DNS registration changes for Windows Server 2003 based DHCP Servers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This article describes the DNS registration changes for DHCP Servers that are running Windows Server® 2003.

Overview

When the DHCP Server role is installed on a domain controller, the DHCP Server inherits the security permissions of the domain controller. To prevent possible misuse of the domain controller’s elevated permissions, DHCP Servers that are installed on Windows Server 2003 do not register DNS records on behalf of the clients that are associated with the DHCP Server unless the DHCP Server is explicitly configured with DNS credentials. This behavior prevents a potential escalation of privilege to clients of the DHCP Server.

Configuring DNS credentials on a DHCP Server that is running Windows Server 2003

Follow these steps to configure the DNS credentials of a DHCP Server that is installed on a domain controller running the Windows Server 2003 operating system:

  1. Start the DHCP management console. Click Start, then click Run and type dhcpmgmt.msc.

  2. In the DHCP navigation pane, expand the server node and right-click IPv4, and then click Properties.

  3. In the resulting dialog box, click the Advanced tab, and then click Credentials.

  4. In the DNS dynamic update credentials dialog box, enter the DNS credentials (User name, Domain, and Password) for the account that is used by the DHCP Server for DNS registrations.

    Note

    These credentials should belong to a member of the DnsAdmins or the DnsUpdateProxy group.

For more information about creating and adding a user account as a member of a group by using the Active Directory® Users and Groups console, see Changing group memberships.