Implementing & Configuring IPAM in Windows Server 2012 R2

Send Us a Sign! (Contact Us!)

With the development of IPv6 and the bunch of devices that require IP addresses, networks have become so much complex and difficult for us to manage.

Maintaining an updated list of static IP addresses that have been issued has often been a manual task, which can lead to errors. To help organizations manage IP addresses, Windows Server 2012 R2 provides the IP Address Management (IPAM) tool.

IP address management is a difficult task in large networks, because tracking IP address usage is largely a manual operation. Windows Server 2012 introduces IPAM, which is a framework for discovering, auditing, monitoring utilization, and managing the IP address space in a network.

IPAM enables the administration and monitoring of DHCP and DNS, and provides a comprehensive view of where IP addresses are used.

IPAM collects information from domain controllers and Network Policy Servers (NPSs), and then stores that information in the Windows Internal Database.

Benefits of IPAM:

  • IPv4 and IPv6 address space planning and allocation.
  • IP address space utilization statistics and trend monitoring.
  • Static IP inventory management, lifetime management, and DHCP and DNS record creation and deletion.
  • Service and zone monitoring of DNS services.
  • IP address lease and logon event tracking.
  • Role-based access control (RBAC).
  • Remote administration support through RSAT.
  • Reporting in the IPAM management console.

In case you are interested to learn how to implement & configuring IPAM, please make sure that you prepare a complete LAB environment and of course you may setup the whole infrastructure in Hyper-V. Confirm that you have 1 Domain Server and at least 1 member server, in this demo, we will use adatum domain with 1 Domain Controller Server and 2 Member Server, which is SVR1 & SVR2.

There are almost 40 over step just to complete the basic of IPAM implementation & configuration, so please spend some time to read and understand how IPAM working in Windows Server 2012 R2.

Installing IPAM in Member Server

Log in to your member Server (SVR2), open Server Manager, click add roles & features, proceed to Select features interface, and select the IP Address Management (IPAM) Server check box and proceed with Next…

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Confirm installation selections interface, click Install:

Implementing & Configuring IPAM in Windows Server 2012 R2

Close the Installation progress interface when installation is complete:

Implementing & Configuring IPAM in Windows Server 2012 R2

Provisioning IPAM through a Group Policy Object (GPO)

In the Member server, on the Server Manager, click IPAM:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the IPAM Overview interface, click Connect to IPAM server:

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Connect to an IPAM Server interface, click LON-SVR2.Adatum.com (your server name), and then click OK:

Implementing & Configuring IPAM in Windows Server 2012 R2

Next, click Provision the IPAM server:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Provision IPAM Wizard interface, on the Before you begin page, click Next:

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Configure database interface, click Next:

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Select provisioning method interface, ensure that the Group Policy Based is selected then in the GPO name prefix box, type IPAM, and then click Next:

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Confirm the Settings interface, click Apply. Provisioning will take a few minutes to complete.

Implementing & Configuring IPAM in Windows Server 2012 R2

Click Close once provisioning is complete.

Implementing & Configuring IPAM in Windows Server 2012 R2

Configure IP Management Server Discovery

On the IPAM Overview interface, click Configure server discovery:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Configure Server Discovery settings box, click Add (verify that you add the correct domain):

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Configure Server Discovery box, confirm that Domain Controller, DHCP Server and DNS Server is selected and then click OK:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the IPAM Overview interface, click Start server discovery. Discovery may take around 5 to 10 minutes to run:

Implementing & Configuring IPAM in Windows Server 2012 R2

After few minutes, the yellow bar will indicate that the discovery is completed:

Implementing & Configuring IPAM in Windows Server 2012 R2

Configure managed servers

In the IPAM Overview interface, click Select or add servers to manage and verify IPAM access.

Implementing & Configuring IPAM in Windows Server 2012 R2

Notice that the IPAM Access Status is blocked. This also indicate that IPAM server has not yet been granted permission to manage the domain server via Group Policy.

Implementing & Configuring IPAM in Windows Server 2012 R2

We will use Windows PowerShell to provisioning the IPAM GPO:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Windows PowerShell type:

Invoke-IpamGpoProvisioning –Domain Adatum.com –GpoPrefixName IPAM –IpamServerFqdn LON-SVR2.adatum.com –DelegatedGpoUser Administrator

When you are prompted to confirm the action, type Y, and then press Enter. The command will take a few minutes to complete.

