IST 164 Chapter 6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Export-DhcpServer

Windows PowerShell cmdlet to export DHCP data

Import-DhcpServer

Windows PowerShell cmdlet to import DHCP data

What must you do before a Windows Server 2016 DHCP server can begin leasing IP addresses?

You must authorize a Windows Server 2016 DHCP server in AD DS before it can begin leasing IP addresses.

What type of account must be used to authorize a DHCP server?

You must use an Enterprise Administrator account to authorize the DHCP server.

Where should you not install a DHCP server?

You should not install a DHCP server on an application server, Exchange, or SQL Server.

Why should server names be protected?

You should protect the names that DHCP registers in DNS on behalf of other computers or systems from being overwritten by non-Windows operating systems that use the same names.

standalone DHCP server

a Windows Server 2016 DHCP server without domain membership

Superscope

a collection of individual scopes that are grouped for administrative purposes

DHCP relay agent

a computer or router that listens for DHCP broadcasts from DHCP clients and then relays them to DHCP servers in different subnets

Role-based access control (RBAC)

a method of regulating access to computer or network resources based on the roles of individual users within an enterprise

How is a superscope created?

a superscope can be created only if there are two or more IP scopes already created

DHCPOFFER

contains a potential IP for the client.

DHCPREQUEST

contains a server identifier informing the DHCP servers receiving the broadcast that the client has chosen to accept that server's DHCPOFFER

DHCP DNS Dynamic Update Event Code: 31

DNS dynamic update failed

DHCP DNS Dynamic Update Event Code: 30

DNS dynamic update request

DHCP DNS Dynamic Update Event Code: 32

DNS dynamic update successful

Remove-DhcpServerv4Scope

Deletes the specified IPv4 scopes from the DHCP Server service

IPv6 DHCP Scope Option Code 00024

Domain Search List; Specifies the domain search list the client should use when resolving hostnames with DNS.

DHCP security options

Limit physical access to the network. Enable DHCP auditing to track DHCP usage. Use DHCP name protection to prevent attacks

J50.chk

J50.chk is a checkpoint file used in truncating the transaction log for the DHCP server

default DHCP lease renewal process

1.The DHCP client sends a DHCPREQUEST packet. 2.The DHCP server sends a DHCPACK packet. 3.If the client fails to renew its lease after 50 percent of the lease duration has expired, the DHCP lease renewal process begins again after 87.5 percent of the lease duration has expired. 4. If the client fails to renew its lease after 87.5 percent of the lease has expired, the DHCP lease generation process starts over again, with a DHCP client broadcasting a DHCPDISCOVER

4-step lease-generation process to assign an IP address to clients

1.The client broadcasts a DHCPDISCOVER packet to every computer in the subnet. The DHCP server or the devices/routers that run a DHCP relay agent respond. In the latter case, the DHCP relay agent forwards the message to the DHCP server for which it is configured to relay requests. 2.DHCP server responds with a DHCPOFFER packet, which contains a potential IP for the client. 3.The client receives the DHCPOFFER packet. It might receive packets from multiple servers. If it does, it usually selects the server that made the fastest response to its DHCPDISCOVER, which normally is the closest DHCP server. The client broadcasts a DHCPREQUEST that contains a server identifier informing the DHCP servers receiving the broadcast that the client has chosen to accept that server's DHCPOFFER. 4.The DHCP servers receive the DHCPREQUEST. DHCP servers that the client has not accepted use this message as notification that the client has declined that server's offer. The chosen DHCP server stores the IP address client information in the DHCP database (dhcp.mdb) and responds with a DHCPACK message. If the DHCP server cannot provide the IP that was offered in the initial DHCPOFFER, the DHCP server sends a DHCPNAK message.

Add-DhcpServerv4Scope

Adds an IPv4 scope on the DHCP Server service

DHCP IPv4 superscope

Aggregation of two or more IPv4 scopes; example 10.10.0.0/16 and 172.16.0.0/

What server can DHCP server not be installed on?

