Thursday, October 24, 2013

Windows Server 2012 - IPv6 (only)

My objective was to continue my exploration of DHCP functionality in Windows Server 2012 and attempt to configure DHCPv6. I had studied IPv6 somewhat superficially for previous Microsoft certification (Windows 2008) and in some detail for my CCNA. As it is not something I use often, I thought it would be preferable to review some concepts and begin by configuring what will be my DHCPv6 server.
I'm going to concentrate on static IPv6 addressing - not a general overview of IPv6, a vast subject in itself and amply discussed elsewhere on the Internet.
 
In IPv6, these are the most common types of IP addresses to be found on a host:
  • Global Unicast addresses - more or less the equivalent of routable IPv4 addresses
  • Unique Local addresses  (ULA) - comparable to "private" IPv4 addresses like 10.0.0.1 or 192.168.0.1
  • Link Local addresses - similar to the "APIPA" or autoconfigured 169.254.x.x addresses.
Note: since I will only use Unique Local addresses here, I will not provide additional details on each type of address. Once again, there is already ample information on this subject on the Internet. 
 
Ideally, we would obtain a range of Global Unicast addresses from our ISP. One of the objectives of IPv6 is to provide end-to-end connections without having to resort to NAT (or PAT), which became necessary because of the shortage of IPv4 addresses.
However, not all ISPs offer IPv6 addresses.
So, for the time being, most of us, if we really want to use IPv6 internally, will have to use Unique Local addresses on our internal network with some sort of IPv6 to IPv4 translation at the perimeter (or simply run both IPv4 and IPv4 on all devices).
I'm going to attempt to use IPv6 only for internal network connectivity and examine possible translation options later. So let's start with the LAN first.
An IPv6 address is 128 bits long, separated into three parts:
  • the first 48 bits (three octets) form the network part. In the case of a global unicast address, this part would be assigned by an ISP.
  • the next 16 bits form the subnet part - for a total of over 65,000 possible subnets.
  • the last 64 bits are used for devices - with a total of 18 quintillion addresses to chose from.
So even with a single network address, we would have enough subnet and device addresses for even the most massive networks.
Unique Local addresses, in practice, start with fd00:0000:0000:0000 for the network and subnet.
So it looks like my first subnet could be...
fd00:0000:0000:0000
and my second...
fd00:0000:0000:0001
and my third...
fd00:0000:0000:0002
I'm assuming that I can count from zero.
Otherwise, I could label my first network and first subnet, respectively, from 1
fd00:0000:0001:0001
Or I could skip the first 10 hexadecimal characters (0-9) and start with "a" for each:
fd00:0000:000a:000a
We can also shorten the IPv6 address from...

fd00:0000:0000:0001

to...

fd00:0:0:1
 
and even...

 
fd00::1
 


Since Unique Local addresses are not routable (like IPv4 "private" addresses), I can configure them as I like. However...
According to RFC 4193, Unique Local addresses must be randomly generated (or more precisely, the "Global ID", more on that in the next lines).
But why? Since they cannot be routed on the "global Internet"?
Because like private IPv4 addresses, they can be routed within a site and between various sites of a particular organization. There is a risk that if two administrators both decide to configure their first subnet...
fd00:0000:0000:0001
Routing between sites will become impossible - how would the router know where to send packets destined for the fd00:0000:0000:0001 subnet when there are two of them?
One could hope that proper coordination within a single organization would avoid such a scenario. However, in the case of a merger, impossible to predict beforehand, there is no way for the respective network administrators to coordinate the numbering of their networks.
 
So RFC 4193 stipulates that the 40 bit Global ID "MUST BE" randomly generated. This is the part of the 48 bit Network address that follows the prefix:
      | 7 bits |1|    40 bits   |     16 bits      |     64 bits 
+--------+-+------------+-----------+----------------------------+
      | Prefix |L|   Global ID  | Subnet ID |  Interface ID
+--------+-+------------+-----------+----------------------------+
 
Diagram from:
 
But... how do I generate a random Global ID?
 
We can go to a site like...
or
to generate such a random address.

 
For this exercise however, I'll adopt the addressing schema that follows, to improve readability if nothing else.
fd00:0000:0000:0000:0000:0000:0000:0010 - for the server named DC-001
fd00:0000:0000:0000:0000:0000:0000:0015 - for the client named PC1
And for concision... I will abbreviate as allowed, and as follows, by eliminating leading and consecutive zeros.
fd00::10 - for the server named DC-001
fd00::11 - for the client named PC1



IPv6 only - will it work?
 

