You're welcome!

@@ITLumberjack I would like to see more Windows domains content

@@ahirnimesh09 anything specific? Failover DHCP? Managing DHCP with Powershell? Let me know and I will see if I can make it happen!

@@ITLumberjack how to deploy apps on domain joined client pc

There are a few ways to deploy applications. The simplest would be through group policy using MSI files. I'll try and put something together this week. You can also do it with batch scripts, powershell scripts, and SCCM aka System Center (my personal favorite). I am working on a SCCM series but its going to be a while before its done. I am still testing everything and making notes.

I am glad I could help! If you have anything else you would like to see let me know.

For anyone still wondering, Windows DHCP servers will typically not assign addresses to a scope you created unless the server itself has an IP address on that network. So you either need to attach a separate NIC to the server so it's on the new network, or assign the server to the VLAN associated with that scope. This changes slightly with relays though depending on config

@@RoggyRoast Thanks i was wondering why it was only able to lease addresses within its own subnet. Can you elaborate more about the relays? I currently have one pointing to my domain controller but it does not send and offer packets back.

That is awesome! I’m glad it was helpful. What tools/equipment are you using in your home lab?

@@ITLumberjack I was using the router as DHCP, but i want to use windows so I can integrate into SCCM and learn how to use that.

Good ole SCCM! That’s a fun one. I thought about doing a SCCM guide but I eventually decided against it. It’s kind of complicated to setup but it’s very rewarding once it’s done. There is a lot of good info on SCCM and I also felt others already had it dialed in. If your interested in SCCM you need to check out www.systemcenterdudes.com and www.prajwaldesai.com. They have some fantastic content.

@@ITLumberjack Yes those are the exact same guides I used. I decided I need to learn it after interviewing with several local companies and almost all of them use SCCM(Ohio). I've only worked one enterprise company and we didn't even use SCCM so I feel I am maybe getting passed up because of it.

SCCM isn’t going anywhere just yet but Azure InTune and Autopilot will eventually replace it. As more companies push there infrastructure to the cloud those are the two pieces of tech that will replace SCCM. At a previous job I setup and maintained a small SCCM deployment. We had around 2000 devices in total. Right before I left we collectively made the decision to drop SCCM completely and use PDQ Deploy and Inventory in conjunction with InTune. Every setup is different and there isn’t a wrong answer. As long as the solution solves the problem safely and securely then i call that a success.

@deezee1570 I think I understand your question. If this doesn't answer it, let me know and we will try again! VLANs and subnets are concepts in networking that often work together to organize and manage network traffic efficiently. A VLAN operates at Layer 2 of the OSI model and provides a logical separation of networks at the data link layer, allowing you to segment network traffic without requiring multiple physical networks. On the other hand, subnets operate at Layer 3 (the network layer) and are used to divide a larger network into smaller, manageable parts...subnets. Each subnet is associated with a specific IP address range. Typically, you would assign one subnet per VLAN to keep network organization straightforward and secure. For instance, if you have two subnets, say 10.10.0.0/24 and 10.20.0.0/24, you would ideally place them in separate VLANs to isolate their traffic at the data link layer. When it comes to assigning IP addresses dynamically, a DHCP server comes into play. The server allocates IP addresses to devices from a specific range, known as a DHCP scope. However, the DHCP server operates at Layer 3 and does not directly interact with VLANs. Instead, it assigns IP addresses based on the subnet from which a request was received. If a DHCP server is on a different subnet than the client requesting an IP address, a DHCP Relay Agent is used. This agent forwards the client's request from the client's subnet to the DHCP server. The server then determines the appropriate IP address for the client based on the subnet from which the request originated, ensuring the client receives an IP address that matches its subnet. This setup allows network administrators to efficiently manage network resources, ensuring devices can communicate effectively while maintaining organizational and security requirements.

I do not have a Unifi PoE switch. I have am using a Ubiquiti ToughSwitch. The ToughSwitch is a managed switch but it can't be joined to the unifi centralized management. It has to be managed separately. If you would like to see a video on how to connect other brands PoE switches to a dream machine, I can make that happen. Since I don't have a Unifi poe switch I can't demo that as of right now.

