Windows Server 2012 IPAM

Server 2012 has a lot of really good new features. This isn’t one of them.

Firstly, for those who haven’t heard of it yet, IPAM is IP Address Management, a new feature in Windows Server 2012. As Microsoft describes it:

IP Address Management (IPAM) in Windows Server® 2012 is an integrated suite of tools to enable end-to-end planning, deploying, managing and monitoring of your IP address infrastructure, with a rich user experience. IPAM automatically discovers IP address infrastructure servers on your network and enables you to manage them from a central interface.

I have been wanting to get away from the Excel spreadsheets that I have been using that people frequently neglect to update and are out of date. This sounded like a great place to start, and it’s built into Server 2012, so there wouldn’t be any additional money needed, which companies always love.

I followed this TechNet article to get everything up and running. The steps are pretty easy. First I installed the feature, then connected to it via Server Manager and chose the option to use GPOs to configure the firewall and security settings. It basically creates three GPOs, one each for DNS, DHCP, and domain controllers.

Provisioning Completed

Next you let it scan, it figures out what your DNS, DHCP, and domain controllers are in the domains that you specify.

Next, a simple line of PowerShell on the server:

Invoke-IpamGpoProvisioning -Domain contoso.com -GpoPrefixName IPAM1 -DelegatedGpoUser user1 -IpamServerFqdn ipam1.contoso.com

That sets up your GPOs. Once they are in place, you just change the status of the servers you want to manage from the discovery process from Unspecified to Manage. Once the servers pick up the new GPOs, do a refresh to show the servers are managed, then tell it to retrieve all the data from the servers.

It was very easy to set up. If you don’t count the time it took to log into the eight servers I added to do a gpupdate, the whole thing took less than 10 minutes.

Once I got all the data in, I started looking around, though, I was pretty disappointed. The main thing I was looking for was a way to more easily manage my manual server IPs. IPAM has nothing for that. Basically it’s just a DHCP pool aggregation tool. There are a few things you can’t get from your trusty DHCP administrative tool like DHCP scope usage trending:

image

I’ve only got a day’s worth of data, so nothing exciting there. That would be something useful, but other than that, there’s just not much there. It has what it calls DNS Zone Monitoring, but all I get is this:

image

With no explanation anywhere I can find of what the warning is, so I can’t see how that is of any use. The only right-click option on the DNS zones is to reset the status, so I can get zones from Warning back to OK, but you can’t reset multiple zones at once, which is a pain.

There is also PowerShell that will let you export DHCP pool data from SCVMM so that it can be tracked as well, but it’s not automatic as regular DHCP servers are. I’m not using DHCP pools in VMM, so not a feature I could test.

I suppose if you have a huge organization with DHCP servers and scopes everywhere and wanted to have a place to see utilization info at a glance, then this tool is for you. If not, then you’re probably not going to get much out of it.

I think a few additions in R2 would make this feature much more useful. Better integration with System Center, such as Ops Manager alerting, and Service Manager pool requests. Also, it would be nice if it would do ping sweeps and lookups for subnets that are manually assigned and report back on those. And perhaps a tie-in with AD Sites and Services to let you know if you’re using scopes that AD isn’t aware of. If they could add a few features like that in the next version, I think it would be a much more valuable tool.