Windows Server-ipam real-combat

In Windows Server 2012, there is a new feature: IP address management, referred to as ipam (IP addresses Management), with the increase of DNS and DHCP servers in the enterprise, although the graphical interface allows us to easily manage, however, As servers become more and more likely to be dispersed in different divisions or regions, if we can take advantage of Ipam's management tool, we can reduce our administrative burden and monitor our services, Ipam is Windows Server 12 and Windows Server A functional component provided by R2, let's take a look at the benefits that Ipam can bring to us

Navigate to the Add Roles and Features wizard, tick "IP address Management (IPAM) server"

Note: It is recommended that you do not install Ipam on AD (otherwise the error message that I will mention next), but we can install it on a DNS or DHCP server

650) this.width=650; "title=" 01.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/c2/wkiom1smvsxbb9ngaanibbnyp-i381.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvsxbb9ngaanibbnyp-i381.jpg "/>

Will pop up a dependency installation prompt interface, by default, click "Add Features"

650) this.width=650; "title=" 02.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M02/56/BF/ Wkiol1smvcgiyhadaagxwid2xgu606.jpg "alt=" Wkiol1smvcgiyhadaagxwid2xgu606.jpg "/>

650) this.width=650; "title=" 03.png "style=" height:567px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvsbjhbm-aankkqeexa0839.jpg "width=" 720 "height=" 567 "alt=" Wkiom1smvsbjhbm-aankkqeexa0839.jpg "/>

Click "Install" to start Ipam function

650) this.width=650; "title=" 04.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvcgdwk-iaamrflh6mtk911.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvcgdwk-iaamrflh6mtk911.jpg "/>

Click "Close" to complete the Ipam feature installation

650) this.width=650; "title=" 05.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c2/wkiom1smvsar8golaalcz_mpyaw013.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvsar8golaalcz_mpyaw013.jpg "/>

We can see the Ipam node under the Server Management interface, click Ipam

650) this.width=650; "title=" 06.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/bf/wkiol1smvckcgf1oaan-tifprgw443.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvckcgf1oaan-tifprgw443.jpg "/>

Go to the Ipam Server task interface and click "Connect to Ipam Server"

650) this.width=650; "title=" 07.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/c2/wkiom1smvsfd2brpaanv5kaj_pc672.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvsfd2brpaanv5kaj_pc672.jpg "/>

Since we currently have only one Ipam server installed, we have already shown a connection to our Ipam server.

650) this.width=650; "title=" 08.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M02/56/BF/ Wkiol1smvckimcd-aafus4pgo4a322.jpg "alt=" Wkiol1smvckimcd-aafus4pgo4a322.jpg "/>

Start the second section below, set up the Ipam server, click Enter

650) this.width=650; "title=" 09.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvuhx7njdaaop117p31k062.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvuhx7njdaaop117p31k062.jpg "/>

Default "Next"

650) this.width=650; "title=" 10.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvuhc3bljaaor9kmaqvm297.jpg "width=" 720 "height=" 576 "alt=" Wkiom1smvuhc3bljaaor9kmaqvm297.jpg "/>

Select "Group Policy based" and enter our GPS name prefix

650) this.width=650; "title=" 11.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvd2dt7p-aapbtaesq3y412.jpg "width=" 720 "height=" 576 "alt=" Wkiol1smvd2dt7p-aapbtaesq3y412.jpg "/>

Click "Next"

650) this.width=650; "title=" 12.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c2/wkiom1smvukraffwaal9yxhpzf0009.jpg "width=" 720 "height=" 576 "alt=" Wkiom1smvukraffwaal9yxhpzf0009.jpg "/>

Click "Apply" to see that the Ipam deployment failed, and later I look at the reason because I have Ipam installed on the DC This problem occurs, the workaround is to install Ipam on the other member servers, the DNS server or the DHCP server, or ipam a separate server can be Ipam Service has little requirement for server performance