A DHCP server cannot be installed on a Windows Server 2016 Nano Server: no Nano Server package is available for a DHCP server.

DHCP authorization

A DHCP server must be authorized in Active Directory before it can be used. It must be verified as an authorized DHCP server before it can service clients with IP address configurations.

What configurations does Windows Server 2016 DHCP server support?

A Windows Server 2016 DHCP server also supports DHCP version 6 (v6) stateful and stateless configurations for clients in an IPv6 environment

How does a non-DHCP client configure IP addresses?

A non-DHCP client has a manual locally configured IP address.

add a DHCP IPv4 option 60 for a DHCP server named DHCP1 with PowerShell

Add-DhcpServerv4OptionDefinition -ComputerName DHCP1 -Name PXEClient -Description "PXE Support" -OptionId 060 -Type String

Class level

Assigns a class-level option to all clients that identify themselves as members of a class. Class options override both scope and server options.

Reserved client level

Assigns a reservation-level option to one DHCP client. Reserved client options apply to devices that have a DHCP reservation.

Scope level

Assigns a scope-level option to all clients of a scope. Scope options override server options.

Server level

Assigns a server-level option to all DHCP clients of the DHCP server.

DHCP Auditing

Audit Logging should be enabled on all DHCP servers, this gives a historical view of activity and enabled you to trace when an unauthorized user obtained an IP address in the network

DHCP Server Log Event Code: 20

Bootstrap Protocol (BOOTP) address leased

IPv6 DHCP Scope Option Code 00023

DNS Recursive Name Server IPv6 Address; Identifies the DNS server used for DNS queries. If an organization has more than one DNS server, the server with the highest preference is used.

DHCP Name Protection

DHCP Name Protection is a DHCP server setting that protects against name squatting attacks using a resource record known as a Dynamic Host Configuration Identifier (DHCID) to track which machines originally requested which names..

How does DHCP allocate addresses?

DHCP allocates IP addresses on a dynamic basis, otherwise known as a lease. Although you can set the lease duration from a few minutes to unlimited, you typically want to set the duration for only a few hours or days

Limited Network Access

DHCP by itself is designed to work before the necessary information is in place for a client computer to authenticate with a domain controller. Administrators need to take precautions to prevent unauthorized computers from obtaining a lease with DHCP.

DHCP lease

DHCP clients can use the assigned IP address for a certain period. You can set the lease time to optimize your overall IP address scheme. Clients normally renew their lease automatically after 50 percent of the lease period has passed. As long as IP addresses are available, DHCP continues to provide the renewals.

What is DHCP initiation traffic?

DHCP initiation traffic is the broadcast network traffic

PXE with a DHCP Server deployed has the following options

DHCP options 60 (PXE Client), 66 (Boot Server Host Name), and 67 (Bootfile Name)

T or F: It is a collection of multicast addresses from the class B IP address range of 224.0.0.0 to 239.255.255.255

False; It is a collection of multicast addresses from the class D IP address range of 224.0.0.0 to 239.255.255.255.

T or F: It is a computer or router that listens for DHCP broadcasts from DHCP clients and then relays them to DHCP servers in same subnets.

False; It is a computer or router that listens for DHCP broadcasts from DHCP clients and then relays them to DHCP servers in different subnets.

T or F: It relays any DHCP broadcast packets to multicast packets.

False; It relays any DHCP broadcast packets to unicast packets.

T or F: Multicast addresses are used when applications need to communicate with less clients efficiently and simultaneously.

False; Multicast addresses are used when applications need to communicate with numerous clients efficiently and simultaneously.

Get-DhcpServerv4ScopeStatistics

Gets the IPv4 scope statistics that correspond to the IPv4 scope identifiers specified for a DHCP Server service

J50.log and J50res#####.jrs

J50.log and J50res#####.jrs are logs of all database transactions. The DHCP database uses these logs to recover data when necessary.

