On this episode of Diner’s, Drive-ins and Dives! Its time to figure out whats going on with iPAM administrations, roles and role creation. I’ve seen several questions about this and im going to hit the overview. I was real mixed up as to the difference between MSM and ASM, as I had never heard of that. Then there is also this thing where you can define a scope for someone to administer but at the start of writing this blog I’m not sure what role you assign them in iPAM and then define a subset or rule of defining a scope for them to administer rather than an entire farm or specific roles on a server. So hopefully by the time I’m done rambling I’ll figure out what I’m doing with that situation
So anyway, as we get faded on TechNet articles and Nipsey Hustle (RIP) videos playing in the background, maybe we can learn some stuff. Lets get into the questions. The first one is pretty straight forward. Thankfully, so lets get into it.
This is fairly straight forward, the question includes a TechNet link (this is the major benefit of MeasureUp) that details everying.
here is the important part
- IPAM Administrators: IPAM administrators can view all IPAM data and manage all IPAM features.
- IPAM ASM Administrators: IPAM address space management (ASM) administrators can manage IP address blocks, ranges, and addresses.
- IPAM IP Audit Administrators: IPAM IP audit administrators can view IP address tracking data.
- IPAM MSM Administrators: IPAM multi-server management (MSM) administrators can manage DNS and DHCP servers.
- IPAM Users: IPAM users can view information in IPAM, but cannot manage IPAM features or view IP address tracking data.
Seeing as how I’ve seen that on both platforms, I’m pretty sure I need to know it. MSM, ASM and Audit are the important ones according to what I’ve seen so far. Obviously, there is no need for me to re-explain this as I literally just reposed info from an article that I linked.
So anyway whats this bit about assining a subnet to a specific person to manage.
So this literally makes almost sense. There isn’t enough steps here, or so it would seem. Dont I have to assign the user some form of iPAM administration and then define a scope? How does that happen?
I keep trying to find further information on this but I’m not finding anything. It clearly says the DHCP admin role but is that using the principle of least privilege? It would appear that this is something you would have to install Server and iPAM to deal with. I may do that at some point but it wont be tonight.