Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
41 Cards in this Set
- Front
- Back
|
cmdlet sets the IP Address Management (IPAM) server configuration, including the TCP port over which the computer running the IPAM Remote Server Administration Tools (RSAT) client connects and communicates with the computer running the IPAM server.
|
Set-IpamConfiguration
|
|
|
cmdlet imports IP address range objects from the specified comma-separated values (.csv) file
into the computer running the IP Address Management (IPAM) server. The computer running the IPAM server does not |
Import-IpamRange
|
|
|
cmdlet imports one or more IP address objects from the specified comma-separated values (.csv) file into the computer running the IP Address Management (IPAM) server. Any objects that fail being imported during the operation are logged in the appropriate error log file for further analysis.
|
Import-IpamAddress
|
|
|
cmdlet gets the IP Address Management (IPAM) custom field information.
|
Get-IpamCustomField
|
|
|
cmdlet gets the configuration for the computer running the IP Address Management (IPAM) server, including the software version number and the TCP port number over which the computer running the IPAM Remote Server Administration Tools (RSAT) client connects and communicates with the computer running the IPAM
server. |
Get-IpamConfiguration
|
|
|
cmdlet exports all of the IP address ranges of the specified address family from the computer running the IP Address Management (IPAM) server as a comma-separated values (.csv) file or as an array of Windows
PowerShell® objects or both. |
Export-IpamRange
|
|
|
cmdlet exports all of the IP addresses of the specified address family from the computer
running the IP Address Management (IPAM) server as a comma-separated value (.csv) file or as an array of Windows PowerShell® objects or both. |
Export-IpamAddress
|
|
|
cmdlet adds a new custom value to the specified multi-valued custom field name in IP Address Management (IPAM). The multi-valued custom field can either be built-in or user-defined.
|
Add-IpamCustomValue
|
|
|
cmdlet adds a new custom field name to the computer running the IP Address Management
(IPAM) server. The user can indicate if the newly added custom field is free form or multi-valued. |
Add-IpamCustomField
|
|
|
cmdlet creates and links three group policies specified in the Domain parameter for provisioning required access settings on the server roles managed by the computer running the IP Address Management (IPAM) server.
|
Invoke-IpamGpoProvisioning
|
|
|
What is IP Address Management?
|
keeps track of address leases, static assignments in the busy day to day operation, who leased a particular IP address, deals with things such as potential legal issues, governmental, regulatory industry compliance, able to manage aspects of the DHCP console, and monitor DNS.
|
|
|
IPAM gives us excellent Administration over our IP infrastructure, that broken down into 4 focus areas:
|
#1.Planning
#2.Managing #3.Tracking #.4 Auditing |
|
|
IPAM Planning-this deals with ?
|
• “How do we design and plan our IP address address ranges,
• how do we plan, design, and implement our DHCP scopes • How can we build our scopes, and build our IP Addresses, • How can we build our subnets to support maximum growth, at the same time, be intuitive to understand, intuitive to track. |
|
|
IPAM Managing-this deals with?
|
• Ex: We get a fleet of laser printers and we need to deploy them throughout our Enterprise; How can we quickly and easily create DHCP reservations or address exclusions for these devices
• How do we know by picking a particular IP address out of one of our scopes, that it’s not already in use; |
|
|
IPAM Tracking/Auditing-this deals with?
|
deals with things such as potential legal issues, governmental, regulatory industry compliance, schemes that require us to document the use of our IP address space and be able to pull those records up to year a more from the past.
|
|
|
Why is The NPS Server is part of the IPAM scheme?
|
because we can devote blocks of IP address for use by our remote access server, and we also want to be able track these as well
|
|
|
How does IPAM work?
|
#1. DNS, DHCP, Domain Controllers, and NPS servers, may be spread among multiple sites
#2. We use IPAM to gather data from all of these , to a central front end (IPAM management console) & inturn IPAM uses the WID to actually store and structure the data. |
|
|
What are IPAM's Deployment' Limitations?
|
#1.There is no central reporting with IPAM; Every IPAM server is an island unto itself and can’t communicate with other servers
#2.IPAM server can’t be on a DC, bust must be a domain member #3.Each IPAM server writes to its own WID #4. Shouldn't be installed on a Infrastructure Server, use to remotely manage only. #5. IP Address Reclamation: gathering, scavenging…etc; is limited to IPv4 &IPAM only discovers and tracks Microsoft network elements #6. Can't manage stand-alone servers or servers in a different forest. |
|
|
this is useful to see at a glance how many IPs we might have left in a given DHCP scope.
|
IP Utilization Trends and Reclamation Support (Advanced Data Gathering)
|
|
|
What are the stats of an IPAM server?
