none
Populate IPAM with data from DNS/DHCP?

    Question

  • When I first heard about IPAM, I expected that when it connected to the dns and dhcp servers it would automatically pull in a list of all of the IP's in use currently.  it seems that's not the case.  However, I did see in some of the documentation where it says that it's possible to do this periodically using powershell cmdlets.  It didn't give any details, but from the wording I believe it's saying I would manually export data from the dns server and import it into ipam.  Is that right?

    Can anyone tell me how to accomplish this?  What powershell commands would I need to export a list of IP's from dns and dhcp servers?

    Thursday, July 26, 2012 3:50 PM

Answers

  • Hi,

    IPAM does have an import and update function that was provided to support the scenario you are asking about, and also to support non-Microsoft DHCP servers and pre-2008 DHCP servers, etc. Import and update is available from the UI and also using the Windows PowerShell cmdlets Import-IpamRange and Import-IpamAddress, using the Inventory parameter set. The advantage to using "Import and Update" as opposed to using the regular import) is that you can set up a scheduled task with a script to synchronize all added, changed, and deleted addresses.

    When you import an address range, the values of ManagedByService and ServiceInstance provided ensure that the Adds/Edits/Deletes across incremental snapshots for that system are synchronized with IPAM database:
    Import-IpamRange [-ManagedByService] <String> [-ServiceInstance] <String> [-AddManagedByService] [-AddServiceInstance] [-DeleteMappedAddresses] [-Confirm] [-WhatIf] [ <CommonParameters>]

    When you import an address, the NetworkId (and Start and End IP Address) along with ManagedByService and ServiceInstance uniquely identify the IPAM range against which the incremental snapshots of addresses are synchronized with IPAM database:
    Import-IpamAddress [-ManagedByService] <String> [-ServiceInstance] <String> [-NetworkId] <String> [-EndIPAddress <IPAddress> ] [-StartIPAddress <IPAddress> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

    The IPAM product team is working on scripts to help customers accomplish regular address synchronization, including both DHCP and DNS record synchronization scripts. For DNS data, you would use Get-DnsServerZone and Get-DnsServerResourceRecord.

    If you wish to design your own script for now, the process to use is:

    1. Export IP address ranges or addresses from the target system.
    2. Convert the format to and IPAM compatible file and save as a CSV.
    3. Invoke Import-IpamRange or Import-IpamAddress with the Inventory parameter set

    Sorry that the instructions are not detailed yet. There is much more support to come!

    I hope this helps,

    -Greg

    P.S. Obviously the way that addresses are exported from the target system differs depending on the OS that it is running. I am investigating the best cmdlet to use if it is a Server 2012 DHCP server.

    Friday, August 10, 2012 5:00 PM

All replies

  • Hi Gai-jin,

    Thanks for posting here.

    > When I first heard about IPAM, I expected that when it connected to the dns and dhcp servers it would automatically pull in a list of all of the IP's in use currently.  it seems that's not the case. 

    Base on my knowledge, IPAM server will try to automatically query data form database (DHCP log and DNS database ) on hosts that be applied proper policies. After that it will generate a list to display the information of the IP addresses usage. We can get the detail introductions about this feature form the link below, and we can get the related Powershell command form the step by step guide in it:

    IP Address Management (IPAM) Overview

    http://technet.microsoft.com/en-us/library/hh831353.aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Thursday, August 02, 2012 8:13 AM
    • Unmarked as answer by Gai-jin Friday, August 10, 2012 5:06 PM
    Tuesday, July 31, 2012 5:18 AM
  • Hi,

    IPAM does have an import and update function that was provided to support the scenario you are asking about, and also to support non-Microsoft DHCP servers and pre-2008 DHCP servers, etc. Import and update is available from the UI and also using the Windows PowerShell cmdlets Import-IpamRange and Import-IpamAddress, using the Inventory parameter set. The advantage to using "Import and Update" as opposed to using the regular import) is that you can set up a scheduled task with a script to synchronize all added, changed, and deleted addresses.

    When you import an address range, the values of ManagedByService and ServiceInstance provided ensure that the Adds/Edits/Deletes across incremental snapshots for that system are synchronized with IPAM database:
    Import-IpamRange [-ManagedByService] <String> [-ServiceInstance] <String> [-AddManagedByService] [-AddServiceInstance] [-DeleteMappedAddresses] [-Confirm] [-WhatIf] [ <CommonParameters>]

    When you import an address, the NetworkId (and Start and End IP Address) along with ManagedByService and ServiceInstance uniquely identify the IPAM range against which the incremental snapshots of addresses are synchronized with IPAM database:
    Import-IpamAddress [-ManagedByService] <String> [-ServiceInstance] <String> [-NetworkId] <String> [-EndIPAddress <IPAddress> ] [-StartIPAddress <IPAddress> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

    The IPAM product team is working on scripts to help customers accomplish regular address synchronization, including both DHCP and DNS record synchronization scripts. For DNS data, you would use Get-DnsServerZone and Get-DnsServerResourceRecord.

