Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
Let me ask you a question. You’re an IT pro, how do you keep track of all the IP addresses on your network?
I don’t mean how you distribute them, but how do you keep track of the static addresses? How do you report on them? Maybe you have them all itemized on an Excel spreadsheet. Does everyone in your shop keep track as diligently as you? Is it up to date?
Now you don’t have to. IPAM to the rescue. It’s part of the new functionalities included in Windows Server 2012 and Windows Server 2012 R2
IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on your network. IT includes components for:
It can be a huge help for you to be able to automatically manage your DNS, DHCP and all the monitoring and auditing.Here’s how we do it.
IPAM is a feature of and it need to be installed using Server Manager or PowerShell.
Install-WindowsFeature IPAM –IncludeManagementTools
Whichever you’re most familiar with.
Once installed you need to choose your provisioning method. The provisioning method is the process of enabling required permissions, files shares, and access settings on managed servers so that the IPAM server can communicate with them. You can choose either the manual or Group Policy Based method. Pick the one that’s best for you and remember, you can’t change it later.
In our case we will use the Group Policy method
In Server manager, in the IPAM section. Select Provision the IPAM server, and go through the provisioning wizard.
We’ll create the GPOs later. Next we need to configure the Server discovery.
When you configure server discovery, you are defining the domains that the IPAM server can monitor and manage (also called the scope of discovery). An IPAM server can monitor and manage multiple domains as long as they are part of the same Active Directory forest as the IPAM server.
3. To remove a domain from the scope of discovery, click the domain and then click Remove.
4. By default all server roles are enabled in the domains you select. To remove a server role from the scope of discovery for a specific domain, de-select the checkbox under the appropriate server role.
5. Click OK when you are finished.
Domain controllers, DHCP servers, and DNS servers can be discovered on the network, provided they are running Windows Server® 2008 or a later operating system. Computers running NPS must be added manually to the server inventory
Since this is the first time we are discovering servers, we will discover servers by running the server discovery task. This task also runs regularly on the IPAM server with a default frequency of once per day, and will discover new servers automatically provided that they meet the conditions for discovery.
Conditions for discovery depend on the type of role services that are installed and running on managed servers. For example, a DHCP server will not be discovered if it is not authorized in Active Directory or does not have any DHCP scopes configured. DHCP scopes do not need to be active to be discovered. A DNS server will not be discovered unless it is authoritative for an Active Directory domain configured in the scope of discovery
When we picked the Provisioning method. We picked the GPO method, however the wizard did not actually create the group policies. All it did is configure and assign the names for them.
There are 3 policies that need to be created. The GPO Prefix we selected in step 2 is IPAM. So our 3 policies will be:
They will created by running the following PowerShell script.
Invoke-IpamGpoProvisioning –Domain contoso.com –GpoPrefixName IPAM –IpamServerFqdn dc1.contoso.com
You can find all the info on the available parameters is provided in the following TechNet article.
So far we:
Now we need to choose our managed servers.
Choosing a managed server is done by assigning manageability status. In our case since we chose the GPO method, a manageability status of Managed means that the server will automatically be added to security filtering in the appropriate IPAM GPO.
Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure
After you have verified the IPAM server has access to managed servers, you can retrieve data from managed servers to begin populating the IPAM database. You might also want to retrieve server data after a configuration change or just to obtain updated information. You do not have to manually retrieve data from managed servers because scheduled tasks on the IPAM server will perform this task automatically
You’re environment is now set to discover, monitor, auditi, and manage the IP address space used your network.
Next week we’ll look into each of these functions.
But in the meantime, set it up for yourself. And start reaping the benefits. Get the preview of Windows Server 2012 R2 here.
Check out those MVA Modules:
Windows Server 2012 Training: Networking
Pierre Roman, MCITP, ITIL | Technology Evangelist Twitter | Facebook | LinkedIn
Above documents was very nice but i want to more depth how to configure servers and ips to use IPAM tool
I'm glad you liked the post. I'm actually working on more IPAM content as we speak. I wanted to cut it in manageable chunks to allow for easier consumption.
keep an eye on the blog roll. IPAM content is on it's way.