Create a user account for a managed DHCP server in Active Directory and edit the user account properties if necessary.
If you are creating a user account to map the service principal, you will need to use ADSI Edit to find the msDS-KeyVersionNumber attribute for the Windows AD user account created.
Note: The msDS-KeyVersionNumber is equal to the key version number (vno#) that is found when running Ktpass and is needed in Defining a DHCP service principal. For details about ADSI Edit, refer to http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx
To create a user account on Windows AD:
- Start the Server Manager. Under Active Directory Users and Computers, add a user account.
- Enter the user name information for the managed DHCP server in the appropriate fields.
Enter the service principal name in the User logon name
field. Use the format DHCP/fully qualified domain name
(DHCP/dhcp1.bcn.com) of the DHCP server to map a service
principal name to the user account. This is the Kerberos name for the DHCP
Note: Alternatively, you can run the ktpass command to map the service principal name to the user account.
Enter the password for the account.
Note: Make sure to select the User cannot change password and Password never expires options. If they are not selected, a service interruption will occur when the password expires.