Authorizing a DHCP server in Active Directory means:
“This DHCP server is approved by the domain to give IP addresses to clients.”
In a Windows AD domain, a domain-joined DHCP server must be authorized before it can start leasing IP addresses. Microsoft’s Add-DhcpServerInDC cmdlet adds the DHCP server to the list of authorized DHCP servers in Active Directory. (Microsoft Learn)
What do we achieve?
You achieve control and safety.
Without authorization, any domain-joined Windows Server with DHCP installed could accidentally or wrongly start giving IP addresses to computers.
With authorization, Active Directory keeps a list of approved DHCP servers. Only approved DHCP servers should lease IP addresses in the domain.
Why is this helpful in real life?
Imagine a college or company network.
The real DHCP server should give clients correct settings like:
IP address: 192.168.10.50
Subnet mask: 255.255.255.0
Default gateway: 192.168.10.1
DNS server: 192.168.10.10
DNS domain: college.local
But if someone accidentally enables another DHCP server, clients may receive wrong settings like:
IP address: 192.168.99.50
Default gateway: wrong router
DNS server: wrong DNS server
Then users may lose access to:
Internet
shared drives
printers
domain login
internal websites
Active Directory services
Microsoft describes DHCP authorization as a Windows Server DHCP feature that helps prevent unauthorized DHCP servers from providing IP addresses to clients. (Microsoft Learn)
Real-life example
A technician installs DHCP on a test server inside a company domain.
Without authorization control:
Test DHCP server starts giving addresses
Some client computers get wrong IP settings
Users cannot access network resources
Help desk receives many tickets
With AD authorization:
Test DHCP server is not authorized
It should not lease addresses in the domain
Production DHCP server remains the trusted source
Simple explanation
DHCP authorization protects an Active Directory network from rogue or accidental DHCP servers. It ensures that only approved DHCP servers can lease IP addresses to clients.
Lab explanation
this step teaches a real enterprise practice:
Add-DhcpServerInDC -DnsName "DC01.powershell.local" -IPAddress "192.168.55.10"
Get-DhcpServerInDC
This proves that the DHCP server is trusted by Active Directory before students test DHCP leases.
Ref: AI Tools, ChatGPT
