7 Simple Steps to Configure IPAM in Windows Server 2012

7 Simple Steps to Configure IPAM in Windows Server 2012

7 Simple Steps to Configure IPAM in Windows Server 2012
IP address
management (IPAM) is a new feature introduced in Windows Server 2012
that allows you to configure, manage and have a general overview of the
network’s IP addresses and ranges. With IPAM, you can search for desired
IP addresses and ranges, manage and configure DHCP scopes and DNS
entries, view the status of your IP addresses blocks and search for free
IP addresses. Large enterprises usually deploy one or multiple IPAM
servers because, as the network evolves, the complexity of its IPs and
subnets increases significantly.

server allows you to track all IP address changes that occur within the
network. I’ve previously used IPAM software from other vendors, but
never from Microsoft. With the release of Windows Server 2012, System
Administrators were able to track and manage all network devices from an
Active Directory domain. Note that this is a requirement of IPAM, you
cannot manage any servers that do not belong from the same Active
Directory forest. Because this is a Microsoft technology, you cannot use
this feature with non-Windows Operating Systems or network devices.
IPAM allows you to manage both DNS and DHCP servers and you can now
easily change DHCP options from one or multiple scopes using the
centralized IPAM console. You can also track dynamically assigned
addresses but also static ones. Both public and private IP addresses can
be tracked with IPAM.

In this
article I will show you how to install and configure IPAM and we’ll
also cover some of its basic features. Note that I will be using a
Virtual Machine hosted in my VMware testing environment running Windows
Server 2012. My VM is also a member of an Active Directory forest so
make sure to cover this aspect as well.

Step 1 – Installation

IPAM can be installed in two ways: using Windows Powershell or by accessing the Roles and Features section from Server Manager Console:
add roles and features wizard
With Windows PowerShell this operation can be performed much faster by executing the following command:
Install-WindowsFeature IPAM –IncludeManagementTools

Step 2 – Provisioning

Once the installation has been successfully completed, open the Server Manger Console and navigate to the IPAM section. Here you will discover all available IPAM server tasks:
ipam server tasks
Select the second option, Provision the IPAM, to start the IPAM configuration wizard. In this section is where the IPAM database, security groups, tasks and folders are created.

Step 3 – Provisioning Method

You must configure how the IPAM server interacts with network servers, there are two options available: manually or by using GPOs.
Simply put, by selecting the first option, an administrator would have
to configure security groups, firewall rules and network shares manually
on each machine. This method is really not recommend since it adds a
lot of extra configurations and increases the overall complexity of the
IPAM deployment.

The second
option is much easier to implement since it uses Group Policy Objects to
configure all IPAM managed servers. Unless you simply cannot you use
the second option, you should always use GPOs to configure servers
managed by IPAM. Note that you have to specify a prefix that will be set
to the IPAM GPOs:

ipam provisioning methods
Once the wizard has been successfully completed, three Group Policy Objects will be created: one for DNS servers, one for DHCP servers and one for Domain Controllers.

Step 4 – Configure Server Discovery

Select the third task from the IPAM console to configure server discovery.
This is where we specify what servers should be discovered by our IPAM
machine. You will need to select and add domains to discover. By
default, all three types of servers are selected: DNS, DHCP and Domain Controllers. You can change the discovery options by selecting only desired types of servers:

configure server discovery

Step 5 – Start Discovery

Once this section has been covered, select the 4th task to start the server discovery procedure:
start server discovery task
If you receive an error stating that discovered machines were blocked, you need to execute the following Powershell command to create the GPOs that later will be assigned to your machines:

Invoke-IpamGpoProvisioning -Domain ppscu.com -GpoPrefixName IPAMPPSCU
invoke ipamgpoprovisioning

Step 6 – Verify GPOs

You can now verify the GPOs in the Group Policy Management Console. Connect to the blocked machine and execute gpupdate /force to propagate the newly created GPOs.
For each machine you will have to change its manageability status to managed, you can do so if you right click on the blocked machine and select edit server:

add or edit server for ipam
The machine should change its IPAM Access status to Unblocked.

Step 7 – Import Data

Now that the server has been added to IPAM, you can retrieve and import its data to the IPAM server if you right click on the machine and select Retrieve All Server Data. You can also execute the 6th available task from the IPAM console to retrieve data from managed servers:
ipam server inventory

That’s about
it for the configuration part of an IPAM server. We’ve covered the most
important steps that you need to take in order to successfully deploy
IPAM within your enterprise. If you have followed these steps precisely,
you should have installed and configured an IPAM machine with at least
one discovered host. Note that same principles are applied when used in a
large organization with multiple hosts.

Leave a Reply