Tuesday, October 8, 2013

Windows Server 2012 - DHCP - Part 3 - exclusions and reservations (command line)

DHCP exclusions...

Some devices on a network should have an IP address that does not change.
For example, we just saw, in my previous blog post, that we can use DHCP to designate key network nodes such as the default router (gateway) and the DNS servers. When you think about this a second, you realize that those IP addresses must not change.
If the IP address of the DNS server was dynamically assigned (by DHCP), and was initially, and if IP settings configured by DHCP for other clients pointed to for the DNS server, and then... if the DNS server IP address changed to well, name resolution could become quite unreliable.
For this reason, we usually need to ensure that at least some addresses of a particular subnet are not allocated by DHCP... or... if they are, ensure that the clients always receive the same IP address.
We can achieve this with one of two methods.
Let's say we have the scope with a subnet mask of
If we want to reserve the first 20 addresses for devices requiring a static IP, we can either begin the scope at or begin the scope at and exclude the first 20 addresses.
I opted for the first possibility in my previous blog post on DHCP.
Now let's recreate that scope but this time with exclusions.

Remove-DhcpServerv4Scope -ComputerName dc-001.machlinkit.biz -scopeID -force

Note: if the scopes are active and if there are active leases, you may encounter this message:

PS C:\> Remove-DhcpServerv4Scope -ComputerName dc-001.machlinkit.biz -scopeID

Remove-DhcpServerv4Scope : Failed to delete scope on DHCP server dc001.machlinkit.biz.

We can use the -force parameter in this case (simply add it to the end of the command).

I thought I would try something: start the range at which is the (sub)network ID and end the range at which is the broadcast address for the subnet. I thought the command would fail but it succeeded:

PS C:\> Add-DhcpServerv4Scope -Name MACH1 -StartRange -EndRange -SubnetMask

Regardless, we will exclude these addresses (it is possible that DHCP would not allocate the first and last address of the range - I don't have time to test everything so if someone else knows for sure, please feel free to comment).

We can exclude either a range of IP addresses or a single IP address:

PS C:\> Add-DhcpServerv4ExclusionRange -ScopeID -StartRange -EndRange

PS C:\>

PS C:\> Add-DhcpServerv4ExclusionRange -ScopeID -StartRange -EndRange

PS C:\>

PS C:\> Add-DhcpServerv4ExclusionRange -ScopeID -StartRange -EndRange

That's right: to exclude a single IP address just list it as the start and end IP address.

Here is the Powershell cmdlet that shows DHCP exclusions:

PS C:\> Get-DhcpServerv4ExclusionRange -ScopeID

ScopeId  StartRange EndRange
-------         ----------        --------

And this is how the exclusions would appear in DHCP Manager:

... And DHCP reservations

Lastly, let's take a look at reservations.
We could assign static IP addresses to certain devices whose IP address must remain the same. Or we could use DHCP but create reservations so the same IP would always be allocated to the device in question. Associating the IP address in question with the MAC address of the device ensures this.
Let's say that we want the DHCP client with MAC address 00-0C-29-F8-C0-46 to always receive IP address
This commands fulfills that objective:

PS C:\> Add-DhcpServerv4Reservation -ScopeID -IPAddress -ClientID 00-0C-29-F8-C0-46

Note: there are a number of ways to determine the MAC address of the node in question.

We can enter ipconfig /all at the device itself (probably the most common method) or enter the following command on a remote computer:

nbstat -A

Where the IP address is the current IP address of the node in question.

Currently, that client has another IP address but... if we run the ipconfig /release and then the ipconfig /renew commands on the client machine, it immediately has the reserved IP address.

C:\>ipconfig /release


C:\>ipconfig /renew

C:\>ipconfig /all


Link-local IPv6 Address . . . . . : fe80::e07e:50de:a86e:edc7%11

IPv4 Address. . . . . . . . . . . :

Subnet Mask . . . . . . . . . . . :

Default Gateway . . . . . . . . . :

PS C:\> Get-DhcpServerv4Reservation -ScopeID | fl

IPAddress :

ClientId : 00-0c-29-f8-c0-46

ScopeId :

Name : PC1.machlinkit.biz


Here's what the reservation looks like in DHCP Manager:


NETSH reference
creation of scope, scope options, exclusions and reservations

In the steps below, I'm going to create scope "" using the NETSH commands.

Important note:
Unless the DHCP server has an interface with an IP address in this subnet (it will be a /24 subnet), we would have to configure a DHCP "relay" (or "helper" in Cisco terms) so broadcasts from another subnet could reach it. Remember that communication between DHCP clients and servers begins with a broadcast and that routers, by default, do not forward broadcast traffic.

Create a scope

PS C:\> netsh dhcp server add scope B1 "Building 1 subnet"

Command completed successfully.

PS C:\>

Note: if "Command completed successfully." displays after each command entered, that means... what it means. I'll exclude the command from the output below.

Note "Building 1 subnet" is the description. For a complete guide to NETSH commands for DHCP, please see the link at the end of this blog post.

Add the IP address range to the scope

PS C:\> netsh dhcp server scope add iprange

Add exclusions (respectively either a single IP address or a range)

PS C:\> netsh dhcp server scope add excluderange

PS C:\> netsh dhcp server scope add excluderange

Add a reservation

PS C:\> netsh dhcp server scope add reservedip 000c29f8c999

PS C:\>

Since the server options apply to all scopes, we will have to make at least one change to the inherited scope options for scope the default gateway.
The default gateway address for subnet must be within that IP address range so we'll make it This will be perfect since we've already created an exclusion for what would probably be the IP address of a router.

PS C:\> netsh dhcp server scope set optionvalue 003 IPADDRESS


For a complete reference to NETSH commands for DHCP, please click on the link below (Microsoft Technet):

Netsh commands for DHCP


  1. What is the need to enable a dynamic DHCP for windows server?

    Silvester Norman

    Change MAC Address

  2. Hi Silvester,

    DHCP by definition is dynamic: "dynamic host configuration protocol".

    So do you mean dynamic as in not configuring reservations?


    1. hi David,
      Never read about DHCP but read that it should be dynamic.So i would like to know why dynamic DHCP is used can't we use static DHCP..

      Silvester Norman

      Change MAC Address

  3. You can use either. "Static DHCP" (with reservations) is useful if you want a particular device to always have the same IP address but still want the benefit of being able to change options (like default gateway and DNS servers) centrally - without having to go to each device to adjust them.

    In general, with clients for example, you just use "dynamic DHCP" which is sort of a pleonasm since DHCP is, by default, dynamic (that's what the D stands for).