Anyone ever notice this?
I've discovered numerous W2K servers in my forest that are offering Windows DHCP services. We've confirmed they are Windows DHCP servers and not a third party DHCP server.
Since our corporate standard is QIP, we've never authorized a single DHCP server, so our Config - Services - NetServices container is completely empty. Including not containing the CN=DhcpRoot object.
What we've found is that when a W2K DHCP server starts, it queries AD for the DhcpRoot object. AD appropriately returns a not-found response, yet the DHCP server still starts and logs an "authorized" event. We've also verified that Microsoft changed that behavior at some point because a W2K3 DHCP server appropriately logs an "unauthorized" event and does not start successfully.
I'm just wondering if that is everyone else's expectation for how the rogue DHCP protection is supposed to work. That at least for W2K, rogue DHCP protection doesn't work at all until at least one DHCP server has been authorized, because that causes the DhcpRoot object to be created in addition to creating an entry for the specific DHCP server.
I was unaware that the possibility for this condition existed.