified when ServerConfigOnly is specified.
    At line:1 char:1
    + Import-DhcpServer -Leases –File “C:\DHCP\OldDHCPConf.xml” -Serv
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Import-DhcpSe
    + FullyQualifiedErrorId : InvalidArgument,Import-DhcpServer

  3. You don’t mention de-authorising or stopping DHCP server service on the old server? What is your recommendation for that? I have done this in a lab environment and having two DHCP servers authorised and started on the same subnet has always been a no-no?

    Also, I am running Server 2019 and the reg hack to remove the Post-deployment Config doesn’t remove the Warning for me – maybe a different reg key in 2019?

    1. I have fixed the Server Manager issue, somehow when I copied the command it did not contain \12 before -name?

      I corrected and re-ran the command and restarted server manager and it’s ok now

  4. Hello,

    On 2012R2, there is a limitation : 31 failover maximum for 1 server.
    Is this limitation the same on 2016 ?
    Thx

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.