DHCP Server Log Event Code: 15

Lease denied

DHCP Server Log Event Code: 13

IP address found in use

DHCP IPv4 multicast scope

IPv4 range of IP addresses starting with 224; example 224.0.0.0/8

DHCP IPv4 Scope

IPv4 range of IP addresses; example 10.10.0.0/16

DHCP IPv6 scope

IPv6 range of IP addresses; example 2001:..../64

Reservation

If you want a computer or device to obtain a specific address from the scope range, you can reserve that address to be assigned permanently to the device in DHCP. Reservations are useful for tracking IP addresses assigned to devices such as printers.

DHCP Server Log Event Code: 14

Lease request could not be satisfied

What does the dynamic database contain?

It contains the data file that stores both the DHCP configuration information and the lease data for clients that have leased an IP address from the DHCP server.

What happens when a client receives a DHCPOFFER packet?

It might receive packets from multiple servers. If it does, it usually selects the server that made the fastest response to its DHCPDISCOVER, which normally is the closest DHCP server.

IPv6 DHCP Scope Option Code 00030

NIS + Domain Name List; Used by the server to convey the client list of NIS + Domain name information to the client.

IPv6 DHCP Scope Option Code 00028

NIS + IPv6 Address List; Lists IPv6 addresses indicating NISv2 (NIS +) servers available to the clients.

IPv6 DHCP Scope Option Code 00029

NIS Domain List; Used by the server to convey the client list of NIS domain name information to the client.

IPv6 DHCP Scope Option Code 00027

NIS IPv6 Address List; Lists IPv6 addresses indicating NIS servers available to the clients.

How you can enable DHCP server logging?

Open DHCP Manager>Select DHCP server you want to configure>Action>Properties>General>Enable DHCP Audit Logging and click OK

$AdminCred

PowerShell command variable includes DHCP Administrator credentials

Get-DhcpServerv4Scope

Returns the IPv4 scope configuration of the specified scopes

Dhcp.mdb

This is the DHCP server database file.

IPv6 DHCP Scope Option Code 00021

SIP Server Domain Name List; Specifies the domain names and Session Initiation Protocol (SIP) outbound proxy servers for the client to use.

IPv6 DHCP Scope Option Code 00022

SIP Server IPv6 Address List; Lists IPv6 addresses indicating SIP outbound proxy servers available to the client. If an organization has more than one server, the server with the highest preference is used.

IPv6 DHCP Scope Option Code 00031

SNTP Server IPv6 Address List; Provides a list of one or more IPv6 addresses of SNTP servers so that clients can perform time sync with the SNTP server.

enable DHCP name protection for a scope using PowerShell command

Set-DhcpServerv4DnsSetting -ComputerName "dhcpserver.pearson.com" -ScopeId 10.10.10.0-DynamicUpdates "OnClientRequest" -NameProtection $True

add a DHCP IPv4 option 43 for a DHCP server named DHCP1 (you have to give it the value for option 43 in hexadecimal)

Set-DhcpServerv4OptionValue -ComputerName MyDHCPServer -ScopeId "PearsonScope"-OptionId 043 -Value 0x01,0x04,0x00,0x00,0x00,0x00,0xFF

Set-DhcpServerv4Scope

Sets the properties of an existing IPv4 scope on the DHCP Server service

Split Scopes

Split scope involves two DHCP servers. In this case, each DHCP server controls a part of the entire range of IP addresses and both servers are active on the same network. For example, if your subnet is 172.16.0.0, you might assign an IP address range of 172.16.0.1 to 172.16.0.150 to DHCP server A (the primary server) and assign the range 172.16.0.151 to 172.16.0.254 to DHCP server B (a secondary DHCP).

Steps to move a DHCP database

Step 1. Back up the DHCP database on the old server. Step 2. Stop the old DHCP Server service. Step 3. Copy the DHCP database to the new server and, if necessary, install the DHCP server role. Step 4. Restore the database. Step 5. Start the DHCP Server service

enable DHCP Name Protection for an individual scope

Step 1. Expand IPv4 or IPv6, right-click the scope, and open the Property page. Step 2. Click DNS and Advanced, and then click the Enable Name Protection check box.

