Managing Server Inventory
Applies To: Windows Server 2012 R2, Windows Server 2012
This topic contains information and procedures you can use to manage the server inventory in IPAM. To review best practices for server discovery and configuring managed server settings, see Discovery and Provisioning.
Also see the following topics in the Plan and Design IPAM for information about discovering, adding and removing servers from the server inventory, choosing a manageability status, and enabling IPAM access:
See the following topics in the Deploy IPAM to review step by step procedures for managing the server inventory:
The IPAM server inventory is not the same as the pool of computers that are available for remote management in Server Manager. The IPAM server inventory is a list of computers located on IPAM’s managed network that have been discovered or manually added to the IPAM database. The server inventory can include computers that are managed, and computers that are not managed by the IPAM server.
Use the lower navigation pane to view only managed servers or unmanaged servers.
Adding servers to the inventory
IPAM leverages Active Directory to discover and validate the computer accounts of servers in the server inventory. There are two methods to add servers:
Discovery: The IPAM ServerDiscovery task will automatically add domain controllers, DNS servers, and DHCP servers to the server inventory that are within the scope of discovery and found in Active Directory. NPS servers are not automatically discovered and must be added manually. By default, the task runs once every 60 minutes.
You can run the ServerDiscovery task on-demand by clicking Manage and then clicking Start Server Discovery. To configure a different time interval for the ServerDiscovery task, open Task Scheduler on the IPAM server and navigate to Microsoft>Windows>IPAM.
Manual: If a computer account is present in Active Directory, it can be added to the server inventory. The computer’s fully qualified domain name must also resolve to an IPv4 or IPv6 address using DNS. If you add a server manually, at least one server role (domain controller, DNS server, DHCP server, or NPS server) must also be selected manually. To add a server to the inventory manually, click TASKS and then click Add Server.
If IPAM Server is installed on the same computer with DHCP Server, then IPAM will not discover DHCP servers on the network. Other computers running DHCP Server must be added manually. Also, in order for IPAM to manage DHCP on the local server, Network Service (instead of IPAMUG or the IPAM server’s computer account) must be added to the local DHCP Users and Event Log Readers security groups.
Servers that are added to the server inventory will have a default management status of Unspecified. Other choices for manageability status are Managed and Unmanaged. Choosing a manageability status for computers in the server inventory has the following effects:
Access settings: If you are using the automatic GPO-based provisioning method, choosing a manageability status of Managed will automatically add the computer name to security filtering for the appropriate GPOs based on server roles that are selected next to Server type. Selecting a status of Unmanaged will remove the computer name from security filtering for all GPOs. Selecting a status of Unspecified will make no changes to the current security filtering configuration. If you are using the manual provisioning method, you are required to make these changes manually. Changes to Group Policy will not take effect until Group Policy is refreshed on managed or unmanaged servers.
IPAM database: When a computer is added to the server inventory, information about the computer is added to the IPAM database by data collection tasks. This information includes general posture data such as the computer’s IPAM access status and can also include role-based details such as DHCP scope properties, IP address utilization statistics, DNS zone health, and event catalog data.
If a computer is assigned a manageability status of Managed, then IPAM gathers and stores historical role based data. If a computer is assigned a manageability status of Unmanaged, then IPAM does not store role based data and will purge any data that current exists for this computer. If a computer is marked as Unspecified, IPAM does not attempt to gather new role-based data from the computer, but it will maintain all data that currently exists.
IPAM access status
Use the details view to review specific information about computers in the server inventory.
Some quick fixes to unblock IPAM access on managed servers include:
Use Group Policy Management to verify that the computer’s domain and host name is listed in the appropriate GPOs under Security Filtering, or verify the configuration of manually configured settings.
Use Group Policy Results (gpresult.exe) to verify that Group Policy has been applied to managed servers.
Refresh server access status information by running the IPAM ServerDiscovery task. To run this task, right-click the computer in server inventory and then click Refresh Server Access Status.
Refresh the IPAM client console view.
If DHCP or DNS security groups were modified, restart the DHCP Server or DNS Server services to apply new settings and permissions.