If you currently have no means of automatically tracking IP address utilization or are manually recording IP addresses in a spreadsheet, IP address management (IPAM) can help you organize address assignment and plan better for growth.
IPAM provides IT workers with an overview of network infrastructure services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), and stores information about address assignment. The rapid adoption of virtualization and private clouds adds additional challenges to IP address management, but IPAM steps in to record how resources are being used in constantly changing environments.
IPAM integrates with DHCP and Active Directory (AD) to make it easy for IT workers to search IP address records by IP address, client ID, host name or user name and then export that data to a .csv file. IPAM can store up to 3 years of historical IP address information, including which users were logged on to active IP addresses, providing useful forensic information in the event of an investigation.
IPAM provides a framework for managing IP addresses in ranges and blocks. A block is a high-level management feature that allows you to group ranges of IP addresses for convenience. You might define blocks to separate public and private IP addresses or to determine IP address ranges for geographical locations. An IP address range usually matches a particular DHCP scope and can belong only to one IP address block.
When IPAM discovers a DHCP scope on your network, it automatically enters the information into its database. Blocks and individual IP addresses are not added automatically but can be added manually or imported from a file.
The real power of IPAM lies in its powerful search features, which help you track down how IP addresses are being used, including historical information from the server’s database.
IPAM can monitor multiple DNS and DHCP servers and can provide DNS and DHCP record synchronization and DHCP server and scope management. IT workers have the ability to edit DHCP scope information, and some IPAM management features can be run simultaneously against multiple servers. IPAM supports a maximum of 150 DHCP and DNS servers, 150 DNS zones and 6,000 DHCP scopes. All infrastructure servers, however, must be part of the same AD forest.
IPAM should not be installed on a domain controller (DC), but the server must be a member of the domain. While it is possible to install IPAM on a server running DHCP, it is not recommended, because DHCP server discovery will be disabled.
To install IPAM on Windows Server 2012, log on as a domain administrator, open the PowerShell console with administrative privileges and run the following command:
add-windowsfeature ipam –includemanagementtools
IPAM is managed using Server Manager. In the left pane of Server Manager, select IPAM. This will take you to the Overview page. You should see that the IPAM client is already connected to your newly installed IPAM server. Click Provision the IPAM Server and a new window will open:
Back in the PowerShell console, let’s provision the Group Policy Objects (GPOs) that will allow this IPAM server to connect to machines in our domain.
The command needed is:
invoke-ipamgpoprovisioning –domain ad.contoso.com –gpoprefixname IPAM1
Replace the domain name in the command above with your AD domain name; the GPO prefix name must match the name that you specified in the IPAM provisioning wizard. Don’t forget that you will need to either wait for Group Policy to refresh on the servers in your domain or run the gpupdate command manually on each server.
If you see that IPAM Access Status is shown as Blocked for a discovered server, take the following steps on the discovered server to resolve the issue:
Now we need to change the status of any discovered servers to Managed. To do this, right click a server in the Server Inventory screen and select Edit Server from the menu.
In the Add or Edit Server window, change the Manageability status to Managed and click OK. Right click the server again, and select Retrieve All Server Data from the menu. Repeat this procedure for all discovered servers. Now you are ready to add IP addresses, ranges and blocks to IPAM.