    If you wish to design your own script for now, the process to use is:

    1. Export IP address ranges or addresses from the target system.
    2. Convert the format to and IPAM compatible file and save as a CSV.
    3. Invoke Import-IpamRange or Import-IpamAddress with the Inventory parameter set

    Sorry that the instructions are not detailed yet. There is much more support to come!

    I hope this helps,

    -Greg

    P.S. Obviously the way that addresses are exported from the target system differs depending on the OS that it is running. I am investigating the best cmdlet to use if it is a Server 2012 DHCP server.

    Friday, August 10, 2012 5:00 PM
  • Greg -- I'll look forward to the more detailed instructions to automate this process. 

    FWIW, I'm really surprised this isn't a built in functionality if IPAM, it seems like something that should be.  Regardless, I'm glad to have the new feature, and if I've got to manually set up a couple of scheduled tasks to make it do everything I want, it will still be better than maintaining everything in a spreadsheet. 
    Tuesday, August 14, 2012 2:30 PM
  • I'm demoing IPAM at a conference next week, and "really surprised" is an understatement to learn that, after all the gyrations necessary to get remote management of DHCP servers working, it doesn't automatically pull data from them! Add my +1 to the DCR to build in this functionality.

    When you try to use the Import and Update IP Address Ranges from the GUI, if you select IPAM as the Managed by service and one of the managed DHCP servers from the drop-down list, you can't click OK to do the import. It seems to require a .CSV file. So I'm digging around on how (and if) it's possible to import ranges via PS.

    Greg, you mentioned on October 1 in another thread that the IPAM team would shortly (within the week) publish a collection of PS scripts to do this task. Do you have an update on when these scripts will be available?

    Update:
    The  scopes and their options ARE pulled in from the managed DHCP servers (under the Unmapped Address Space in the lower IPv4 scope pane or whatever it's called). If you first create an IP address block (in the IP Address Blocks section) that matches your IP address namespace, then right-click on one of these scopes / ranges in the IPv4 Unmapped Address Space section and choose Map to IP Address Block, voila! the address block is populated with all the managed DHCP server's scopes.

    The step-by-step guide (http://technet.microsoft.com/en-us/library/hh831622.aspx), on step "To create, delete, import, and export IP addresses" shows adding an IP address block and the managed DHCP scopes immediately appear in it, but I had to do the mapping procedure above to make them show up.

    Thanks,

    Sean


    Sunday, October 28, 2012 11:41 AM
  • Hi Sean,

    The IPAM team has sent me some scripts. I am trying to include these in the core documentation (design, deployment, operations) that isn't quite finished yet. These scripts are part of the operations guide which is the final guide I'm working on. The design and deployment guides are done, but I want to publish them all together because there are many sections that benefit from links to sections in other guides.

    If you'd like the script earlier, shoot me an email and I'll send what I have (greg.lindsay at microsoft.com). Keep in mind that I haven't tested this yet so it'll make a lot more sense when I include it with the operations guide.

    In regard to DHCP scopes, if you:

    1. Add an MS DHCP server to the server inventory either manually or through auto-discovery.
    2. Mark the DHCP server as managed and ensure it is unblocked.
    3. Click retrieve all server data, or wait for these tasks to auto-run.
    4. [Click DHCP scopes under Monitor and Manage] or [click either IP address blocks or click IP address range groups under IP Address Space and select IP address ranges as the current view.]

    You should see a list of all the current DHCP scopes. If you haven't mapped these ranges (scopes are considered ranges) to an IP address block, then you will find them under Unmapped address space in the lower navigation pane, and also under private address space (assuming the ranges are private) and also under the parent IPv4 node.

    The step by step guide instructions to create, delete, import, and export IP addresses is for adding IP address blocks (so that you can map ranges to them) and for adding ranges and addresses that aren't auto-discovered from MS DHCP servers. You would not add a range of addresses that is provided by a DHCP server unless the DHCP server is running an unsupported OS. Sorry if this isn't clear in the step by step guide. I'll make sure it is more clear in the operations guide.

    -Greg





    Sunday, October 28, 2012 6:33 PM
  • Hi Greg,

    Thanks for your response. I'm in good shape now for my demos this week, and I've taken snapshots of all my systems along the way so I'll roll back on Monday and be sure I can repro the issue I was describing. 

    I'll shortly be writing a feature article on IPAM, so I'd appreciate it if you could let me know when those guides are available. They'll help me round things out.

    Since we're on the subject, can I ask one more question? Can you explain the logic behind the design choice to decouple the IPAM database from the actual environment (e.g. the DHCP databases)? I foresee a lot of operational confusion when, for example, you find a free IP address in IPAM and fill it out to use it -but there's no corresponding static IP in any DHCP scope / reservation because you haven't updated a DHCP. Or the op remembers to do that, but not create the DNS record.

    Thanks,

    Sean

    Sunday, October 28, 2012 11:39 PM
  • I'm demoing IPAM at a conference next week, and "really surprised" is an understatement to learn that, after all the gyrations necessary to get remote management of DHCP servers working, it doesn't automatically pull data from them! Add my +1 to the DCR to build in this functionality.

