I have been working with this organization as an SCCM Engineer and recently came into a discussion pertaining to the DHCP and DNS configurations. DNS and DHCP have been recently reconfigured to NOT be integrated anymore. I strongly am against this and feel that the organization is moving in the wrong direction, however, they are not my systems to support (though it greatly impacts my SCCM environment). Any advice would be great: Old Configuration: DNS Configured with Non-secure Updates and scavenging every 4 daysDHCP registering DNS requests on behalf of clients **Please note that some of the Server A and PTR Records are ALSO in the same forward lookup zone as the workstations. ** Issues that Occurred: Mobile phones had same names as existing workstations / servers and overwrote the good records.Non Domain Member Workstation joins Network and registers in DNS. Architecture that Organization Moved To (which I believe is the wrong direction): Disable DNS and DHCP IntegrationDNS Configured to Secure-Only UpdatesA Script (yes I said it) was created to delete any duplicate A and PTR records in DNS (deleting the oldest record and this script runs every 15 minutes) for the workstation Forward Lookup Zone. Problems: If a computer is replaced with a new computer, there will be TWO entries in DNS until the script runs.If we change back to DNS and DHCP integration we will have manage the permissions on the DNS records to allow DHCP to modify those records on change. Things we want to avoid: Mobile phones had same names as existing workstations / servers and overwrote the good records.Non Domain Member Workstation joins Network and registers in DNS. So we made a call into Microsoft I was not on the call; however, they asked Premier support the best way to architect this solution. I feel that the conversation was scripted as it was what is the best way to support what we have put ourselves into, rather than what is the Microsoft Recommended method to Manage DNS and DHCP. I have my own opinion on how to solve this, however, I dont want to guide the community to a solution that I want to implement. I want to know.. What is the best way to architect this? Please ask questions as I know I May have left out important details.

Hi, Thank you for the post. The best way is: 1.Enable DNS and DHCP integration 2.Configure DNS zone Dynamic update to secure-only If the zone is set for Secure Updates Only, then DHCP cannot update non-Microsoft clients and Microsoft clients that are not joined to the domain. 3.Enable DNS Scavenging http://support.microsoft.com/kb/816592 http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx If there are more inquiries on this issue, please feel free to let us know. RegardsRick Tan TechNet Community Support