none
IPAM related questions RRS feed

  • Question

  • Hello

    I have some questions relevant to IPAM.

    1- When we click on Access control. there are two sub options.

    Access Scope

    Access Policies.

    Please tell me what is mean by access scope. what is we will define in access scope?

    2- How we can see old information about dns and dhcp. for example I have one computer pc2 now a days this computer has this ip 10.0.0.5. I want to know 2 months ago what was the IP in this machine.

    3- We can monitor and mange DNS and DHCP servers under one forest?

    4- If we have forest trust relationship then we can also manage and monitor dns and dhcp servers which are available on other forest?

    5- What is mean be provision the IPAM server.

    6- We can also manage and monitors Domain controllers ?

    7- Which kind of information available on Server group?

    8- Which kind of information available on IP Address Range Group?

    thanks

    Regards

    Sunday, May 6, 2018 8:38 PM

Answers

  • 1. You can assign custom Access Scopes to objects in IPAM, for example if you have multiple DNS zones, you might want to assign different permissions for each zone. 

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/ipam/set-access-scope-for-a-dns-zone

    2. You can use IP Address Tracking under Event Catalog. You can search for event by IP Address, Client ID (MAC Address), Host name or User name.

    3. With Windows Server 2016, IPAM now supports managing multiple AD forests, Windows Server 2012 or 2012 R2 supports only one AD forest.

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/ipam/manage-resources-in-multiple-active-directory-forests

    4. Correct, with Windows Server 2016. 

    5. Provisioning is a process of enabling required permissions, files shares and access settings on managed servers so IPAM Server can communicate with them. You can configure all the necessery settings manually or by Group Policy. 

    6. In a way, yes.

    7.-8. You can check description of each tab in IPAM console. 

    Hope this helps


    Microsoft Certified Professional

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    • Marked as answer by chapter 7 Monday, May 7, 2018 6:47 AM
    Monday, May 7, 2018 5:41 AM

All replies

  • 1. You can assign custom Access Scopes to objects in IPAM, for example if you have multiple DNS zones, you might want to assign different permissions for each zone. 

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/ipam/set-access-scope-for-a-dns-zone

    2. You can use IP Address Tracking under Event Catalog. You can search for event by IP Address, Client ID (MAC Address), Host name or User name.

    3. With Windows Server 2016, IPAM now supports managing multiple AD forests, Windows Server 2012 or 2012 R2 supports only one AD forest.

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/ipam/manage-resources-in-multiple-active-directory-forests

    4. Correct, with Windows Server 2016. 

    5. Provisioning is a process of enabling required permissions, files shares and access settings on managed servers so IPAM Server can communicate with them. You can configure all the necessery settings manually or by Group Policy. 

    6. In a way, yes.

    7.-8. You can check description of each tab in IPAM console. 

    Hope this helps


    Microsoft Certified Professional

    [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or click Answered "Vote as helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer faster. ]

    • Marked as answer by chapter 7 Monday, May 7, 2018 6:47 AM
    Monday, May 7, 2018 5:41 AM
  • Hello,

    I have read the articals but still confues in Access Scope.

    What is mean by global and when we will create custom scope. what we can do with this scope. I saw the snapshots. that are ok. but conceptionally I could not understand. Can you give me a general example? thanks

    Second question. IP Address Block mean DHCP scople?

    Regards

    Monday, May 7, 2018 11:47 AM
  • Access scope is how far user can go with its permissions, I mean which servers he can administer. 

    Example:

    You have 1 user that needs to administer only DNS zone records on only 1 specific server. You create new role and give the permissions and then you create a new access scope. When you are done you apply that access scope on the dns zone which user will administer....like it is shown in the Part 3. (By the way I am the author of those articles) Then you create a policy which will glue role permissions and access scope. 

    Global means tasks or permissions you can perform you can do it on every server that is managed under IPAM. So if IPAM can manage 100 DNS servers and you have permissions to create records, you can create them on all those servers. Custom is only when you specifying user1 can create records on only this DNS zone and nowhere else

    No, IP Address Block is not DHCP scope. If you have everything in place then you don't need to create new blocks. Just import everything in IPAM.

    ------------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.




    • Edited by NM[] Monday, May 7, 2018 1:27 PM
    Monday, May 7, 2018 1:23 PM
  • Hello

    Thanks for your reply.

    I understand about Access Scope.

    Please give me general example for IP Address Block.

    Difference between DHCP scope and IP Addess Block? because both are holding IP address range.

    Regards

    Monday, May 7, 2018 6:49 PM