1

Currently we have multiple DCs in our primary site and a remote location which has its own DC. All of those DCs are on the same domain, though.

The remote IT team wants to be able to manage their own DHCP Server configuration.

However, I dont want them to be able to manage our DHCP server.

Is it possible to grant a user permission to manage the DHCP configuration for the remote site but not the configuration on the Main site when these are all linked to same domain etc?

pacey
  • 3,833
  • 1
  • 15
  • 31
Mus
  • 21
  • 1
  • 5
  • Given you have RDP/SSH access to the remote sites, you can just (have them) install a local DHCP server that manages their LAN. Shouldn't bother your main DHCP pool and still allows you to connect and manage it when needed. – Oldskool Oct 02 '18 at 09:39
  • Hi @Oldskool ,thank you for your reply. Let me explain you further what i meant as my post could be a bit vague. I am based in London and our multiple DCs are based here which is also the dhcp too. we have a set of users based in manchester and there is 2 dedicated DC and DHCP server for the manchester office (again managed by me etc). In manchester there is a desktop engineer who would like to manage the dhcp for their office. He is not a domain admin. as all the DC's are linked, if i give him domain admin rights, he can also manage the DHCP in london too. What will you suggest? thanks – Mus Oct 02 '18 at 10:07
  • If your post is vague, please edit your post instead of explaining it further in the comments. – Tommiie Oct 02 '18 at 11:20
  • Can you move the DHCP service to run on a member server instead of a DC at the remote site? – Zoredache Oct 02 '18 at 14:10

1 Answers1

0

Have you googled a bit for delegating DHCP administrator rights? The first hit give me this link: https://secureidentity.se/delegate-dhcp-admins-in-the-domain/. Sounds like this is what you need.

Edit: Since it states that "[t]his needs to be done on every DC you install the DHCP Server Role on, granting the groups to manage the service", I assume you can limit which DHCP servers (domain controllers) the user can manage, by simply not following those steps for the DCs you don't want to give them access to.

Tommiie
  • 5,547
  • 2
  • 11
  • 45
  • Hi, thank you for the link. Unfortunately this is going to create the user an admin for all DHCP leases. We only want to be able to create them so that they could manage the manchester lease only instead of all of the reservations available.. – Mus Oct 02 '18 at 12:11
  • I edited my answer to hopefully answer your issue. – Tommiie Oct 02 '18 at 12:26