Opps, looks like I haven't posted in over two years! I wasn't a prolific poster before that either. To try and get back into things I'm going to start with a relatively basic Windows DHCP post using a few simple PowerShell DHCP cmdlets.
Nothing special here but I’ve found I can save 15-20 minutes by using PowerShell to sort through DHCP scope lease records in a CSV, vice the DHCP MMC (Microsoft Management Console) GUI tool. Typically I’d select the applicable DHCPserver from the MMC and then manually click through the various scope lease records looking for outliers or oddities.
For a faster PowerShell way you can use this one-liner (broken-up on multiple lines for readability):
Get-DHCPServerv4Scope -ComputerName <dhcp_server> |
Get-DHCPServerv4Lease -ComputerName <dhcp_server> -AllLeases |
Export-Csv dhcp_leases.csv -NoTypeInformation
You’ll usuallly find these cmdlets on Windows Server. They can be directly installed on a Windows workstation too but if you don’t have local admin they’d already need to be available.
Don’t know your DHCP server IP? You have serveral options to sort this out. You can a cmd query on a regular workstation at your assessment location and run the following:
ipconfig /all | findstr DHCP
If you're on a RFC 1918 subnet, you can use Windows Management Instrumentation (WMI) to pull the service that the local system used for DHCP (note: the 172.16.0.0/12 network isn't exact).
$dhcp_server = Get-CimInstance Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled=$true" |
Where-Object {$_.DHCPServer -like "10.*" -or
$_.DHCPServer -like "172.*" -or
$_.DHCPServer -like "192.168.*"}
Also from Windows Server, you can suss out the DHCP server(s) in your Active Directory domain with the following. Depending on the enterprise environment you may get multiple hits (which is something you may or may not want).
(Get-DHCPServerInDC).DnsName -match ‘<search_name>’