One of our contractors just tried telling my boss that we should be using our Cisco ASA to serve DHCP instead of our DC... Is there any merit to this? Or is he just, once again, blowing smoke.
DHCP is fine on the Windows server, on a DC or not on a DC.
I can think of no benefit to be had from moving it off Windows.
OK, more detail is requested.... here we go:
a) Administer everything in one place on windows (instead of needing multiple tools)
-- Especially useful if you have reservations and other dhcp config needs (you may not have em now,,, but in the future you might well!)
b) Avoid having multiple dhcp servers (this leads to chaos). Many of us find over time that we are plugging in various routers and things (often just to use em as hubs), and we find stations getting addresses we did not intend. This is a result of "dhcp server proliferation"
c) Windows dhcp works well
d) If you use dhcp on the router, you do want to turn it off on windows (for the reason above). Some network admin in future might well turn it back on (on the win server) and then the fun starts!
Other odds and ends:
1) If you need to delegate dhcp admin to multiple people, this can sometimes be a problem in Windows DHCP (unless you are OK with all of them being network admins)
--- I have never seen a situation that needed multiple dhcp admins... the whole goal of dhcp is config and forget...
2) dhcp doesn't replicate with AD (afaik). So if you want redundant dhcp servers, I believe the only solve is to split the scope across multiple DCs
I've done it both ways, running DHCP on my Windows Server and also letting the Cisco ASA handle DHCP. I have no advantage/benefit/disadvantage in either scenario. I usually like to keep DNS and DHCP together and if you are running AD then i'd probably leave those roles on the servers.
Last I looked, my Cisco ASA couldn't do stuff I use -- fixed IP for MAC and automatic DNS registration on DHCP registration, so that wasn't going to happen.
Maybe the reverse is also true, but I haven't seen the need yet.
DHCP is fine on the Windows server, on a DC or not on a DC.
I can think of no benefit to be had from moving it off Windows.
OK, more detail is requested.... here we go:
a) Administer everything in one place on windows (instead of needing multiple tools)
-- Especially useful if you have reservations and other dhcp config needs (you may not have em now,,, but in the future you might well!)
b) Avoid having multiple dhcp servers (this leads to chaos). Many of us find over time that we are plugging in various routers and things (often just to use em as hubs), and we find stations getting addresses we did not intend. This is a result of "dhcp server proliferation"
c) Windows dhcp works well
d) If you use dhcp on the router, you do want to turn it off on windows (for the reason above). Some network admin in future might well turn it back on (on the win server) and then the fun starts!
Other odds and ends:
1) If you need to delegate dhcp admin to multiple people, this can sometimes be a problem in Windows DHCP (unless you are OK with all of them being network admins)
--- I have never seen a situation that needed multiple dhcp admins... the whole goal of dhcp is config and forget...
2) dhcp doesn't replicate with AD (afaik). So if you want redundant dhcp servers, I believe the only solve is to split the scope across multiple DCs
I've done it both ways, running DHCP on my Windows Server and also letting the Cisco ASA handle DHCP. I have no advantage/benefit/disadvantage in either scenario. I usually like to keep DNS and DHCP together and if you are running AD then i'd probably leave those roles on the servers.
Last I looked, my Cisco ASA couldn't do stuff I use -- fixed IP for MAC and automatic DNS registration on DHCP registration, so that wasn't going to happen.
Maybe the reverse is also true, but I haven't seen the need yet.