# DHCP authorized server list all fubared.



## StumpedTechy (Jul 7, 2004)

Okay someone really screwed up and I am trying to fix this. We have a bunch of authorized servers in our list but 1/2 of them are dead. Worse yet is alot of them have the same IPs.

E.G.
Computer.domain 1.1.1.1
Computer1.domain 1.1.1.1
Computer2.domain 2.2.2.2
Computer3.domain 2.2.2.2

computer and computer 2 are the original DHCP servers, computer 1 and computer 3 are the new ones.

Now to make things worse computer and computer2 are both still on the network with same DNS name but different IPs.

Actual IP E.G.
Computer.domain 1.1.1.2
Computer1.domain 1.1.1.1
Computer2.domain 2.2.2.3
Computer3.domain 2.2.2.2

I have tried to Unauthorize using the Unauthorize button and I get "Access Denied" even though I am Domain Admin and I think it has to do with the fact that DHCP is not running and the IP of the computer isn't the same as the computernames DNS.

I also tried the netsh dhcp delete server command on these "leftover" ones but I get 
Deleting server with computer, 1.1.1.1 (IP in the Authorized server list)
The specified servers are not present in the directory service.
I did also try it with 
Deleting server with computer, 1.1.1.2 (Actual IP)
The specified servers are not present in the directory service.

I also have verified that the only good ones listed via IP are in -
CN=NetServices,CN=Services,CN=Configuration,DC=domain
the ones that are not authorized do not show up in there at all. 

It has been verified and reverified that computer and computer 2 do NOT have DHCP loaded on them.


----------



## srhoades (May 15, 2003)

Make sure the user your are using is a member of the Enterprise Admin group, only they can authorize/deauthoirze a DHCP server.


----------



## StumpedTechy (Jul 7, 2004)

They have full rights. I have even had multiple users give it a try. From Enterprise Admin to Domain admin to joe blow down the street.


----------



## srhoades (May 15, 2003)

You say the old computers are still on the network but with different IP's, any DNS records still pointing to the old IP's?


----------



## StumpedTechy (Jul 7, 2004)

No records I can find outside of the good ones and nslookups are all fine.


----------



## srhoades (May 15, 2003)

What is the status of the old servers? Are they DC's, or were they once DC's and since demoted or were they always just member servers?


----------



## StumpedTechy (Jul 7, 2004)

I am not thinking they were DC's but this is a status I to be honest do not know. I would assume it was a member server that just had DHCP on it just due to the naming convention used on this server.


----------



## srhoades (May 15, 2003)

If perhaps it was a DC you might want to try the meta data cleanup and see if purging the (perhaps) obsolete data from AD clears it up.

http://support.microsoft.com/kb/216498

Other than that I'm, well, stumped.


----------



## srhoades (May 15, 2003)

Found this, don't know if it applies to your situation or not

http://forums.techarena.in/active-directory/393412.htm


----------

