{"id":4211,"date":"2015-11-15T12:35:07","date_gmt":"2015-11-15T18:35:07","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=4211"},"modified":"2015-10-16T16:40:37","modified_gmt":"2015-10-16T21:40:37","slug":"7-simple-steps-to-configure-ipam-in-windows-server-2012","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/7-simple-steps-to-configure-ipam-in-windows-server-2012\/","title":{"rendered":"7 Simple Steps to Configure IPAM in Windows Server 2012"},"content":{"rendered":"

\"ip<\/a><\/p>\n

IP address management (IPAM) is a new feature introduced in Windows Server 2012 that allows you to configure, manage and have a general overview of the network\u2019s IP addresses and ranges. With IPAM, you can search for desired IP addresses and ranges, manage and configure DHCP scopes and DNS entries, view the status of your IP addresses blocks and search for free IP addresses. Large enterprises usually deploy one or multiple IPAM servers because, as the network evolves, the complexity of its IPs and subnets increases significantly. <\/span><\/p>\n

An IPAM server allows you to track all IP address changes that occur within the network. I\u2019ve previously used IPAM software from other vendors, but never from Microsoft. With the release of Windows Server 2012, System Administrators were able to track and manage all network devices from an Active Directory domain. Note that this is a requirement of IPAM, you cannot manage any servers that do not belong from the same Active Directory forest. Because this is a Microsoft technology, you cannot use this feature with non-Windows Operating Systems or network devices. IPAM allows you to manage both DNS and DHCP servers and you can now easily change DHCP options from one or multiple scopes using the centralized IPAM console. You can also track dynamically assigned addresses but also static ones. Both public and private IP addresses can be tracked with IPAM.<\/span><\/p>\n

In t<\/span>his article I will show you how to install and configure IPAM and we\u2019ll also cover some of its basic features. Note that I will be using a Virtual Machine hosted in my VMware testing environment running Windows Server 2012. My VM is also a member of an Active Directory forest so make sure to cover this aspect as well.<\/p>\n

Step 1 \u2013 Installation<\/span><\/h3>\n

IPAM can be installed in two ways: using Windows Powershell<\/i> or by accessing the Roles and Features section<\/i> from Server Manager Console<\/i>:<\/span><\/p>\n

\"add<\/a><\/p>\n

With Windows PowerShell this operation can be performed much faster by executing the following command:<\/span><\/p>\n

Install-WindowsFeature IPAM \u2013IncludeManagementTools<\/i><\/span><\/p>\n

Step 2 \u2013 Provisioning<\/span><\/h3>\n

Once the installation has been successfully completed, open the Server Manger Console<\/i> and navigate to the IPAM<\/i> section<\/i>. Here you will discover all available IPAM server tasks:<\/span><\/p>\n

\"ipam<\/a><\/p>\n

Select the second option, Provision the IPAM<\/i>, to start the IPAM configuration wizard<\/i>. In this section is where the IPAM database<\/i>, security groups<\/i>, tasks<\/i> and folders<\/i> are created.<\/span><\/p>\n

Step 3 \u2013 Provisioning Method<\/span><\/h3>\n

You must configure how the IPAM server interacts with network servers, there are two options available: manually<\/i> or by using GPOs<\/i>. Simply put, by selecting the first option, an administrator would have to configure security groups, firewall rules and network shares manually on each machine. This method is really not recommend since it adds a lot of extra configurations and increases the overall complexity of the IPAM deployment.<\/span><\/p>\n

The second option is much easier to implement since it uses Group Policy Objects to configure all IPAM managed servers. Unless you simply cannot you use the second option, you should always use GPOs to configure servers managed by IPAM. Note that you have to specify a prefix that will be set to the IPAM GPOs:<\/span><\/p>\n

\"ipam<\/a><\/p>\n

Once the wizard has been successfully completed, three Group Policy Objects<\/i> will be created: one for DNS<\/i> servers, one for DHCP<\/i> servers and one for Domain Controllers<\/i>.<\/span><\/p>\n

Step 4 \u2013 Configure Server Discovery<\/span><\/h3>\n

Select the third task from the IPAM console to configure server discovery<\/i>. This is where we specify what servers should be discovered by our IPAM machine. You will need to select and add domains to discover. By default, all three types of servers are selected: DNS<\/i>, DHCP<\/i> and Domain Controllers<\/i>. You can change the discovery options by selecting only desired types of servers:<\/span><\/p>\n

\"configure<\/a><\/p>\n

Step 5 \u2013 Start Discovery<\/span><\/h3>\n

Once this section has been covered, select the 4th task to start the server discovery<\/i> procedure<\/i>:<\/span><\/p>\n

\"start<\/a><\/p>\n

If you receive an error stating that discovered machines were blocked,<\/i> you need to execute the following Powershell command to create the GPOs that later will be assigned to your machines:<\/span><\/p>\n

Invoke-IpamGpoProvisioning -Domain ppscu.com -GpoPrefixName IPAMPPSCU<\/i><\/span><\/p>\n

\"invoke<\/a><\/p>\n

Step 6 \u2013 Verify GPOs<\/span><\/h3>\n

You can now verify the GPOs in the Group Policy Management Console<\/i>. Connect to the blocked machine and execute gpupdate \/force<\/i> to propagate the newly created GPOs.<\/span><\/p>\n

For each machine you will have to change its manageability status to managed<\/i>, you can do so if you right click<\/i> on the blocked machine and select edit server<\/i>:<\/span><\/p>\n

\"add<\/a><\/p>\n

The machine should change its IPAM Access status to Unblocked. <\/span><\/p>\n

Step 7 \u2013 Import Data<\/span><\/h3>\n

Now that the server has been added to IPAM, you can retrieve and import its data to the IPAM server if you right click<\/i> on the machine and select Retrieve All Server Data<\/i>. You can also execute the 6th available task from the IPAM console to retrieve data from managed servers<\/i>:<\/span><\/p>\n

\"ipam<\/a><\/p>\n

That\u2019s about it for the configuration part of an IPAM server. We\u2019ve covered the most important steps that you need to take in order to successfully deploy IPAM within your enterprise. If you have followed these steps precisely, you should have installed and configured an IPAM machine with at least one discovered host. Note that same principles are applied when used in a large organization with multiple hosts. I want to further discuss about other aspects of this technology so stay tuned for the following article in which we\u2019ll mostly talk about IPAM IP address spaces. Wish you all the best!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

IP address management (IPAM) is a new feature introduced in Windows Server 2012 that allows you to configure, manage and have a general overview of the network\u2019s IP addresses and ranges. With IPAM, you can search for desired IP addresses and ranges, manage and configure DHCP scopes and DNS entries, view the status of your […]<\/p>\n","protected":false},"author":4,"featured_media":4223,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,9,8],"tags":[],"class_list":["post-4211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to","category-technical","category-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=4211"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4211\/revisions"}],"predecessor-version":[{"id":4225,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/4211\/revisions\/4225"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/4223"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=4211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=4211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=4211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}