Another option (skipping the part about users using the /Renew and /Release options etc, since that's (I think) an unlikely event) is to use a program like Delayer.exe. Is can be run from commandline (login script) and can be used to execute a script after for instance 45 seconds or so. It has an option to be hidden from the user, so this might be an idea? This way, if the IP address is changed during logon, you'll get the IP address that's really being used... I don't have a URL for you, but if you can't find it, I can mail it to you if you like. 
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