First, I disabled (unchecked) IPv4 in the properties of the network card.
Second, using the command line, I'll configure the domain controller as follows:
 
netsh interface ipv6 set address "Ethernet" FD00::10
netsh interface ipv6 add dnsserver "Ethernet" FD00::10

Some remarks...

Note the change in syntax from ipv4: we no longer add "static"

PS C:\> netsh int ipv6 set address "Ethernet" static fd00::12
Invalid address parameter (static). It should be a valid IPv6 address.

PS C:\> netsh int ipv6 set dnsserver "Ethernet" static fd00::10

set dnsserver worked... but we should apparently use "add dnsserver"

And here again, with add dnsserver, we must omit "static":

PS C:\> netsh int ipv6 add dnsserver "Ethernet" static fd00::10
The parameter is incorrect.


For information, this is how the address would be configured in the GUI (network interface properties).


 


According to ipconfig /all, this gives us...

[snip]
Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-5A-C2-C0
DHCP Enabled. . . . . . . . . .     . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . .      . : fd00::10(Preferred)
Link-local IPv6 Address . . . . . : fe80::20a2:f095:4940:cae%12(Preferred)
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . ....  . : 251661353
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-3F-1F-EF-00-0C-29-5A-C2-C0
DNS Servers . . . . . . . . . . .... : fd00::10
NetBIOS over Tcpip. . . . . . . . : Disabled

 
Some quick remarks:
 
  • There is no IPv4 address.
  • The Unique Local address is displayed in its abbreviated form.
  • Even when a Global Unicast or Unique Local address is assigned, there will also be a Link Local IPv6 address
  • NetBIOS over TCP/IP is disabled by default in Windows Server 2012.


We'll see DHCPv6 later. For now, I'll simply provide our client, PC1, with this address:
netsh interface ipv6 set address "Local Area Connection" FD00::15

So we are using IPv6 only. Lets's see what happens.
 
*
First, Local Area Connection Status shows that there is "No network access" for either IPv4 or IPv6.

 


 
 
Yet packets are both sent and received (status may be due to lack of Internet connectivity).

Moreover, PC1 can ping DC-001

C:\>ping fd00::10
Pinging fd00::10 with 32 bytes of data:
Reply from fd00::10: time=2ms
Reply from fd00::10: time<1ms
Reply from fd00::10: time<1ms
Reply from fd00::10: time=1ms
Ping statistics for fd00::10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
and (if we disable the firewall) vice versa...
PS C:\> ping fd00::15

Pinging fd00::15 with 32 bytes of data:
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms
Ping statistics for fd00::15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


If we run DCDIAG on the domain controller, the output seems to indicate a failure in network connectivity (other tests are successful however):

PS C:\> dcdiag
Directory Server Diagnosis
Performing initial setup:
  Trying to find home server...
  Home Server = DC-001
  * Identified AD Forest.
  Done gathering initial info.
Doing initial required tests
  Testing server: Default-First-Site-Name\DC-001
     Starting test: Connectivity
        Both IPV4 and IPV6 channels are disabled on all adapter cards of the local server. Hence no connectivity to the server.
        Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
        ......................... DC-001 failed test Connectivity
Doing primary tests
  Testing server: Default-First-Site-Name\DC-001
     Skipping all tests, because server DC-001 is not responding to directory service requests.

Is it the firewall rules? Apparently not, since the error occurs even with the firewall disabled.
 
Despite these warnings in the DCDIAG output, PC1 can register its IPv6 address in DNS and establishes a secure channel with DC-001.
 
 
 
C:\Windows\system32>nltest /sc_query:machlinkit
Flags: 30 HAS_IP  HAS_TIMESERV
Trusted DC Name \\DC-001.machlinkit.biz
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully

C:\Windows\system32>nltest /sc_verify:machlinkit
Flags: b0 HAS_IP  HAS_TIMESERV
Trusted DC Name \\DC-001.machlinkit.biz
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully
C:\Windows\system32>

*

In conclusion, it appears that an IPv6 only network is functional despite some error messages.
 

That's for a start. I'm aiming to do more with IPv6 in future posts.
 

 

 
 

Saturday, October 19, 2013

Windows Server 2012 - DHCP - Part 6 - Failover (GUI)

DHCP Failover

 
DHCP is an essential network service. If clients are unable to obtain an IP address, they cannot communicate with each other or access the Internet. In a previous post, I examined DHCP backup and restore. However, restoring a DHCP configuration from backup may not be sufficient from a high availability perspective. An organization may require the network to be functional at all times. Concerning DHCP (which is only one part of the puzzle), high availability can be achieved with a feature known as "failover".
 
