IP Address Management (IPAM) in Windows Server 2012

To us Windows systems administrators, the term “TCP/IP network infrastructure” typically brings the following technologies to mind:

• IP addressing strategy (IPv4 and IPv6)
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name Service (DNS)
• Active Directory Domain Services (AD DS)
• (Optionally) Network Policy Server (NPS)

Historically, Microsoft hasn’t had a great deal of integration among the various Microsoft network infrastructure tools. Sure, Microsoft DHCP has the ability to automatically update DNS records. However, how can we, for instance, monitor IP address utilization at a glance? How can we maintain compliance with industry or internal regulations by auditing IP addressing and configuration changes?
Microsoft has given us an excellent suite of TCP/IP infrastructure administration tools in Internet Protocol Address Management (IPAM). IPAM is a new feature of Windows Server 2012 (currently known as Windows Server 8 Beta) that makes network infrastructure maintenance spreadsheets (!) or expensive enterprise solutions like Microsoft System Center irrelevant, at least with regard to IP address management.
In this blog post we will dive right into the IPAM setup workflow. After that we will examine some of the business use cases of this technology.

Installing IPAM

We install IPAM on our management server by using either Windows PowerShell or the Add Roles and Features Wizard from Server Manager. As you can see in the following figure, IPAM is officially classified as a feature.

Installing IP Address Management (IPAM)

Provisioning IPAM

In order to link our network infrastructure servers with our centralized IPAM solution, we must either configure settings manually on each server, or use Group Policy Object (GPO)-based provisioning. Obviously, the latter technique is preferred because it is largely automated.
NOTE: Trust me, you do NOT want to configure the IPAM provisioning steps manually. Talk about tedious!
The Provision IPAM Wizard deploys separate GPOs for provisioning IPAM on your DHCP servers, DNS servers, domain controllers, and NPS servers. In addition, the Provision IPAM Wizard creates the required network shares and security groups as well as creates the necessary Windows Firewall network traffic exceptions.

The Provision IPAM Wizard

NOTE: You cannot configure IPAM on a domain controller. I promise you that IPAM provisioning will fail if you try to do so.

Configuring and starting Server Discovery

During the IPAM server discovery step, we instruct IPAM to scour our Active Directory domain in search of network infrastructure servers.
As you can see in the following screen shot, we can simply select the domain(s) to discover and then click OK to continue.

Configuring IPAM Server Discovery

To actually start server discovery, we click Start server discovery in the IPAM Server Tasks pane in Server Manager. Once discover completes successfully, we can proceed.

Performing Server Discovery

Adding servers to manage

From Server Manager, we can click Select or add servers to manage and verify IPAM access to continue our journey of IPAM initial configuration.
We need to grant our IPAM server permission to manage my network infrastructure server(s) by using GPOs. To do that, we can run the Invoke-IpamGpoProvisioning Windows PowerShell cmdlet. In the following example, we specify dc01 as our network infrastructure server, ipamgpo as our GPO prefix, and nuggetlab.com as our AD DS domain.
Invoke-IpamGpoProvisioning –Domain nuggetlab.com –GpoPrefixName ipamgpo –IpamServerFqdn dc01.nuggetlab.com
In addition to the IPAM access status displaying as Unblocked for your infrastructure servers, you will also want to open the Group Policy Management Console and verify that the GPOs have been created for your managed TCP/IP network services.

Verifying IPAM GPOs in Group Policy Management Console

Retrieving data from managed servers

In the IPAM Server Inventory list, we can right-click an infrastructure server and select Retrieve All Server Data to query the system and, well, retrieve all server data that is related to the network service(s) that it hosts.
As you see in the following screenshot, a properly configured IPAM server offers the administrator a wide variety of centralized management and monitoring information, all within easy reach.

IPAM admin tasks

Conclusion

So there you have it! IP Address Management is intended to make TCP/IP network service management easier for us busy Windows systems administrators. I hope that you now have a clear picture of what IPAM is and how to configure the service in Windows Server 2012. Please feel free to leave any questions or remarks in the comments portion of this post.

Posted in: Window Server