none
Does Server 2012 IPAM supports delegated administration

    Question

  • Hi,

    We are looking for an IPAM solution and are glad that Microsoft has a free one with Server 2012.  But the main feature we are interested in is administration delegation.  We would like our admin to be able to see their scope and be able to manage their reservation theirselves.

    It didn't look like it was possible from what I have seen but do I miss something ?

    -Sylvain

    Thursday, November 22, 2012 3:51 PM

Answers

  • Hi,

    Thanks for your post.

    IPAM setup creates appropriate security groups to isolate and restrict the permissions available to different sets of IPAM administrators and users. The installation process creates local security groups on the IPAM server, which provide permissions required for administering and using the multiple services employed by IPAM. For example, IP lease audit collection could be restricted to a specific set of administrators only. It is possible to display MSM configuration data to all DHCP Users, while MSM configuration rollout itself may be restricted to only a relevant subset of administrative accounts.

    IPAM installation automatically creates the following local user groups:

    • IPAM Users: Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.
    • IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users privileges and can perform IPAM common management tasks and server management tasks.
    • IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks.
    • IPAM IP Audit Administrators: Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information.
    • IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.

    For more detailed information, please refer to the following article.

    Step-by-Step: Configure IPAM to Manage Your IP Address Space

    http://technet.microsoft.com/en-us/library/hh831622.aspx#ASM

    IP Address Management (IPAM) Overview

    http://technet.microsoft.com/en-us/library/hh831353.aspx

    Best Regards,

    Aiden

    If you have any feedback on our support, please click here


    Aiden Cao
    TechNet Community Support

    Monday, November 26, 2012 6:01 AM
    Moderator

All replies

  • Hi,

    Thanks for your post.

    IPAM setup creates appropriate security groups to isolate and restrict the permissions available to different sets of IPAM administrators and users. The installation process creates local security groups on the IPAM server, which provide permissions required for administering and using the multiple services employed by IPAM. For example, IP lease audit collection could be restricted to a specific set of administrators only. It is possible to display MSM configuration data to all DHCP Users, while MSM configuration rollout itself may be restricted to only a relevant subset of administrative accounts.

    IPAM installation automatically creates the following local user groups:

    • IPAM Users: Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.
    • IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users privileges and can perform IPAM common management tasks and server management tasks.
    • IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks.
    • IPAM IP Audit Administrators: Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information.
    • IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.

    For more detailed information, please refer to the following article.

    Step-by-Step: Configure IPAM to Manage Your IP Address Space

    http://technet.microsoft.com/en-us/library/hh831622.aspx#ASM

    IP Address Management (IPAM) Overview

    http://technet.microsoft.com/en-us/library/hh831353.aspx

    Best Regards,

    Aiden

    If you have any feedback on our support, please click here


    Aiden Cao
    TechNet Community Support

    Monday, November 26, 2012 6:01 AM
    Moderator
  • Hi,

    How are things going? I just want to check if the information provided was helpful. If there is any update or concern, please feel free to let us know.

    Best Regards,
    Aiden

    If you have any feedback on our support, please click here


    Aiden Cao
    TechNet Community Support

    Wednesday, November 28, 2012 8:09 AM
    Moderator