650) this.width=650; "title=" 13.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/bf/wkiol1smvd3zazhhaahd7evvoms371.jpg "width=" 720 "height=" 576 "alt=" Wkiol1smvd3zazhhaahd7evvoms371.jpg "/>

Below I find a file server installed on the Ipam feature, retry the above steps to set up the Ipam server, first connect the Ipam server

650) this.width=650; "title=" 14.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/56/C2/ Wkiom1smvukz9uqaaafo6gogvxg842.jpg "alt=" Wkiom1smvukz9uqaaafo6gogvxg842.jpg "/>

Click the second step in the task: Set up the Ipam server, then click Next

650) this.width=650; "title=" 15.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/bf/wkiol1smvd3xlxo8aaothes9fza320.jpg "width=" 720 "height=" 576 "alt=" Wkiol1smvd3xlxo8aaothes9fza320.jpg "/>

In the settings database interface, we can use the Windows Internal database, or specify the SQL Server database, I choose the Windows Internal Database, and then click "Next"

650) this.width=650; "title=" 16.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvukdwizdaantwd1lvri401.jpg "width=" 720 "height=" 576 "alt=" Wkiom1smvukdwizdaantwd1lvri401.jpg "/>

Select Group Policy based and enter the GPO name prefix, which I entered here is IPAM01

650) this.width=650; "title=" 17.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvgxbrgr5aao_dvtwtjc624.jpg "width=" 720 "height=" 576 "alt=" Wkiol1smvgxbrgr5aao_dvtwtjc624.jpg "/>

650) this.width=650; "title=" 18.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvgxslvqnaappcb8trug168.jpg "width=" 720 "height=" 576 "alt=" Wkiol1smvgxslvqnaappcb8trug168.jpg "/>

Click "Apply" to see a notification that "Ipam settings have been successfully completed"

650) this.width=650; "title=" 19.png "style=" height:576px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c2/wkiom1smvwqjvgwxaalxpwjtpay376.jpg "width=" 720 "height=" 576 "alt=" Wkiom1smvwqjvgwxaalxpwjtpay376.jpg "/>

Let's proceed to the 3rd step: Configure Server discovery, click Enter

650) this.width=650; "title=" 20.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/bf/wkiol1smvgxz5lq_aaq2uvatk2i627.jpg "width=" 720 "height=" 511 "alt=" wKioL1SMVgXz5lq_ Aaq2uvatk2i627.jpg "/>

Click the Add button to add the root domain

650) this.width=650; "title=" 21.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/56/C2/ Wkiom1smvwqim45daajypm59kzi372.jpg "alt=" Wkiom1smvwqim45daajypm59kzi372.jpg "/>

650) this.width=650; "title=" 22.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/56/C2/ Wkiom1smvwrthegdaakci11nthm733.jpg "alt=" Wkiom1smvwrthegdaakci11nthm733.jpg "/>

Here we need to note that ipam for the configuration server discovery, there are fixed scheduled tasks, we set up the server discovery, we can also change the scheduled task in the scheduled task, scheduled tasks in the following path:

650) this.width=650; "title=" 48.png "style=" height:426px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c0/wkiol1smxh7yvjnvaaxflxnkwrq026.jpg "width=" 720 "height=" 426 "alt=" Wkiol1smxh7yvjnvaaxflxnkwrq026.jpg "/>

4th step, start the server discovery manually, after the discovery of the server, we can see the prompt information, click Enter to see more detailed content

650) this.width=650; "title=" 23.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/bf/wkiol1smvgbxgdwoaasu1xnbi7w946.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvgbxgdwoaasu1xnbi7w946.jpg "/>

Click to enter to see the information below

650) this.width=650; "title=" 24.png "style=" height:400px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvwvcz_zmaajgpgdo1_e821.jpg "width=" 720 "height=" "alt=" wKiom1SMVWvCz_ Zmaajgpgdo1_e821.jpg "/>