In the following paragraphs, I'm going to experiment with this feature and then leave the reader with links to some Microsoft documentation on the subject. 
 
I also want to try some of the remote management capacity of Server Manager to configure the second DHCP server.
 
As the reader may have understood (I hope), DHCP failover implies the presence of two DHCP servers, one being able to "failover" to the other. In other words, if one DHCP server ceases to function, the other can manage IP address alloction in its place. We'll see that there are two ways to configure this in practice.
 
In this exercise, DC-001 is the existing (first) DHCP server and SVR-003 will be configured as the second DHCP server. It will also be the "standby" server for "failover".



Step 1: install the DHCP role on a second server
 
 
OK, I'm assuming that a first DHCP (DC-001) server has been configured. In my case, this was done - and described - in an earlier post.
 
Now I'll install the DHCP role on the second server (SVR-003), the server that will assume DHCP operations if the first server is unable to do so.
 
*
 
On DC-001 I open Server Manager and select SVR-003, right-click and open "Add Roles and Features". Yes, that's right: I could also perform this action directly on SVR-003 but I'm taking advantage of the Windows 2012 Server Manager functionality that allows me to manage all my servers (or here, both of my servers..) from a single console.




I opt to install a role (the DHCP role):




It looks like I have to select SVR-003 again:




I select the DHCP role and add the Management Tools as well:




I authorize a restart of the destination server, if necessary:





Step 2: configure Failover on DC-001 (the first DHCP server)


Notice that I do not configure any scopes or reservations (etc.) on SVR-003. The necessary information will be migrated from DC-001.

On DC-001, I select the scope I want to configure for Failover:



Yes, Failover can be configured per scope:






We select the partner server:



SVR-003 in this case...



We can configure two types of relationships: "Load Balance" or "Hot Standby". In the first case, both DHCP servers share a percentage of the workload. If one fails, the other must assume the other - or entire - percentage:





In the "Hot Standby" mode, one DHCP server manages all requests in normal circumstances but if it becomes unavailable, the second DHCP server leaves standby mode and assumes all address allocation operations:
 



In either case, it is necessary to enter a "Shared Secret" that secures communication between the two servers.

I've opted for the "Hot Standby" mode which produces the following setup summary:


If all goes well, we should see this:




Step 3: check configuration on SVR-003 (second server) and test failover

As I mentioned just before, the scope information is migrated from DC-001 to SVR-003. There is nothing to (re)configure on SVR-003:



The image above may not be entirely clear but the name of the server is indeed SVR-003.

If we look at the scope properties (Failover tab) in normal circumstances, this is what we see:



If we stop the DHCP server on DC-001...



SVR-003 loses contact with DC-001 but...


It will allocate IP addresses to clients that request one.

I tested by starting Windows 7 client "PC1" that initially obtained an address from the first DHCP server (DC-001). 

These are the results as shown by ipconfig /all on the client:

[...]
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e07e:50de:a86e:edc7%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.1.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Thursday, October 17, 2013 10:06:53 PM
   Lease Expires . . . . . . . . . . : Thursday, October 17, 2013 10:30:38 PM
   Default Gateway . . . . . . . . . : 10.1.1.4
   DHCP Server . . . . . . . . . . . : 10.1.1.10


After I stopped the DHCP service on DC-001, PC1 attempted to renew its IP address. That was apparently successful with the results shown below:

[...]
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e07e:50de:a86e:edc7%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.1.1.21(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Thursday, October 17, 2013 10:06:53 PM
   Lease Expires . . . . . . . . . . : Thursday, October 17, 2013 10:32:28 PM
   Default Gateway . . . . . . . . . : 10.1.1.4
   DHCP Server . . . . . . . . . . . : 10.1.1.11



The client obtains the same IP address with an expiration date two minutes later.
 
Note: I reduced the lease time to two minutes so the client would attempt to renew its IP address more quickly (for testing purposes of course, normally you would have a lease of at least 8 hours for wireless clients and probably more - up to a week - for wired clients). 
 
The most important parameter to note is the "DHCP Server". The ipconfig output shows that SVR-003 did indeed take charge of DHCP operations, since it is the source of the new IP address information.
 
