Another New feature that appeared in Windows 8 server is a feature called IPAM.
IPAM is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) ,Domain Name Service (DNS), Network Policy Server (NPS), Active Directory controllers.
- Automatic IP address infrastructure discovery: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.
- Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.
- Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.
- Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console.
Now its a pretty useful tool, since if youre in a large enterprise you tend to lose the overview over you ip addresses. ( The real downside of this, is that It only Works in Windows domains, and it cannot detect Network Devices using SNMP That would be usefull as well)
Of couse you can add this manually into the IPAM server, but for the future add an option to use SNMP for network Devices🙂
Now lets take a quick walktrough of this feature.
In Server Manager, under Configure this local server, click Add Roles and Features.
- In the Add Roles and Features Wizard, click Next four times, and then on the Select features page select the IP Address Management (IPAM) Server checkbox.
- When you are prompted to add required features, click Add Features.
- Click Next, and then click Install.
- Wait for the installation process to complete, verify on the Installation progress page that Installation succeeded on IPAM1.contoso.com is displayed, and then click Close
This is what the menu looks like when its first installed ( I have already configured IPAM on my server, so Your GUI might look a bit different ) In order to make IPAM work you have to change some configurations first.
Start by clicking provision the IPAM server.
Click Next. By default, the Group Policy Based provisioning method is chosen.
- Next to GPO name prefix, type IPAM1 and then click Next.
- On the Summary page, confirm that the GPO names displayed are IPAM1_DHCP, IPAM1_DNS, and IPAM1_DC_NPS, and then click Apply.
What these policies do, are allowing the IPAMUG Group to read event logs on the different server roles ( DHCP, DNS, AD, NPS) edit ACLs on the firewall so that IPAM server can connect over RPC.
Now we have to run the Discover wizard.
In the Configure Discovery Settings dialog box, under Select IPAM domains for discovery, click Add next to (root domain) yourdomain.com
- Verify that the yourdomain.com domain was added and the server roles selected include Domain controller, DHCP server, and DNS server.
- When you are prompted that the discovery scope has been updated, click OK.
Click start server discovery, and then click OK.
Click the Notification flag and then click Task Details
Wait for the IPAM ServerDiscovery task to display a status of Complete under Stage, and then close the Task Details dialog box
In IPAM OVERVIEW, click select or add servers to manage and verify IPAM access. If no servers are displayed, click the Refresh IPv4 icon located next to the Notification flag. The DHCP1 and DC1 servers will be displayed with a manageability status of Unspecified and an IPAM access status of Blocked.
right-click Windows PowerShell and then click Run as Administrator. Click Yesin the User Account Control alert that is displayed.
- Type the following command at the Windows PowerShell prompt, and then press ENTER.
Invoke-IpamGpoProvisioning –Domain test.local –GpoPrefixName IPAM1 –IpamServerFqdn ipam1.test.local –User user1
Now after you ran the Discover wizard you should have some servers / computers appearing in the (Server inventory) right click on those servers you want to manage and choose Edit server. From there you choose Manageability status, choose Managed, and then click OK.
After you done that, log onto the computer and do a gpupdate /force
After this is done it can take up to 10 min before the IPAM servers updates the information. But after that you can see that the IP scopes, DNS zones will be populated. One particular feature I like, is the ability to search for a spesific user and what IP address that user was last logged on.
And as I said earlier if you want to add Devices manually you can to that, by going into the IP Address Inventory, Tasks and choosing Add IPv4 Address.
After this is done you can also add a host record for it on the DNS server, this way you don’t have to open another console or logon to another server in order to manage Your IP adresses and DNS records.
IPAM is a decent tool for address management, I really wish it could integrate with other vendors like Cisco so we got get a better overview. Lets say a user Connects a Laptop to a switch using static ip (and its not a domain Connected computer ) Then it will not appear in the IPAM console. But still it provides some good features so the IT-administrator knows how the usage of IP-addresses are in his/her infrastructure.