In a previous post (3 years 4 months 2 days ago) I wrote about searching DHCP leases directly on a DHCP server which was rather limiting especially if you are in larger network. These days I use the following script from a management desktop running RSAT which automatically lists authorised DHCP servers in the forest and searches though all scopes:

$AllDhcpServers = Get-DhcpServerInDC

$result = @(
@($AllDhcpServers).foreach({

@(Get-DhcpServerv4Scope -ComputerName $_.DnsName | Get-DhcpServerv4Lease -ComputerName $_.DnsName -AllLeases -Verbose)

}))

Since Get-DhcpServerInDC does the hard work finding the authorised DHCP servers the script should work in any domain. Querying all the servers in a large global environment can take a little while so the results are placed into an object which can be searched without running the whole script again and going back to each server. DHCP lease information can be quite dynamic especially in wireless environments so if you need up-to-date results then run the script again. The following are some examples to get information out of the $result object:

To query the results for a hostname:

 $result | Where-Object hostname -match mycomputer.thewayeye.net

If you don’t have a specific hostname partial matching is supported. For more info see the official documentation for Where-Object :

 $result | Where-Object hostname -match linux

Will match all hostnames that contain the string linux.

Or perhaps search by MAC address:

 $result | Where-Object clientid -match 00-50-56-C0-01-00

Make sure the MAC address you are searching on uses dash notation rather than colons. There is some interesting information in the DHCP lease database, for example if you wanted to find VMware based virtual machines you could try:

 $result | Where-Object clientid -match 00-50-56

The same would work for anything that you can group by OID. Wireshark has a simple OUI lookup tool The nice thing about this tool is you can search manufacturer as well as MAC:

Searching quickly for phones, handsets or anything that can be grouped by OID is easy with this approach.

Search by DHCP scope use:

 $result | Where-Object scopeid -match 10.10.0.0

Search by inactive reservation:

 $result | Where-Object addressstate -match inac

You can search by any of the following criteria:

 IPAddress
 ScopeId
 ClientId
 HostName
 AddressState
 LeaseExpiryTime