5th step, select or add a server to manage and verify Ipam access, click Enter

650) this.width=650; "title=" 25.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c2/wkiom1smvzsibtqsaarzr6x5dlc596.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvzsibtqsaarzr6x5dlc596.jpg "/> We can see the server and the state of the server we found just now, but for the first time this shows that the Ipam access status is blocked and we need to do some work Before you can contact this blocking state, the friend of the previous message should also see the relevant hints

650) this.width=650; "title=" 26.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/bf/wkiol1smvi_snceyaarxum62vls103.jpg "width=" 720 "height=" 511 "alt=" WKioL1SMVi_ Snceyaarxum62vls103.jpg "/>

Below we need to open the PowerShell command line tool, which is recommended to open with administrator

650) this.width=650; "title=" 27.png "style=" height:541px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/c2/wkiom1smvzta86ykaaq7ef0j2rk790.jpg "width=" 720 "height=" 541 "alt=" Wkiom1smvzta86ykaaq7ef0j2rk790.jpg "/>

Run the following script to complete the creation of Ipam Group Policy, domain for our domains, Gpoprefixname for the name of the GPO we took for the ipad, I'm using IPAM01, and Ipamserverfqdn is the FQDN of our ipam server.

650) this.width=650; "title=" 28.png "style=" height:632px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/bf/wkiol1smvi-dgyefaan06q832ui122.jpg "width=" 720 "height=" 632 "alt=" Wkiol1smvi-dgyefaan06q832ui122.jpg "/>

After running the command, we can see that 3 group policies have been created under the Group Policy object, such as

650) this.width=650; "title=" 29.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvztqnddvaarw9zc_y2u783.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvztqnddvaarw9zc_y2u783.jpg "/>

On each DNS service, right-click node, go to security option, join our Ipamug This security group, allow Read permission

650) this.width=650; "title=" 32.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/56/BF/ Wkiol1smvjghusysaaiu_rkfztq308.jpg "alt=" Wkiol1smvjghusysaaiu_rkfztq308.jpg "/>

Go back to the Ipam management interface, go to the server list, select a server, right-click on "Edit Server"

650) this.width=650; "title=" 30.png "style=" height:541px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvjcylnqraar9sq2nsb4623.jpg "width=" 720 "height=" 541 "alt=" Wkiol1smvjcylnqraar9sq2nsb4623.jpg "/>

We tick the server based on the orange color, then in the manageability state, select "Managed", then click "OK"

650) this.width=650; "title=" 31.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/56/C2/ Wkiom1smvzwhwizbaahna5qb1ke279.jpg "alt=" Wkiom1smvzwhwizbaahna5qb1ke279.jpg "/>

Do the same for other servers, and you can see that the Ipam access status is unblocked

650) this.width=650; "title=" 33.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/c2/wkiom1smvbwdp_xuaatn0kw5ab8335.jpg "width=" 720 "height=" 511 "alt=" wKiom1SMVbWDP_ Xuaatn0kw5ab8335.jpg "/>

Here we should find that we have three DC and DNS, I do not know how to reduce one, the following we manually to add, under the IPV4 node under the hosting server, right-click Add Server (Note: When we add a new member server in the domain environment can also be added here)

650) this.width=650; "title=" 34.png "style=" height:541px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/bf/wkiol1smvlhbrue4aarx_e1gr7w021.jpg "width=" 720 "height=" 541 "alt=" Wkiol1smvlhbrue4aarx_e1gr7w021.jpg "/>

Enter our server hostname and click Verify to resolve the server's IP address, select the role the server assumes, then the manageability status select "Managed" and click "OK"

650) this.width=650; "title=" 35.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/56/C2/ Wkiom1smvbbqj9gkaahhzdpvmxs000.jpg "alt=" Wkiom1smvbbqj9gkaahhzdpvmxs000.jpg "/>