*


Ensuring High Availability of DHCP using Windows Server 2012 DHCP Failover (Microsoft Windows DHCP Team Blog)

Step-by-Step: Configure DHCP for Failover

Sunday, October 13, 2013

Windows Server 2012 - DHCP - Part 5 - backup and restore (GUI and command line)

The backup and restore of the DHCP database is a crucial operation that I wanted to review in Windows Server 2012 using both DHCP Manager as well as the Powershell cmdlets.
 
First let's take a look at the status quo of the DHCP server before the hypothetical loss of the database. We'll backup the database, delete the scopes and then see if we can restore them. In reality, we might have to rebuild the entire server and re-install the DHCP role. In this post, I'll simply adopt a scenario in which only the databases need to be restored or in which the server itself has already been restored.
 
Here is how the DHCP configuration appears. I took a couple screenshots to see if I could recreate the configuration with the restore.
 

Scope with reservations:





Reservation options:



OK... such a simple configuration might not even warrant a  backup since you could probably recreate it from scratch (if you have documented it) just as quickly. However, some DHCP servers allocate IP addresses to clients on multiple subnets (via DHCP relays) with a large variety of options, something most admins would not want to have to recreate from scratch.


BACKUP

Right click on the DHCP server and select "Backup" in the resulting menu:



 
Select a target for the backup. We'll just use the folder "DHCP-backup". In reality, we would, of course, save the backup to another location on the network or to some form of external media later stored in a safe location.





This is what the resulting backup file looks like:



The "new" folder contains these files:




So now, let's simulate the loss of the database by simply deleting it:




Confirm the choice to delete when any warning messages appear:





And there we go. The scope (with all its reservations and exclusions) is gone.






RESTORE

Now let's attempt to restore the database.

Right click on the DHCP server icon and select "Restore":



We browse to the location of the backup file:




Let the restore process restart the DHCP service:






The database is restored:




The configuration looks exactly like it did in the screenshots posted above. I'm not going to repost them here since they would be identical. I'll have to ask the reader to "take my word for it".




BACKUP and RESTORE... with Powershell

This is the process followed to backup and restore the DHCP database using the very intuitive Powershell cmdlets:

Backup-DhcpServer

and...

Restore-DhcpServer


This is the state of the (sole) DHCP scope before backup (and deletion):

PS C:\> Get-DhcpServerv4Scope | fl

ScopeId          : 10.0.0.0
Name             : MACH1
Description      :
SuperscopeName   :
SubnetMask       : 255.0.0.0
StartRange       : 10.1.1.0
EndRange         : 10.1.1.255
LeaseDuration    : 8.00:00:00
NapProfile       :
NapEnable        : False
Delay(ms)        : 0
State            : Active
Type             : Dhcp
MaxBootpClients  : 4294967295
ActivatePolicies : True




We backup the DHCP database with the following cmdlet:

PS C:\> Backup-DhcpServer -path C:\DHCP-backup


We remove the DHCP scope with the following cmdlet (note the use of the "pipeline"):

PS C:\> Get-DhcpServerv4Scope | Remove-DhcpServerv4Scope -force

We note that the scope was indeed deleted:

PS C:\> Get-DhcpServerv4Scope
PS C:\>


We then restore the database (and confirm the operation as needed):

PS C:\> Restore-DhcpServer -path C:\DHCP-backup

Confirm
The DHCP server database will be restored from the file C:\DHCP-backup. Do you want to want to perform this action?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
WARNING: Please restart the DHCP server for the restored database to take effect.



With the command line restore, we need to restart the DHCP service manually. Fortunately, there is a PowerShell cmdlet for that: 

PS C:\> Restart-Service "DHCP Server"

WARNING: Waiting for service 'DHCP Server (DHCPServer)' to start...
WARNING: Waiting for service 'DHCP Server (DHCPServer)' to start...

The scope is restored:


PS C:\> Get-DhcpServerv4Scope | fl

ScopeId          : 10.0.0.0
Name             : MACH1
Description      :
SuperscopeName   :
SubnetMask       : 255.0.0.0
StartRange       : 10.1.1.0
EndRange         : 10.1.1.255
LeaseDuration    : 8.00:00:00
NapProfile       :
NapEnable        : False
Delay(ms)        : 0
State            : Active
Type             : Dhcp
MaxBootpClients  : 4294967295
ActivatePolicies : True





Saturday, October 12, 2013

Windows Server 2012 - DHCP - Part 4 - viewing the configuration (command line)

This post concentrates on the display of DHCP server and scope configuration information using Powershell commands. Some may have already been seen in previous posts.
 
