IPAM is a brand new feature of Windows Server 2012 which allows the administrator to take control, keep track of and manage TCP/IP information in terms of DNS, DHCP and NPS services. Furthermore, in Windows Server 2012 R2, you can store IPAM data in a remote SQL Server versus an internal database as in the Server 2012 counterpart.
Hardware, Software, and Network Requirements:
This lab will use two computers:
DC2012: Domain Controller (ADDS) with DNS and DHCP server running Windows Server 2012 R2.
IP Address: 10.0.0.10/24, DGW: 10.0.0.1. DNS: 10.0.0.10, 8.8.8.8
SERVER1: Domain Member running Windows Server 2012 R2.
IP: 10.0.0.101/24, DGW: 10.0.0.1. DNS: 10.0.0.10, 8.8.8.8
Please refer to the following network diagram for physical topology details:
Figure 1: Network diagram for the IPAM Lab.
Pre-requisites:
Promote DC2012 to a Domain Controller using Server Manager, Install DNS and GC roles during the ADDS installation process.
Join Server1 as a member of the domain maattoos.local.
Procedures:
On DC2012, launch dsa.msc. Add Server1 into the built-in group called “Event Log Readers.” Then also add Server1 into the built-in group called “DHCP Users.”
On Server1, add role “IP Address Management (IPAM) Server” feature. Click Next.
Click the Add Features button to add the required features for IPAM. You should review this list to have an idea what the required features are.
Click Next, then click Install. Close the installation wizard when done.
IPAM Configurations:
On Server1, open Server Manager, click IPAM to open the IPAM Server Tasks. There are six tasks that we need to configure before the IMAP server is ready to be used.
Click 1 – Connect to IPAM Server. This allows us to connect to the IPAM server to manage. In our case, we will connect to Server1.
Highlight Server1.maattoos.local and click OK.
Click 2 – Provision the IPAM Server to prepare for the IPAM.
Click Next at the welcome screen. Then click Next again.
Choose Windows Internal Database (for this lab purposes).
Choose Group Policy Based for IPAM, and prefix the policy names with the string IPAM. Click Next.
Confirm all the settings and click Apply.
Wait for the provisioning process. Click Close when done.
Click 3 – Configure Server discovery.
Choose domain maattoos.local and click Add.
Click OK.
Click 4 – Start server discovery to search for DHCP and DNS server.
Wait for the process to complete.
Now click 5 – Select or Add to manage and verify IPAM Access to choose the DHCP and DNS Server that you want to manage.
You can see that IMAP detects DC2012 as this server has ADDS, DHCP, and DNS. But right now IPAM cannot manage this server yet, it is currently being blocked.
Now we need to enter this PowerShell command to give right to IPAM so that it can manage the server services:
Invoke-IpamGpoProvisioning –Domain maattoos.local –GpoPrefixName IPAM –IpamServerFqdn Server1.maattoos.local –DelegatedGpoUser Administrator
Press Y to confirm Yes.
When finished, open GPMC.MSC, you will see three new GPOs linked to maattoos.local domain.
They all start with the prefix “IPAM” as we instructed it to do earlier.
Now in the IPAM server, right-click on DC2012 and click Edit Server.
Change the Manageability from Unspecified to Managed.
Notice that the server status is still shown as Blocked.
On both DC2012 and Server1, type GPUPDATE /FORCE to apply the policies right away instead of waiting for the scheduled replication to happen.
On both servers, use GPRESULT /R to check results of GPO. Ensure that DC2012has three GPO IMAP_DNS, IP_DHCP, and IPAM_DC_NPS.
On DC2012:
Back to IPAM, right-click DC2012, choose to Refresh Server Access Status.
When the update is completed, the server status becomes Unblocked. This is the most frustrating part of the setup. Sometimes it takes a long time for the status to become Unblocked. However, we need to be patient for the status to change form Blocked to Unblocked.
Now retrieve all information from the server by (in IPAM) Right-clicking on DC2012, click Retrieve All Server Data.
Now you can use IPAM to manage DHCP and DNS Server in the network.
Click DNS and DHCP Server, you will see both servers have “Running” status.
Click DHCP Scope, right-click on the DHCP Server, you will have all options to manage your DHCP Server scopes.
This lab just demonstrates some basic areas that you can manage using IPAM. I will write another lab to demonstrate advanced usage/configurations of IPAM.
No comments:
Post a Comment