IPAM administration

On this episode of Diner’s, Drive-ins and Dives! Its time to figure out whats going on with iPAM administrations, roles and role creation. I’ve seen several questions about this and im going to hit the overview. I was real mixed up as to the difference between MSM and ASM, as I had never heard of that. Then there is also this thing where you can define a scope for someone to administer but at the start of writing this blog I’m not sure what role you assign them in iPAM and then define a subset or rule of defining a scope for them to administer rather than an entire farm or specific roles on a server. So hopefully by the time I’m done rambling I’ll figure out what I’m doing with that situation

So anyway, as we get faded on TechNet articles and Nipsey Hustle (RIP) videos playing in the background, maybe we can learn some stuff. Lets get into the questions. The first one is pretty straight forward. Thankfully, so lets get into it.

 photo IPAM permissions_zps72uzz6lj.png

This is fairly straight forward, the question includes a TechNet link (this is the major benefit of MeasureUp) that details everying.

iPAM roles

    here is the important part

  • IPAM Administrators: IPAM administrators can view all IPAM data and manage all IPAM features.
  • IPAM ASM Administrators: IPAM address space management (ASM) administrators can manage IP address blocks, ranges, and addresses.
  • IPAM IP Audit Administrators: IPAM IP audit administrators can view IP address tracking data.
  • IPAM MSM Administrators: IPAM multi-server management (MSM) administrators can manage DNS and DHCP servers.
  • IPAM Users: IPAM users can view information in IPAM, but cannot manage IPAM features or view IP address tracking data.

Seeing as how I’ve seen that on both platforms, I’m pretty sure I need to know it. MSM, ASM and Audit are the important ones according to what I’ve seen so far. Obviously, there is no need for me to re-explain this as I literally just reposed info from an article that I linked.

 photo 089_zpsunbojyqs.jpg

So anyway whats this bit about assining a subnet to a specific person to manage.

 photo manage ipam pt 1_zpspj6tyhfr.png

 photo ipam pt 2_zpstazc7das.png

So this literally makes almost sense. There isn’t enough steps here, or so it would seem. Dont I have to assign the user some form of iPAM administration and then define a scope? How does that happen?

I keep trying to find further information on this but I’m not finding anything. It clearly says the DHCP admin role but is that using the principle of least privilege? It would appear that this is something you would have to install Server and iPAM to deal with. I may do that at some point but it wont be tonight.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: