Unauthorize. Sometimes, neither the Authorize button nor the Unauthorize button is available. Additionally, the following event may be logged:
Description: The Dhcp/Binl service on the local machine, belonging to the Windows Administrative domain child1.domainname.com, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine is part of a directory service enterprise and is not authorized in the same domain. (See help on the DHCP Service Management Tool for additional information). This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized. Some unexpected network error occurred. For more information, see Help and Support Center at
Note When you check this Active Directory location from domain controllers that are running in child domains, you may not see the DHCP server object. This object may be missing because of configuration partition replication latency or because of other replication problems. The DHCP service can verify itself by using any domain controller in the forest. If replication has not finished yet, the DHCP server may not see the DHCP server object on a domain controller in a child domain.
The DHCP authorization process
- The DHCP server contacts a domain controller in the root domain and adds itself to the following Active Directory location: CN=NetServices,CN=Services,CN=Configuration,DC=DomainName,DC=com
- The DHCP MMC snap-in immediately changes the active button from Authorize to Unauthorize.
- The DHCP server does not start servicing DHCP clients immediately. Instead, the DHCP server checks the location that is listed in step 1 to make sure that the server is authorized before it starts servicing clients. This check can occur on any domain controller in the forest.
Note It may take some time for a DHCP server in a child domain to be fully operational. This is because the DHCP server must add itself to Active Directory on a domain controller in the root domain. Then, this information has to be replicated to domain controllers in a child domain in case the DHCP server uses one of these domain controllers to verify authorization.