Implementing & Configuring IPAM in Windows Server 2012 R2

Next, in the SERVER INVENTORY > IPv4 pane, right-click LON-DC1, and then click Edit Server:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Add or Edit Server box, set the Manageability status to Managed, and then click OK:

Implementing & Configuring IPAM in Windows Server 2012 R2

Please switch to Domain Server and run gpudate /boot /force command to update the IPAM GPO. Next, in the IPAM console, right-click LON-DC1, and then click Refresh Server Access Status.

It may take up to 10 minutes for the status to change.

Implementing & Configuring IPAM in Windows Server 2012 R2

Refresh tasks as needed until a green check mark displays next to LON-DC1 and the IPAM Access Status shows Unblocked for the server. Next, right-click LON-DC1 and then click Retrieve ALL Server Data.

This action also will take a few minutes to complete.

Implementing & Configuring IPAM in Windows Server 2012 R2

Configure and verify a new DHCP scope with IPAM

In the IPAM navigation interface, under MONITOR AND MANAGE, click DNS and DHCP Servers. Then right-click the instance of LON-DC1.Adatum.com that contains the DHCP server role, and then click Create DHCP Scope.

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Create DHCP Scope box, in the Scope Name box, type Branch Scope:

  • In the Start IP address box, type 10.0.0.50.
  • In the End IP address box, type 10.0.0.100.
  • Subnet mask is 255.0.0.0.

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Create scope pane, click Options:

  • On the DHCP Scope Options interface, click New.
  • In the Configure options interface, in the Option select 003 Router.
  • Under Values, in the IP Address box, type 10.0.0.1, click Add Configuration, and then click OK.

Implementing & Configuring IPAM in Windows Server 2012 R2

Verify the configuration, then click OK:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the navigation interface, click DHCP Scopes, then right-click Branch Scope, and then click Configure DHCP Failover:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Configure DHCP Failover Relationship interface, for the Partner server field, click the click lon-svr1.adatum.com…

  • In the Relationship Name field, type AdatumDHCPFailover.
  • In the Enable Message Authentication Secret field, type Pa$$w0rd.
  • In the Maximum Client Lead Time field, set the minutes to 10.
  • Ensure the Mode field is set to Load balance.

Implementing & Configuring IPAM in Windows Server 2012 R2

Verify that the Load Balance Percentage is set to 50%. Select the Enable state switchover check box. Leave the default value of 60 minutes and then click OK.

Implementing & Configuring IPAM in Windows Server 2012 R2

Switch to Domain Server, and open DHCP console. Expand lon-dc1.adatum.com, expand IPv4, and confirm that Branch Scope exists.

Implementing & Configuring IPAM in Windows Server 2012 R2

Configure IP address blocks, record IP addresses, and create DHCP reservations and DNS records

Still in IPAM Server, click IP Address Blocks, in the right pane, click the Tasks drop-down arrow, and then click Add IP Address Block.

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Add or Edit IPv4 Address Block box, provide the following values, and then click OK: (please refer to picture)

Implementing & Configuring IPAM in Windows Server 2012 R2

Next, click IP Address Inventory, in the right pane, click the Tasks drop-down arrow, and then click Add IP Address:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Add IP Address box, under Basic Configurations, provide the following values:

Implementing & Configuring IPAM in Windows Server 2012 R2

Click again the Tasks drop-down arrow, and then click Add IP Address:

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Add IP Address box, under Basic Configuration, provide the following values: (Please refer to the picture)

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Add IPv4 Address pane, click DHCP Reservation, and then enter the following values: (Please refer to the picture)

Implementing & Configuring IPAM in Windows Server 2012 R2

In the Add IPv4 Address pane, click DNS Record, enter the following values: (Please refer to the picture)

Implementing & Configuring IPAM in Windows Server 2012 R2

On the Summary interface, verify that the task is complete without failed:

Implementing & Configuring IPAM in Windows Server 2012 R2

Switch to Domain Server and open DHCP console, expand IPv4, expand Scope (172.16.0.0) Adatum, and then click Reservations.

Verify that the reservation for 172.16.0.10 is displays.

Implementing & Configuring IPAM in Windows Server 2012 R2

Lastly, open the DNS console, expand Forward Lookup Zones, and then click Adatum.com.

Verify that a host record displays for Webserver.

Implementing & Configuring IPAM in Windows Server 2012 R2

Finally we have managed, installed IPAM and configured IPAM with IPAM related GPOs, IP management server discovery, managed servers, a new DHCP scope, IP address blocks, IP addresses, DHCP reservations, and DNS records.

Category