Script to perform update and synchronisation of DHCP Mac Filter List for Microsoft DHCP Server releases prior to 2008 R2

Microsoft, Software, Windows Server

System Requirements:

  • Windows Server 2008 (R1)
  • Microsoft DHCP Server
  • Microsoft Mac Level Filter extension

The Problem:

If you are using a Microsoft DHCP Server release prior to Windows Server 2008 R2, Mac Address filtering (either allow or deny based) is not included as part of the main console. Microsoft made the feature available as an extension DLL for Microsoft DHCP during Windows Server 2008 (R1)’s early production run.

If you have installed this extension, filtering is restricted to a single server, with no replication options available to peer servers through clustering. This article offers a simple script that can be used to suspend and update a peer server’s Mac Filter list in a master/slave relationship.

The Fix

The script assumes that you have enabled file sharing through your firewall between the servers and that the MAC address filter configuration file is located at c:\windows\system32\dhcp\MACList.txt.

The format of MACList.txt is

#MACList.txt
MAC_ACTION={DENY}
#List of MAC Addresses to deny
001BB04EB711 - # -mypc6 - 192.168.1.28
002BBB831711 - # -mypc7 - 192.168.1.96

Batch script:

@echo off
set TARGET=<hostname/IP of slave server/peer>
cls echo.echo Opening Notepad
echo.
echo Make changes to the file, save and exit. The changes will be
echo replicated to %TARGET% automatically.
echo.
echo Note: This will interrupt DHCP Services for a few seconds on both servers.echo. c:\Windows\system32\notepad.exe "C:\Windows\System32\dhcp\MACList.txt"

:: Stopping DHCP Server Service on Local System
echo.
echo Applying Changes to Local DHCP Service
net.exe stop DHCPServer
echo.

echo Stopping DHCP Server Service on %TARGET%
:: Restart DHCP Server on Target
sc.exe \\%TARGET% stop "DHCPServer"

ping 127.0.0.1 > null echo.

echo Copying MAC List to %TARGET%
copy /y "C:\Windows\System32\dhcp\MACList.txt" "\\%TARGET%\C$\Windows\System32\dhcp\MACList.txt"

:: Starting DHCP Server Service on Local System
net.exe start DHCPServer

:: Starting DHCP Server Service on %TARGET%
sc.exe \\%TARGET% start "DHCPServer"

echo Operation completed. Please periodically check to ensure sync is stable.

In short, the script:

  1. Offers you a notepad session to make any needed changes
  2. When notepad closes it will restart the local servers DHCP service (thus applying the changes locally)
  3. Shutdown the peer servers DHCP service
  4. Copy the updated MAC filter list
  5. Restart the peer servers DHCP service
  6. Terminate

To add a level of safety, the following script can be run periodically to ensure that the DHCP service is in fact running

@echo off
sc interrogate DHCPServer 2>NUL | find /I /N "4 RUNNING">NUL
if "%ERRORLEVEL%"=="0" (
  echo DHCP Service is running
) else (
  echo DHCP Service is not running!!!!!
  net start DHCPServer
)