Installing the IPAM Feature- Configuring DHCP and IPAM

  1. Open Server Manager.
  2. Click the number 2 link, Add Roles And Features. If the Before You Begin screen appears, just click Next.
  3. Choose a role- based or feature- based installation and click Next.
  4. Select your server and click Next.
  5. On the Roles screen, just click Next.
  6. On the Features screen, click the box for the IP Address Management (IPAM) server (see Figure 6.21). Click the Add Features button when the box appears. Click Next.

FIGURE 6.21 Choosing the IPAM feature

7. At the Confirmation screen, make sure the option Restart The Destination Server

 Automatically If Required is selected (see Figure 6.22) and then click the Install button.

EXERCISE 6.13 (continued)

8. Once the installation is complete, click the Close button. Close Server Manager.

9. In the Add Servers dialog box, click the DNS tab. In the search box, type the name of your DNS server and click the magnifying glass.

10. Under Name, double- click the server name. The server will be added to the right- side box. Click OK. Close Server Manager.

Provision IPAM Manually or by Using Group Policy

When setting up an IPAM server, you must determine how the IPAM server will communicate with your other servers. This is called IPAM provisioning. IPAM provisioning can be set up two ways: manually or by using GPOs.

IPAM will try to locate your DNS servers, DHCP servers, and domain controllers as long as those servers are within the searching scope that you have configured. You can configure whether the servers (DNS, DHCP, and domain controllers) are managed by IPAM or unmanaged. Please note that this will work only with Microsoft products; it won’t find Infoblox or Unix- based DNS/DHCP.

If you want your servers to be managed by IPAM, you must make sure you set up the network and the servers properly. For example, you will need to configure the security settings and firewall ports properly on the servers (DNS, DHCP, and domain controllers) in order to allow IPAM to access these servers and perform its configuration and monitoring.

Once you have decided to use the Group Policy provisioning method, you will be required to create a GPO name prefix in the provisioning wizard (I use IPAM1 in Exercise 6.2). Once you have set up the GPO name prefix, the provisioning wizard will show you the names of the GPOs that you will need to create. You will be required to either manually create or automatically create (using PowerShell) the GPOs for the different servers.

If you decide to manually create the GPOs, you will need to open the Group Policy Management console and then create a GPO for each of the different server types that IPAM will manage. This is a more difficult way to create the GPOs. It is easier to create the provisioned GPOs automatically.

To create these provisioned GPOs automatically, you will need to use the InvokeIpamGpoProvisioning cmdlet at an elevated Windows PowerShell prompt. The following is an example of the Invoke- IpamGpoProvisioning command. In this example, the IPAM server is named IPAMServer. The name of our domain is StormWindStudios.com and the GPO Prefix name will be IPAM1. As you will see in the command, I added a – Force switch to the end of the command. This switch forces the PowerShell command to run without asking the user for confirmation.

Invoke-I pamGPOProvioning – Domain StormWindStudios.com – GpoPrefixName IPAM1 –

IpamServerFqdn IPAMServer.StormWindStudios.com -F orce

After you run the Invoke- IpamGpoProvisioning command, new GPOs will be created based on your network setup. For example, I am running a domain controller and NPS together. So the GPOs may look like the following;

<GPO- prefix>_DHCP

<GPO- prefix>_DNS

<GPO- prefix>_DC_NPS

The created GPOs will all have the GPO Prefix name that you used in the InvokeIpamGpoProvisioning command. For example, I used IPAM1 in the previous InvokeIpamGPOProvisioning command. So my actual GPOs look like the following:

IPAM1_DHCP

IPAM1_DNS

IPAM1_DC_NPS

In order for IPAM to automatically manage these servers, you must create these GPOs. After the GPOs are created, IPAM will be able to manage these servers through the IPAM console. When an IPAM server no longer manages these servers (servers will be shown as unmanaged), the GPOs can be removed.

The IPAM server needs to be able to manipulate the GPOs directly. To ensure that IPAM can manage the GPOs directly, you must make sure that the GPO security filtering includes the IPAM servers. If the IPAM servers are not added to the security filtering for the GPOs, the IPAM server will not be able to manage these other servers (DNS, DHCP, and NPS).

In Exercise 6.14, I will walk you through the process of provisioning your IPAM server. I will also show you how to create the GPOs needed for the IPAM provisioning, and then I will show you how to add the IPAM servers to the GPOs security filter. To complete this exercise properly, you will need to log into the IPAM Server with a domain admin account or higher.

Leave a Reply

Your email address will not be published. Required fields are marked *