Good question. In a multi subnet environments you have a VLAN that correlates with the subnet. For example if you have a subnet of 192.168.1.0/24 and a subnet of 192.168.2.0/24 these two subnets are divided by a VLAN. 192.168.1.0/24 may be in VLAN 10 while 192.168.2.0/24 would be in VLAN 20. The VLAN numbers are usually assigned by the switch or if 802.1x is in use it can dynamically be applied. Once a VLAN is assigned to a port the gateway of the subnet/VLAN will then answer any of the DHCP requests. The DHCP server knows to assign an IP based on the subnet the request came from. I hope that helps!

Yes. Its easy. All of different hosts/endpoint need to point to the WIN server serving as the DNS server. That's it!

The objective of the video was to show how to setup multiple DHCP scopes on a Windows Server box. Not how to configure the router. I did briefly touch on that in the video. Since their are an infinite number of brands out there I chose not to cover the router details because every brand is different. I am sorry to hear that this wasn't of value to you. I hope you find what you're looking for.

Unfortunately I can't say why the USG isn't doing DHCP relay. You may want to take a look at Ubiquiti documentation. As for DNS, as long as the DNS address being issued to the client is the internal DNS server, the records will be created.

Same here. Just setup my domain controller with unifi for wireless. I haven't looked into this much since I just got it working, but if you found a solution that would save googling that would be awesome. Thanks!

Yes, it will work for a single network. The helper addresses would not be needed if that was the case.

Good question. The devices playing relay/helper will have an IP address (the gateway). The relay will then request an IP from the DHCP server for the subnet that the gateway resides in. Windows will only hand out IPs for that subnet since the request is for a specific subnet. I hope that makes since.

​@@ITLumberjack Had same question, thanks for answering this.

@@ITLumberjack Yes, this is the case if the request comes from the new added VLAN from a different network. But is this also the case for the client-computer in the same network as the DHCP-Server? Because this client now can request a IP from two different scopes on the same server in the same network...? Which scope will answer the request?

@@benjaminpfau5822 if the devices is on the same subnet/VLAN/layer 2 as the server, the typical DHCP offer, request, acknowledgement will occur. If device is on a different subnet, the traffic will be encapsulated into a DHCP relay message. Essentially the request will have additional information for a different subnet. If you where to look at it in Wireshark, it you would be able to see how the requests are processed differently.

Me personally no.

It knows based on the subnet the request is coming from. So if the gateway of the subnet is 192.168.0.1/24 then the server know to issue an address in the 192.168.0.0/24 subnet. Another way to think about it is to think of the gateway as your DHCP server for each subnet.

Your endpoints need to be divided up into VLANs. That has to be done at on the connecting switch.

Correct. The port on the server can be a regular ole access point. When the request comes in the server is looking at the subnet, not a vlan. This is all assuming dhcp relay is being used on the layer 3/router.

@@ITLumberjack Right but I have to tag the VLAN's on the server port of the switch correct?

I have never put a DHCP server in truck and tagged each VLAN. I suppose you could do that but I think it adds an unnecessary level of complexity. I have always set my server port on the switch as an access port. The only vlan associated with the port is the vlan number that my server resides in. For Cisco here is an example of a config. We will assume the dhcp server is in vlan 2 and we have endpoint in vlan 3 that need to get its address from the dhcp server. Our dhcp server will have an ip of 10.0.0.1 !Sever Port Config Switchport mode access Switchport access vlan 2 !VLAN 3 Interface Config ip address 10.10.0.1 255.255.255.0 Ip helper-address 10.0.0.1 I hope that makes more sense. I would highly recommend labbing this to test it and play around with how it works. Disclaimer…that config info is only what would be required for a switch. That by no means is best practice for a solid Cisco config. That is just enough to make it work.

Here is another reason why I never trunked my DHCP server. If I have 20 locations and each location is using inter-vlan routing on each L3 switch/router at each site, I can’t assign the server a vlan on a completely different subnetwork if it’s traversing a WAN or something similar. That is where the ip helper address comes into play. With it you can server as many networks as you want no matter the location on the network. If you can ping it, it should be able to assign an IP to endpoints in the subnet.

One