0

I'm stuck with a problem in my configuration.

We have a domain controller who works also as DNS and DHCP server. Yesterday i deployed a secondary DHCP server and configured it in a failover cluster with the first one using the Hot-StandBy mode. I successfully made the scopes being replicated automatically using the DHCP Failover Auto Config Sync found on TechNet:

https://gallery.technet.microsoft.com/scriptcenter/Auto-syncing-of-configurati-6eb54fb0

Now, my problem is: How can i get the replication of the MAC Addresses filter even if it's a server config? So i tried this line of PowerShell code:

Get-DhcpServerv4Filter -List Allow -ComputerName myserver.FQDN | Add-DhcpServerv4Filter -Force

Which actually works, but ther's one problem.

It's not automated, so if i enter a MAC address on the master DHCP, it won't be automatically replicated into the backup server. Also, if i delete a MAC address from the secondary DHCP, it won't be deleted on the primary server.

So, do you know how to make these changes automated like "DHCP Failover Auto Config Sync" script?

Thanks in advance.

Mattia Tupone
  • 21
  • 1
  • 5
  • Have you considered sanitizing your setup so that you do not rely on that feature? I manage various networks for like 10 years and never resorted to MAC address filtering. It is, regardless how you turn it, a hack and a pain to maintain in a dynamic environment. – TomTom Jun 23 '17 at 10:15
  • Yes, i know it's a pain. I started working in this in this company and they already had a MAC Address reservation network, which is a real pain. So i can't change the setup, but at least i want to provide HA. – Mattia Tupone Jun 23 '17 at 10:17
  • And that is your poblem - MS HA does not support obscure hardly ever used features. Change from MAC address reservation to something sane. Why they do that anyway? – TomTom Jun 23 '17 at 10:59
  • They are using IP-classes in order to allow or block network shares or internet domains and keep offices networking seprate from production networking. Still can't figure out why we're not using domain controller anyway. It's a mess, but i can't change things. This is why i'm trying to provide HA, even if i don't like the current IT situation at all. – Mattia Tupone Jun 23 '17 at 11:29
  • They have a delusion - the MAC Address of an IP in a switch network can be found out and the IP address of a network card can be changed -> they have no security at all. – TomTom Jun 23 '17 at 12:05
  • "You're goddamn right." – Mattia Tupone Jun 23 '17 at 12:25

0 Answers0