๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Windows Administration

Windows DHCP Server Audit with PowerShell (2026)

Dargslan | April 18, 2026 | 9 min read | 3 views
Windows DHCP Server Audit with PowerShell (2026)
Windows DHCP audit with PowerShell - Dargslan 2026

DHCP outages always look like "the network is down" until somebody checks the lease pool. The two questions an audit has to answer are: is failover configured (so a single DHCP server reboot does not cost you the office) and is any scope close to exhaustion (so you find out before users do). Both are five-minute checks from PowerShell.

This guide ships the workflow plus the Dargslan.WinDhcpAudit module and a free PDF cheat sheet.

Table of Contents

Step 1: Scope inventory

Get-DhcpServerv4Scope | Select ScopeId, Name, State,
    StartRange, EndRange, SubnetMask, LeaseDuration

Look for: scopes in Inactive state (legacy or accidentally disabled), unusually short lease durations on a wired LAN (a 1-hour lease is sometimes copied from Wi-Fi by mistake), and scopes that overlap subnets โ€” a copy-paste error that creates duplicate IPs.

Step 2: Failover

Get-DhcpServerv4Failover | Select Name, Mode, PartnerServer, ScopeId, State

Two failover modes: Hot Standby (one server primary, the other takes over on failure) and Load Balance (50/50 by default). For most organisations Load Balance is fine. The audit answer should be: every production scope is in a failover relationship and the state is Normal. Anything in Communication Interrupted means the partner is unreachable and renewals will fail.

Step 3: Scope usage

Get-DhcpServerv4Scope | ForEach-Object {
    Get-DhcpServerv4ScopeStatistics -ScopeId $_.ScopeId |
        Select ScopeId, Free, InUse, Reserved, PercentageInUse
}

Two thresholds we use:

  • โ‰ฅ 80 % โ€” schedule expansion
  • โ‰ฅ 90 % โ€” finding, expand or shorten leases now

A pragmatic PASS / WARN / FAIL score

  1. At least one Active scope (1 pt โ€” sanity)
  2. Failover relationship exists (1 pt)
  3. No scope โ‰ฅ 90 % (1 pt)

3/3 PASS, 1-2 WARN, 0 FAIL.

Dargslan.WinDhcpAudit module

Install-Module Dargslan.WinDhcpAudit -Scope CurrentUser
Import-Module Dargslan.WinDhcpAudit
Export-DargslanDhcpAuditReport -ComputerName dhcp01 -OutDir C:\reports

FAQ

Does it audit IPv6 DHCP?

v4 only in v1.0. v6 cmdlets are Get-DhcpServerv6Scope if you want to extend it.

How do I add failover to an existing scope?

Add-DhcpServerv4FailoverScope -Name fo1 -ScopeId 10.0.0.0.

Cheat sheet?

Free PDF at /cheat-sheets/windows-dhcp-audit-2026.

Related Dargslan resources

Share this article:
Dargslan Editorial Team (Dargslan)
About the Author

Dargslan Editorial Team (Dargslan)

Collective of Software Developers, System Administrators, DevOps Engineers, and IT Authors

Dargslan is an independent technology publishing collective formed by experienced software developers, system administrators, and IT specialists.

The Dargslan editorial team works collaboratively to create practical, hands-on technology books focused on real-world use cases. Each publication is developed, reviewed, and...

Programming Languages Linux Administration Web Development Cybersecurity Networking
View all books

Related Articles

Stay Updated

Subscribe to our newsletter for the latest tutorials, tips, and exclusive offers.