In those previous posts, I've also taken a retrospective look at some of the NETSH commands used to manage DHCP in earlier versions of Windows Server.
 
I'll begin this post with a NETSH command that shows information about the DHCP server itself and then present the equivalent PowerShell commands.
 
 
***
 
This command shows us "DORA" data (essentially number of attempts to contact the server for an IP address), uptime for the server, number of scopes, with some scope information such as the number of used and available addresses, the location of the DHCP database and, finally, some server status information.


PS C:\> netsh dhcp server show all

MIBCounts:
        Discovers = 0.
        Offers = 0.
        Delayed Offers = 0.
        Requests = 0.
        Acks = 0.
        Naks = 0.
        Declines = 0.
        Releases = 0.
        ServerStartTime = Wednesday, October 9, 2013 8:09:18 PM
        Scopes = 2.
        Scopes with Delay configured= 0.
        Subnet = 10.0.0.0.
                No. of Addresses in use = 1.
                No. of free Addresses = 255.
                No. of pending offers = 0.
        Subnet = 192.168.1.0.
                No. of Addresses in use = 1.
                No. of free Addresses = 242.
                No. of pending offers = 0.


Server Database Properties :
        DatabaseName              = dhcp.mdb
        DatabasePath              = C:\Windows\system32\dhcp
        DatabaseBackupPath        = C:\Windows\system32\dhcp\backup
        DatabaseBackupInterval    = 60 mins.
        DatabaseLoggingFlag       = 1
        DatabaseRestoreFlag       = 0
        DatabaseCleanupInterval   = 60 mins.


Server Status:
        Server Attrib - Rogue Authorization Succeeded :TRUE
        Server Attrib - Dynamic BootP Support Enabled :TRUE
        Server Attrib - DHCP Server Part Of DS        :TRUE
        Server Attrib - DHCP Server Bindings Aware    :TRUE
        Server Attrib - Administrative Rights         :TRUE



Now let's see how to see that information using Powershell.
 
But first, I want to show the reader how to obtain a list of Powershell commands - or cmdlets - pertaining to DHCP. Unless blessed with a fabulous memory, most administrators will not be able to remember the hundreds (possibly thousands) of Powershell commands available to manage a Windows 2012 server from the command line (or in a script).
 
So we're just starting to use Powershell (to manage DHCP in this scenario) and we want to see what commands are available. So we enter what follows: 

 
PS C:\> get-command *get-dhcp* | select name

Name
----
Get-DhcpServerAuditLog
Get-DhcpServerDatabase
Get-DhcpServerInDC
Get-DhcpServerSetting
Get-DhcpServerv4Binding
Get-DhcpServerv4Class
Get-DhcpServerv4DnsSetting
Get-DhcpServerv4ExclusionRange
Get-DhcpServerv4Failover
Get-DhcpServerv4Filter
Get-DhcpServerv4FilterList
Get-DhcpServerv4FreeIPAddress
Get-DhcpServerv4Lease
Get-DhcpServerv4OptionDefinition
Get-DhcpServerv4OptionValue
Get-DhcpServerv4Policy
Get-DhcpServerv4PolicyIPRange
Get-DhcpServerv4Reservation
Get-DhcpServerv4Scope
Get-DhcpServerv4ScopeStatistics
Get-DhcpServerv4Statistics
Get-DhcpServerv4Superscope
[...]
Get-DhcpServerVersion


Note: there are comparable cmdlets for IPv6 which I have edited out for concision.

So now we have an idea of the available PS cmdlets for DHCP.

Some readers may have noticed that all the DHCP commands begin the same, either:

Get-DHCPServer

or

Get-DHCPServerv4

or, for DHCPv6 (for IPv6):

Get-DHCPServerv6


We then add the element that interests us: Reservation, Scope, etc..

If we want details on a paticular cmdlet, we can use the get-help cmdlet followed by the cmdlet in question:

Get-Help Get-DhcpServerv4Scope

I find the -example parameter especially useful since it goes "straight to the point" with some practical examples:

Get-Help Get-DhcpServerv4Scope -example


Having presented what I believe to be some useful PS tips (in general), let's see some specific cmdlets.

I do not see a "general" or "global" command that displays all the information like  
netsh dhcp server show all.

