Home/Labs/Network and DNS/Local DNS
Network and DNSLocal DNSIntermediate2-3 hoursLab build

Small Office DHCP and DNS Audit Toolkit with PowerShell

A practical toolkit for a DHCP and DNS audit toolkit using PowerShell. The toolkit will include scripts for checking lease conflicts and exporting the results for further analysis.

Last reviewed4/30/2026
Technitium DNS setupssplit DNS for self-hosted servicessecondary DNS and failover
PowerShellWindows ServerDHCPDNS

Expected Outcome

A working toolkit that allows for auditing DHCP leases and DNS records, with the ability to export lease conflict checks to a CSV file.

Assumptions

  • Windows Server with DHCP and DNS roles installed
  • PowerShell access with administrative privileges
  • Basic understanding of DHCP and DNS concepts

Bill of Materials

  • Windows Server 2016 or later
  • PowerShell ISE or any text editor
  • CSV file for exporting results

Build Steps

  1. Set Up PowerShell Environment

    Ensure that PowerShell is configured to run scripts on your server.

    Changes system state: review before running

    Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
  2. Create DHCP Lease Check Script

    Develop a PowerShell script that retrieves DHCP lease information.

    Safe to run: read-only

    $DhcpServer = 'YourDhcpServerName'
$Leases = Get-DhcpServerv4Lease -ComputerName $DhcpServer
$Leases | Export-Csv -Path 'C:\DHCPLeases.csv' -NoTypeInformation
  3. Create DNS Records Check Script

    Develop a PowerShell script that retrieves DNS records.

    Safe to run: read-only

    $DnsServer = 'YourDnsServerName'
$DnsRecords = Get-DnsServerResourceRecord -ComputerName $DnsServer -ZoneName 'YourDomain.com'
$DnsRecords | Export-Csv -Path 'C:\DNSRecords.csv' -NoTypeInformation
  4. Create Lease Conflict Check Script

    Develop a PowerShell script to check for lease conflicts.

    Safe to run: read-only

    $ConflictLeases = Get-DhcpServerv4Lease -ComputerName $DhcpServer | Where-Object { $_.State -eq 'Conflict' }
$ConflictLeases | Export-Csv -Path 'C:\LeaseConflicts.csv' -NoTypeInformation
  5. Test the Scripts

    Run the scripts to ensure they work correctly and generate the expected output.

    Safe to run: read-only

    powershell -File 'C:\PathToYourScript\DhcpLeaseCheck.ps1'
powershell -File 'C:\PathToYourScript\DnsRecordsCheck.ps1'
powershell -File 'C:\PathToYourScript\LeaseConflictCheck.ps1'
  6. Schedule Regular Audits

    Set up a scheduled task to run the scripts at regular intervals.

    Changes system state: review before running

    New-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'powershell.exe' -Argument '-File C:\PathToYourScript\DhcpLeaseCheck.ps1') -Trigger (New-ScheduledTaskTrigger -Daily -At '2:00AM') -Principal (New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount) | Register-ScheduledTask -TaskName 'DHCP Lease Check'

Validation

  • Verify that the CSV files are created and contain the expected data.
  • Check for any errors in the PowerShell console during script execution.

Troubleshooting

  • If a step fails, capture the exact command, exit code, and log line before retrying or changing the design.
  • Check route tables, DNS resolution, firewall rules, and peer status from both sides of the connection.

Cleanup or Rollback

  • Keep a copy of working configuration, compose files, scripts, and service credentials before removing containers, packages, or data directories.
  • Export current network, DNS, VPN, and firewall settings before changing routes, peers, or resolver configuration.
  • Rollback by restoring the prior route, peer, DNS, or firewall configuration and restarting only the affected service.

Next Improvements

  • Integrate additional checks for other network services.
  • Create a user-friendly interface for the toolkit.