|
#1.*-A single IPAM server can track up to:
-*150 DHCP Servers -*500 DNS Server #2. *-IPAM store 3 years of forensics data for up to 100,000 user, consisting of: -*IP address leases -*Mac Addresses -*User Logon/Logoffs |
|
|
What sub-administrative groups does IPAM create in your AD database?
|
Multi-Server-Management (MSM)
#1.IPAM MSM Administrators- #2.IPAM Audit Administrators, #3.IPAM ASM Administrators #4.IPAM Administrators. #5.PAM Users |
|
|
What server will be affected from a client perspective, which “Infrastructure Servers” will be clients of a particular IPAM server and this is configured through GPOS
|
Provisioning the server scope
|
|
|
refer to what we have in terms of full on IPv4/6 address pools
|
Blocks
|
|
|
are subsets of those pools, that are typically going to be deployed as DHCP scopes; We have the ability to report on utilization, trends, etc.
|
Ranges
|
|
|
What steps do we take to deploy the IPAM server?
|
#1. Connect to IPAM Server
#2. Provision the IPAM server #3. Configure Server Discovery #4. Start server discovery #5. Select or add servers to manage and verify IPAM access #6.Retrieve data from managed servers |
|
|
Explain each step in deploying the IPAM servrer?
|
#1. First we need to install the IPAM feature and select the appropriate server (spademem01
#2. (Provision the IPAM Server)-here we will manage the scope of our servers running the DHCP, DNS, NPS, and DC roles #3. Configuring Automated IPAM discovery; select the domain to discover #4. Start Server Discovery” to run the discovery job manually #5. Select or add servers to manage and verify IPAM Access”, Set Manageability Status, run the powershell cmdlet Invoke-IpamGpoProvisioning #6. Retrieve Data from managed servers |
|
|
allows us to create Range Groups, which will show all our scopes on our DHCP server, and show us the utilization statistics for all of them
|
IP Address Range Groups node
|
|
|
This node is important if we are having connectivity problems
|
Server Inventory node
|
|
|
which shows us how many addresses are being utilized, Assigned Address: which are part of the range, but not handed out yet
|
allows us to look at Event IDs that are pertinent for particular IP addresses
|
|
|
we can monitor the status of a zone, and at a glance, we can tell whether it’s online or offline
|
DNS Zone Monitoring node
|
|
|
If we were interested in 192.168.2.50, and we’ll say “Who owns this address since ##/##/### to etc, what would we use in IPAM?
|
IP Address Tracking
By client id, host name, or user name |
|
|
How do we configure a reservation for a particular client or printer in IPAM?
|
right click the Block > “Find and Allocate Availabe IP Addresses>specify the mac address and specify the assignment type...etc
|
|
|
the process where IPAM server checks with AD to locate DCs, DNS, and DHCP servers.
|
Server Discovery
|
|
|
What 3 Group Policy objects are created when run the PowerShell cmdlet "Invoke-IPamGpoProvisioning"
|
#1.IPAM_DC_NPS
#2.IPAM_DHCP #3.IPAM_DNS |
|
|
What is the benefit of having an IPAM server?
|
#1.Enables us manage all the IP addresses in our organization
#2.Detects overlapped IP address ranges, determine IP address utilization, and what IP addresses are free #3. Can Create DHCP scopes, reservations, and create DNS reocrds based on IP address lease info. |
|
|
IPAM seperates the IP address space into blocks, ranges, and individual addresses. What is a IP address block?
|
a large collection of IP addresses that you use to organize the address space used in your organization at the highest level. An IP address "range" is part of an IP address block and can't map to multiple IP address blocks. Ex: Start IP Address: 172.16.0.0 End IP Address: 172.31.255.255
|
|
|
users have the rights to perform common IPAM management task such as managing server inventory, and have read only access to the IP address space, and are unable to view or perform IP address tracking tasks.
|
IPAM MSM Administrators
|
|
|
Members of this group are able to view IPAM server information such as address space and operational server information, but they are unable to view IP address tracking information
|
IPAM Users
|
|
|
these users are able to perform all tasks that can be performed by members of the IPAM users group, but they can also manage the IP address space, but can't perform monitoring tasks and are unable to perform IP address tracking tasks.
|
IPAM ASM (Address Space Management) Administrators
|
|
|
Members of this group are able to manage server inventory and perform common management tasks, but they have read-only access to the IP address space and IP address tracking information
|
IPAM IP Audit Administrators
|
|
|
Members of this group are able to perform all task on the IPAM server, including viewing IP address tracking information
|
IPAM Administrators
|
