How to Install and Configure IPAM Windows Server 2016?
Install and Configure IPAM Windows Server 2016. IPAM lets you centrally view, manage, and configure the IP address space in your organization. With IPAM, you can look at all your address blocks and ranges, find free IP addresses, manage DHCP scopes across multiple servers, create DHCP reservations and DNS host records, and even search for address assignments by device name, location, or other descriptive.
Important: IPAM Server must be installed on a domain member computer running Windows Server® 2016 or a later operating system. The IPAM server is intended as a single purpose server and should not be installed with other network infrastructure roles such as DNS or DHCP. You cannot install IPAM on a domain controller. If IPAM Server is running on a computer that is also running the DHCP Server role, discovery of DHCP servers on the network will be disabled.
Install IPAM in Windows Server 2016
#1. On the Server Manager Dashboard page, click Add roles and features, click Next twice, and select the IPAM server from the server pool. By default, the current server is selected.
#2. Click Next twice and then on the Select features page, select the IP Address Management ﴾IPAM﴿ Server checkbox. In the Add features that are required for IP Address Management ﴾IPAM﴿ Server dialog box, click Add Features. Click Next.
#3. On the Confirm Installation Selection page, click Install.
#4. When the installation process is complete, click close button.
Configure IPAM Windows Server 2016
Now we are going to configure IPAM server, in windows server 2016 step by step, to configure IP Address Management (IPAM), follow these steps.
#1. On Server Manager dashboard page, click IPAM from the left side, as shown in.
#2. On the IPAM Overview page, click Provision the IPAM server. The Provision IPAM wizard will open.
#3. Read the information at the start of the Wizard and click Next.
#4. On the Configure Database screen select to either use the WID or SQL Server, I chose Windows Internal Database (WID) and click Next.
#5. On the Select provisioning method page, choose either the Manual or Group Policy Based radio button. If the Group Policy Based method was chosen, type a GPO prefix next to GPO name prefix. And then click Next.
#6. Click Next, and then on the Summary page review the settings that will be applied below Confirm the Settings. If the Group Policy Based method was chosen, the unique GPO names that must be created in domains managed by the current IPAM server are displayed.
#7. Click Apply, verify that IPAM provisioning completed successfully is displayed, and then click Close.
#8. IPAM Configure Server Discovery. On IPAM Overview page, click Configure Server Discovery. The Configure Server Discovery dialog box will open.
#9. Choose each domain that you will manage with the current IPAM server by selecting it from the drop‐down list and then clicking Add.
#10. Click OK when you are finished.
#11. Configure Start server discovery. On the IPAM Overview page, click Start server discovery. This will start the IPAM ServerDiscovery task. Alternatively, you can click Manage on the IPAM console menu, and then click Start Server Discovery.
#12. Wait for the task to complete. You can click the notification flag to view status of the ServerDiscovery task if desired.
#13. When the task has completed running, view the Server inventory page to display the list of discovered servers.
If the list of discovered servers is incomplete, verify that the correct node is selected in the lower navigation pane. By default, IPv4 is selected. You can click Refresh to ensure the view is current.
#14. Select or add server to manage and verify IPAM access. On the IPAM Overview page, click Select or add server to manage and verify IPAM access. The list of servers that have been discovered or manually added is displayed.
#15. Notice that the IPAM Access Status is blocked… This also indicate that IPAM server has not yet been granted permission to manage the domain server via Group Policy.
Note: Create IPAM Provisioning GPOs. When we picked the Provisioning method. We picked the GPO method, however the wizard did not actually create the group policies. All it did is configure and assign the names for them. There are 3 policies that need to be created. They will have created by running the following PowerShell script.
#16. Run the Invoke-IpamGpoProvisioning cmdlet at an elevated Windows PowerShell prompt. Invoke-IpamGpoProvisioning has the following parameters…In the Windows PowerShell, type:
Invoke-IpamGpoProvisioning –Domain nyazit.com –GpoPrefixName IPAM –IpamServerFqdn srv-1.nyazit.com
#17. When you are prompted to confirm the action, type Y, and then press Enter. The command will take a few minutes to complete…
#18. We now need to change the security filtering on the IPAM GPOs to include our server so add the servers.
Configure IPAM GPO Security Filtering
It is not necessary to configure IPAM GPO security filtering if you are using the automatic Group Policy based provisioning method. If you are using the manual provisioning method with IPAM GPOs, you must add and remove individual servers from the appropriate GPOs by editing GPO security filters. Choose Managed Servers.
#19. On a domain controller, IPAM server, or other domain member server with the Group Policy Management feature installed, type gpmc.msc at an elevated command prompt and press enter. In in the Group Policy Management console tree, navigate to Forest\Domains\<domain>\Group Policy Objects\.
#20. On the Scope tab, under Security Filtering, click Add to add a new server to this GPO. To continue adding a managed server to security filtering, in Select User, Computer, or Group click Object Types, select the Computers checkbox, and then click OK. Under Enter the object name to select, type the name of the managed server and click Check Names.
#21. Verify that the server name is underlined, and then click OK. The managed server name will be displayed under Security Filtering. Close Group Policy Management.
#22. We then need to apply the GPO to our servers using gpupdate / force.
Setup IPAM Windows Server 2016
#23. Configure IPAM Windows Server 2016. In the upper IPAM navigation tree, click SERVER INVENTORY. The list of servers that have been discovered or manually added is displayed. Right click the server or servers that you are selecting and then click Edit Server.
#24. In the Add or Edit Server dialog box next to Manageability status, select Managed from the dropdown list if the server will be managed by the current IPAM server.
#25. Next, in the IPAM console, right‑click on the Server, and then click Refresh Server Access Status… It may take up to 10 minutes for the status to change…
#26. Retrieve Data from Managed Servers. Right click the servers that are selected, and then click Retrieve All Server Data. This action also will take a few minutes to complete.
#27. The following data collection tasks will run immediately on the selected servers: AddressExpiry, AddressUtilization, Audit, ServerAvailability, ServiceMonitoring, ServerConfiguration. Wait for the data collection tasks to complete.
Your environment is now set to discover, monitor, audits, and manage the IP address space used your network.
For more details: Consult the Step-by-Step: Configure IPAM to Manage Your IP Address Space guide at Microsoft: http://technet.microsoft.com/en-us/library/hh831622.aspx