    When you try to use the Import and Update IP Address Ranges from the GUI, if you select IPAM as the Managed by service and one of the managed DHCP servers from the drop-down list, you can't click OK to do the import. It seems to require a .CSV file. So I'm digging around on how (and if) it's possible to import ranges via PS.

    Greg, you mentioned on October 1 in another thread that the IPAM team would shortly (within the week) publish a collection of PS scripts to do this task. Do you have an update on when these scripts will be available?

    Update:
    The  scopes and their options ARE pulled in from the managed DHCP servers (under the Unmapped Address Space in the lower IPv4 scope pane or whatever it's called). If you first create an IP address block (in the IP Address Blocks section) that matches your IP address namespace, then right-click on one of these scopes / ranges in the IPv4 Unmapped Address Space section and choose Map to IP Address Block, voila! the address block is populated with all the managed DHCP server's scopes.

    The step-by-step guide (http://technet.microsoft.com/en-us/library/hh831622.aspx), on step "To create, delete, import, and export IP addresses" shows adding an IP address block and the managed DHCP scopes immediately appear in it, but I had to do the mapping procedure above to make them show up.

    Thanks,

    Sean


    I have just installed the 1st Server 2012 on my domain and IPAM is the 1st feature I enabled. Just following the Overview IPAM Server Task point 6 says "Retrive data from managed servers" so one expect that DNS/DHCP addresses are loaded here. This is just disappointing. Really i can't figure out how one has to switch back to powershell and manually complete this core task.

    Friday, November 02, 2012 4:40 PM
  • Hi Danilo,

    I expected this also, but it was explained to me that querying DHCP servers for all DHCP leases had a negative impact on performance. I don't know the details of just how much impact it has, but you can imagine that if there are 30 DHCP servers and one IPAM server, this activity alone might occupy the IPAM server. You can do it with PowerShell if desired but it was decided not to do this automatically.

    -Greg

    Friday, November 02, 2012 6:22 PM
  • Hi Danilo,

    I expected this also, but it was explained to me that querying DHCP servers for all DHCP leases had a negative impact on performance. I don't know the details of just how much impact it has, but you can imagine that if there are 30 DHCP servers and one IPAM server, this activity alone might occupy the IPAM server. You can do it with PowerShell if desired but it was decided not to do this automatically.

    -Greg

    I see. I appreciate the idea and I was really enthusiastic about this feature. No more .xls to manage IPs. Wow. I do not expect a full sync, I agree that it may be resource consuming to keep things updated, but I'd like a manual update so one can import for example by server only when needed but still automatically pressing some [update now] button somewhere. Also a build-in powershell script or automatically created task would be fine. Actually I have just removed the role as without this automatic say on-demand import from DNS/DHCP it seems to me that this tool is complete at 99%, but the missng 1% is the 1% that really makes the difference. I'll just stay and wait for future upgrades.

    profitable
    Saturday, November 03, 2012 11:25 PM
  • That's valuable feedback, thanks. I will do my best to test and document procedures to automate this. I do know that you can create a scheduled task that runs a PS script. This might be essentially the same thing as what you are looking for.
    Sunday, November 04, 2012 6:46 AM
  • I've just uploaded a script to the script center here:

    http://gallery.technet.microsoft.com/scriptcenter/Windows-Server-2012-f44cefce

    This automates pulling DHCP leases and reservations out of DHCP servers and adds them to the IPAM database.

    -Greg

    Note: I'm checking on a bug in the script for IPv6 leases. It works fine for IPv6. Use -AddressFamily IPv4 to restrict it to IPv4.

    Friday, November 16, 2012 2:29 AM
  • Update:

    The script now works for both IPv4 and IPv6. I've re-uploaded the fixed version on Script Center.

    The previous version had the following section missing under the $global:IpamV6AddressData:

                    @{"IpamPropertyAction" = ""; "IpamValueAction" = "Add"; "IpamPropertyName"= "IpAddressState";

                        "DhcpObjectName"="DhcpLease"; "DhcpPropertyName" = "AddressState" }

    This is fixed now.

    Friday, November 16, 2012 6:28 PM
  • Count me in as well for being beyond shocked that out of the box IPAM will not import DNS or DHCP records. I mean what's the point of IPAM if it can't suck in IP data automatically from Microsoft services? I applaud MS for including IPAM in WS2012, but like others have said, that 1% of functionality to schedule imports is a huge, huge oversight.

    I found a script on TechNet to import DNS A records, but it throws an error on a DHCP scope. And it appears to only accept a single DHCP server, without script mods to support additonal DHCP servers. What enterprise only has a single DHCP server?

    MS really needs to publish enterprise-scale DNS/DHCP import scripts that scale beyond a test lab scenario, and build-in some type of GUI functionality to setup a robust import schedule with GUI health status. It would also be great if they could setup "pushing" data from DNS/DHCP automatically to IPAM when updates occur, instead of a lagging pull. I would be fine with a little service than ran on DNS/DHCP servers to perform the real-time push to IPAM.


    Blog: derek858.blogpspot.com VMware vExpert 2012

    Monday, February 11, 2013 4:06 PM