If we want information on the DHCP database, we use this command:

PS C:\> Get-DhcpServerDatabase

FileName           : C:\Windows\system32\dhcp\dhcp.mdb
BackupPath         : C:\Windows\system32\dhcp\backup
BackupInterval(m)  : 60
CleanupInterval(m) : 60
LoggingEnabled     : True
RestoreFromBackup  : False
IPAddress            DnsName
---------            -------
10.0.0.10            dc-001




Is the DHCP server a member of the domain? Is it activated? This command will tell us:

PS C:\> Get-DhcpServerSetting

IsDomainJoined            : True
IsAuthorized              : True

DynamicBootp              : True
RestoreStatus             : False
ConflictDetectionAttempts : 0
NpsUnreachableAction      : Full
NapEnabled                : False
ActivatePolicies          : True



On what network interfaces is DHCP listening for IP address requests?

PS C:\> Get-DhcpServerv4Binding | fl

InterfaceAlias : Ethernet
BindingState   : True
InterfaceGuid  : c53d50cb-d384-4187-9399-ad57a5cac8c5
IPAddress      : 10.1.1.10
SubnetMask     : 255.0.0.0


Note: the " |" followed by "fl" displays the output in list format which I've found preferable to table format when publishing to this blog. The actual formatting commands are "format-list" and "format-table".


How many requests for IP addresses has the server received? How many addresses are used? Available? Use the following command to find out


PS C:\> Get-DhcpServerv4Statistics
 

ServerStartTime           : 10/9/2013 8:09:18 PM
TotalScopes               : 2
ScopesWithDelayConfigured : 0
ScopesWithDelayOffers     :
TotalAddresses            : 499
AddressesInUse            : 2
AddressesAvailable        : 497
PercentageInUse           : 0.4008016
PercentagePendingOffers   : 0
PercentageAvailable       : 99.5992
Discovers                 : 0
Offers                    : 0
PendingOffers             : 0
DelayedOffers             : 0
Requests                  : 0
Acks                      : 0
Naks                      : 0
Declines                  : 0
Releases                  : 0



The following commands provide information on specific scopes, reservations and exclusions.

PS C:\> Get-DhcpServerv4Scope | fl

ScopeId          : 10.0.0.0
Name             : MACH1
Description      :
SuperscopeName   :
SubnetMask       : 255.0.0.0
StartRange       : 10.1.1.0
EndRange         : 10.1.1.255
LeaseDuration    : 8.00:00:00
NapProfile       :
NapEnable        : False
Delay(ms)        : 0
State            : Active
Type             : Dhcp
MaxBootpClients  : 4294967295
ActivatePolicies : True

ScopeId          : 192.168.1.0
Name             : BLDG1
Description      : Building 1 subnet
SuperscopeName   :
SubnetMask       : 255.255.255.0
StartRange       : 192.168.1.1
EndRange         : 192.168.1.254
LeaseDuration    : 8.00:00:00
NapProfile       :
NapEnable        : False
Delay(ms)        : 0
State            : Active
Type             : Dhcp
MaxBootpClients  : 4294967295
ActivatePolicies : True



PS C:\> Get-DhcpServerv4ScopeStatistics | fl

ScopeId                       : 10.0.0.0
AddressesFree                 : 255
AddressesInUse                : 1
PendingOffers                 : 0
ReservedAddress               : 1
PercentageInUse               : 0.390625
SuperscopeName                :
AddressesFreeOnThisServer     :
AddressesFreeOnPartnerServer  :
AddressesInUseOnThisServer    :
AddressesInUseOnPartnerServer :

ScopeId                       : 192.168.1.0
AddressesFree                 : 242
AddressesInUse                : 1
PendingOffers                 : 0
ReservedAddress               : 1
PercentageInUse               : 0.4115226
SuperscopeName                :
AddressesFreeOnThisServer     :
AddressesFreeOnPartnerServer  :
AddressesInUseOnThisServer    :
AddressesInUseOnPartnerServer :



PS C:\> Get-DhcpServerv4Reservation 10.0.0.0 | fl

IPAddress   : 10.1.1.21
ClientId    : 00-0c-29-f8-c0-46
ScopeId     : 10.0.0.0
Name        : PC1.machlinkit.biz
Type        : Both
Description :



PS C:\> Get-DhcpServerv4ExclusionRange 10.0.0.0 | fl

ScopeId    : 10.0.0.0
StartRange : 10.0.0.0
EndRange   : 10.0.0.20

ScopeId    : 10.0.0.0
StartRange : 10.0.0.255
EndRange   : 10.0.0.255


***

As for the additional NETSH equivalents, I'll suggest the reader refer to the following link:

Netsh commands for DHCP