Sometimes it is required to use a domain service account for running DHCP server in the company's infrastructure. This is not so complex task to be configured, however, there are some undocument configuration need to performed to be able to achieve the proper working.
Configuration steps:
- Create a normal domain user with a strong password and set in domain to its password will not expire
- Configure this account as Administrator on the DHCP server
- Add the account into the followings in secpol.msc:
- Log on as service
- Generate security audits
Configure the service account with full permissions on the folder where the DHCP server stores its own files
Configure the service account in services.msc for the DHCP Server service: insert your domain account and password instead of Network Service
- Configure the service account on the DNS with register permission on zones where it will do the registrations
- Configure the same account for DHCP Dynamic Update:
Remark: if there are two DHCP servers in failover, the DHCP Server service must remain running under Network Service, otherwise the update will not work between the cluster nodes.