IP Address Management (IPAM) is a feature which was first introduced in Windows Server 2012 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). IP Address management (IPAM) is a method of tracking and modifying the information associated with a network's IP address space. With IPAM, administrators can ensure that the inventory of assignable IP addresses remains current and sufficient.

IPAM benefits include:

- IPv4 and IPv6 address space planning and allocation.

- IP address space utilization statistics and trend monitoring.

- Static IP inventory management, lifetime management, and DHCP and DNS record creation and deletion.

- Service and zone monitoring of DNS services

- IP address lease and logon event tracking.

- Role-based access control (RBAC).

- Remote administration support through Remote Server Administration Tools (RSAT).


In this article I will show how to install and configure IPAM on Windows Server 2012


In my LAB I use two computers:

- DC2012Domain Controller (domain mcthub.local) running Windows Server 2012, this server has been installed and configured DHCP role.

- SERVER1: Domain Member running Windows Server 2012, I will install IPAM on this server, you should note that the IPAM server must be a domain member, but cannot be a domain controller and IPAM server should be a single purpose server. Do not install other network roles (such as DHCP or DNS) on the same server.


Installing IPAM

- On DC2012, open Active Directory Users and Computer, add SERVER1 computer account (IPAM Server) to membership of Event Log Readers group

- Switch to SERVER1, Open Server Manager and select Manage -  Add Role and Features

 On the Select features page, select the IP Address Management (IPAM) Server check box.

- Client Install button to start installation process

- After the installation process is compltete, you must Refresh Server Manager, check that you've seen IPAM in left pane of Server Manager


Configuring IPAM

You need to do 6 steps to complete the installation process of IPAM

- On SERVER1. Step 1: Select Connect to IPAM Server

- Select server that you want to connect is SERVER1.mcthub.local and click OK button

- Step 2: Select Provision the IPAM Server to prepare for configuration process

- Click Next button

- Choose the method Group Policy Based to configure using GPO. Type any  GPO name prefix you want (ex: IPAM, this wizard will create the GPOs have names beginning with IPAM) - Click Nextbutton

 - Click Apply button. Provisioning will take a few moments to complete.

- Click Close button

- Step 3: Select Configure server discovery.

- Select your domain (mcthub.local)- Click Add button

- Verify your domain is appear then click OK button

- Step 4: Select Start server discovery to discover DHCP servers and DNS servers

 - Discovery may take 5 to 10 minutes to run. The yellow bar indicates when discovery is complete.

- Step 5: After the dicovery compltete, select Select or add to manage and verify IPAM Access

 - Notice that the IPAM Access Status is blocked for both servers. Scroll down to the Details view, and note the status report. The IPAM server has not yet been granted permission to manage LON-DC1 through Group Policy


- Open Windows PowerShell, type the following command, and then press Enter. When you are prompted to confirm the action, type Y, and then press Enter. The command will take a few moments to complete.


- Check by opening Group Policy Management (GPMC.MSC), you will see 3 new GPOs, the GPOs is linked to mcthub.local domain

- Right click DC2012 - select Edit Server

 - Set the Manageability status field to Managed, and then click OK.



- On both DC2012 and SERVER1, update Policy using commend GPUPDATE /FORCE

- On DC2012, type GPRESULT /R to verify  DC2012 is applied 3 GPOs: IPAM_DNS, IP_DHCP and IPAM_DC_NPS.

- Switch back to SERVER1, and in Server Manager, right-click DC2012, and then click Refresh Server Access Status. It may take up a long time for the status to change, you need to be patient and wait …

 - When completed, refresh IPv4 by clicking the Refresh icon. It may take up to five minutes for the status to change (Unblocked)

 - Step 6: Select Retrieve All Server Data. This action will take a few moments to complete


- At this point you can use to manage the DHCP IPAM and DNS Server in the network. In the next article I will demonstrate how to use IPAM tracking and monitoring of IP space network and manage DHCP, DNS Server from the IPAM Server.


Thank you for reading my article.

To view my article in Vietnamese, click the link below

By Đồng Phương Nam