Steps to migrate a DHCP server

Step 1. Install the DHCP server role on the computer that will be the new DHCP server. Step 2. Stop the DHCP service on the current DHCP server. Step 3. Export the DHCP data from the current server. Step 4. Copy the DHCP data to the new server (or make it available on the network). Step 5. Import the DHCP data to the new server.

enable DHCP Name Protection for an IPv4 or IPv6 node

Step 1. Open the DHCP console. Step 2. Right-click the IPv4 or IPv6 node and then open the Property page. Step 3. Click DNS, click Advanced, and click the Enable Name Protection check box.

A DHCP server role can be installed by...

The Add Roles and Features Wizard in Server Manager - or - Windows PowerShell (Add-WindowsFeature DHCP)

DHCP Clustering

The DHCP Server service can run on Windows Server 2016 in a two-member failover cluster. Both cluster nodes have the DHCP server role installed with identical scopes. Configuration information is stored in shared storage. If one node of the cluster fails, the other member in the cluster detects the failure and starts the DHCP service on the surviving member of the cluster.

Stateful configuration

The DHCPv6 server assigns IPv6 addresses and additional DHCP data.

In DHCP address allocation, can an IP address be reversed?

The IP address can be reversed, based on the MAC address of the client's NIC.

DHCPDISCOVER

The client broadcasts a DHCPDISCOVER packet to every computer in the subnet.

What is the default lease time for wired and wireless clients?

The default lease time is 8 days for wired clients and 3 days for wireless clients.

Stateless configuration

The router assigns IPv6 addresses, but the DHCPv6 server assigns additional DHCP data.

Temp.edb

Tmp.edb is a temporary file that the DHCP database uses as a swap file during database index maintenance operations. Following a system failure, tmp.edb sometimes remains in the Systemroot\System32\Dhcp directory.

T or F: It is commonly known as a MADCAP scope.

True; It is commonly known as a MADCAP (multicast address dynamic client allocation protocol) scope.

T or F: It is configured to point to the IP address of the DHCP server in the remote subnet.

True; It is configured to point to the IP address of the DHCP server in the remote subnet.

Multinetting

When a scope leases addresses to clients in the same physical network, but the clients will be in a separate network logically

When does a client attempt to renew the DHCP Lease?

When the DHCP lease reaches 50 percent of the lease time, the client automatically attempts to renew the lease. The process occurs in the background.

The DHCP database of a Windows Server 2016 DHCP server is a _______________database containing data that relates to scopes, address leases, and reservations.

dynamic

Just Enough Administration (JEA) and Just in Time Administration (JIT)

features are new to Windows Server 2016 features and provide a generic RBAC solution that uses PowerShell remotely. JEA and JIT enable you to give administration credentials only when needed for a finite time and only for specific tasks. You can implement JEA or JIT for all possible PowerShell cmdlets, as well as for DHCP server PowerShell cmdlets.

DHCP Server Log Event Code: 12

lease released

DHCP Server Log Event Code: 11

lease renewed

DHCP Server Log Event Code: 00

log started

DHCP Server Log Event Code: 01

log stopped

DHCP Server Log Event Code: 02

log temporarily paused

DHCP Server Log Event Code: 10

new IP address leased

By default, the DHCP database files are stored in what folder?

the %systemroot%\System32\Dhcp folder

What is the purpose of a superscope?

to allow clients to receive an IP address from multiple logical subnets even when the clients are located on the same physical subnet

PowerShell cmdlet get-service DHCP | FL *

verify the existence, running state, and properties of the DHCP client service

netsh

you must use command-line utilities to export the DHCP data from the old server to a file and then import the data from that file to the new DHCP server


Ensembles d'études connexes

Unit test REVIEW for cell structure and function

View Set

Chapter 2 Network Essentials Exam

View Set