Using IP Address Management to keep track of your used IP addresses
The IP Address Management (IPAM) tool is a little-known utility built into Windows Server 2016. IPAM is a way that you can centrally monitor and manage some of the common infrastructure roles spread out around your network. Specifically for this recipe, we will be taking a look at IP addressing by using IPAM. Particularly in environments where there may be many different DHCP servers hosting different scopes spread out around your network, IPAM can be extremely useful for pulling all of that information into one management interface. This saves a lot of time and effort as opposed to launching the DHCP Manager console on each of your DHCP environments separately and trying to monitor them individually.
Getting ready
We have a domain network running that consists of all Server 2016 servers. Included in our network is a domain controller that is also serving as a DHCP server. We are adding a new server to this mix called IPAM1. This new server will be our IPAM management server, as the IPAM feature should not co-exist with either the AD DS Role or with the DHCP Role.
How to do it…
Let's take a look at our IP address utilization with the IPAM feature:
While logged in to the new server that you intend to use for IPAM, click the Add roles and features link from inside Server Manager.
Walk through this wizard, choosing the option to add the feature called IP Address Management (IPAM) Server.
Once the feature has been installed, you should see a new listing for IPAM in the left window pane of Server Manager. Go ahead and click there.
You will see that step 1 is already accomplished; the IPAM console is successfully connected to the local server. Go ahead and click on step 2 in order to provision the IPAM server.
Click Next, after reading the information listed on that screen. As you can see, the best way to set up the interaction between the IPAM server and the infrastructure servers is to utilize Group Policy. We will define the settings for that on an upcoming screen in this wizard.
You should now be on the Configure database screen and we will leave the default option selected to utilize Windows Internal Database (WID).
Now we get to select our provisioning method, which is where we are going to tell IPAM to use Group Policy in order to distribute the settings that it needs in order to manage and grab data from our infrastructure servers. Define a GPO prefix that is specific to this IPAM server.
Before we complete this wizard, we need to take a special action in order to provision these GPOs so that the wizard can make use of them. To do this, we are going to use a PowerShell cmdlet. Open up PowerShell with administrative rights. Make sure you are logged into the server as a domain admin before running this cmdlet.
Type the following command into PowerShell: Invoke-IpamGpoProvisioning.
It will ask you to key in the name of your domain, as well as the GpoPrefixName. This is the same prefix that you just typed into the IPAM Wizard, so make sure you enter it exactly the same.
Now that our GPOs have been created, head back over to the IPAM Wizard and click the Apply button to finish it.
Now back at the IPAM section of Server Manager, click on step 3-Configure server discovery.
Use the Add button in order to query your domain for infrastructure services that can be monitored by IPAM. Select the roles you would like to pull data from (I am going to leave all three checked) and click the OK button.
Click on step 4-Start server discovery. Wait for discovery to complete.
Click on step 5-Select or add servers to manage and verify IPAM access.
Right-click on the server that you want to collect data from and choose Edit Server….
Change the server's Manageability status field to Managed.
Now head back to the main IPAM window in Server Manager and click on step 6-Retrieve data from managed servers.
Tip
You may have to wait for a little while to allow Group Policy to do its job in rolling out the settings.
Once data collection completes, you now have the ability to browse around inside the IPAM management console and view data about your DNS and DHCP infrastructure. For example, click on IP Address Range Groups to see a list of the DHCP scopes that are present on the DHCP servers that you are currently managing.
How it works…
The IP Address Management (IPAM) tool takes a little bit of work to configure initially but can be very beneficial later. Once configured to pull in data from your Domain Controllers, DNS servers, and DHCP servers, IPAM can be your one-stop-shop for monitoring and managing data related to these infrastructure roles. This is particularly helpful where you have many servers providing these roles, such as the case of multiple DHCP servers that each contain different scope definitions. In the past, you would have had to log in to each DHCP server or at least do remote management of them via Server Manager or some other tool, but ultimately you would still be viewing and managing the DHCP scopes individually. With IPAM, it brings all of this information into one place so that you can make decisions and configuration changes within your network while looking at the overall bigger picture.