You can see that the server has been successfully added

650) this.width=650; "title=" 36.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/bf/wkiol1smvlhgyosdaaufzs3rxt0356.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvlhgyosdaaufzs3rxt0356.jpg "/>

In Group Policy, we also need to note that when we need to host the server, we need to add our servers to the security filter in the scope under the appropriate Group Policy

650) this.width=650; "title=" 37.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/bf/wkiol1smvlldckmwaarisxqfhz0339.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvlldckmwaarisxqfhz0339.jpg "/>

With Ipam, we can see some information about the hosted server

650) this.width=650; "title=" 38.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smvbetepkuaaxeao0gpfi966.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvbetepkuaaxeao0gpfi966.jpg "/>

For the first time into our hosting server, we may not have seen the server's specific galaxy, for example, we just need to refresh to see the status of the server

650) this.width=650; "title=" 39.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvlpyzsf1aat1ilqfem0608.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvlpyzsf1aat1ilqfem0608.jpg "/>

After the refresh, you can see that the server availability is running, stating that the hosting has succeeded

650) this.width=650; "title=" 40.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c2/wkiom1smvbigml1taauxyej6acq708.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvbigml1taauxyej6acq708.jpg "/>

Below we can see our DNS information under Ipam

650) this.width=650; "title=" 41.png "style=" height:541px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/c2/wkiom1smvekrqhy_aaqenemyazi006.jpg "width=" 720 "height=" 541 "alt=" WKiom1SMVeKRQHy_ Aaqenemyazi006.jpg "/>

I have added two DHCP servers, such as Group Policy to security filtering, and then add servers to our Ipam managed server

650) this.width=650; "title=" 42.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/bf/wkiol1smvn7zrvoqaardqbit7lo605.jpg "width=" 720 "height=" 511 "alt=" Wkiol1smvn7zrvoqaardqbit7lo605.jpg "/>

After the addition, we manage our DHC server, we can see the scope of our DHCP, the scope state is also the active state

650) this.width=650; "title=" 43.png "style=" height:541px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m02/56/c2/wkiom1smveocnp7maawmo5zrjd4752.jpg "width=" 720 "height=" 541 "alt=" Wkiom1smveocnp7maawmo5zrjd4752.jpg "/>

We can make modifications and other operations to the scope of DHCP at this unified portal of Ipam

650) this.width=650; "title=" 44.png "style=" height:541px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/bf/wkiol1smvn_tph99aaytcfvlndc365.jpg "width=" 720 "height=" 541 "alt=" WKioL1SMVn_ Tph99aaytcfvlndc365.jpg "/>

As you can see, we can unify DHCP management here, does ipam give us the benefit? I believe Microsoft will provide more and better features in subsequent releases.

650) this.width=650; "title=" 45.png "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/56/BF/ Wkiol1smvn-ym8x9aakpgvm3f4y760.jpg "alt=" Wkiol1smvn-ym8x9aakpgvm3f4y760.jpg "/>

In addition to this, Ipam is also role-based management, and on the server where Ipam is installed, the following roles have been created by default, each with a different function, so that we can delegate permissions based on roles

650) this.width=650; "title=" 46.png "style=" height:511px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m00/56/c2/wkiom1smvexht60caaqxyhjgv9y517.jpg "width=" 720 "height=" 511 "alt=" Wkiom1smvexht60caaqxyhjgv9y517.jpg "/>

In Local Users and groups, you can also see that the corresponding groups have been created

650) this.width=650; "title=" 47.png "style=" height:545px;width:720px; "border=" 0 "hspace=" 0 "src=" http:// S3.51cto.com/wyfs02/m01/56/bf/wkiol1smvodwy-pqaay5wjo1zgq394.jpg "width=" 720 "height=" 545 "alt=" Wkiol1smvodwy-pqaay5wjo1zgq394.jpg "/>

You are welcome to learn more about Ipam's versatility!

This article from "Robin's Home" blog, declined reprint!

Windows Server-ipam real-combat