New video uploaded: Promoting first Domain Controller

Hello everyone! I uploaded a new video to my Youtube channel which you can access using this link: https://youtu.be/ZI1UwezXkdM

In the video I show how you can promote your first domain controller on Windows Server 2019, creating your first forest and domain in the process.

If you like it please subscribe to be notified for any new videos I post and feel free to leave a comment with ideas or improvements.

New YouTube channel

Hello everyone. I have created a YouTube channel where I plan to post different videos about Windows Server (but not just). The channel is named AboutIT and you can access it at the following link:

https://www.youtube.com/channel/UCcZ-jLbPwNr8E_v9-65n8Iw?view_as=subscriber

I will post from time to time here also but the main content will be now on YouTube. I will be making single videos, video series and maybe also longer “unplugged” videos.

I hope I see you guys there!

Create a Powershell Module repository in a file share

    Tested on: Windows Server 2012 R2, 2016 and 2019

   Note: I will assume that you do not have your servers connected to the internet and also that you want to configure the newly created repository source on all your servers via scripting so the method I am presenting has this in mind.

    In case you have a lot of Powershell modules created by you and your team or you get them from external sources and want to deploy these modules in a much nicer way than copy/paste, you may want to use a Powershell Module repository. One more thing you may need is to have the repository internal to your company and not a public one like Powershell Gallery. Well, then you will find out how to create one in this post.

    You can host a repo like PS Gallery but you have a lot of configuration to do and if your goal is just to have the files somewhere and install them on your servers a file share based repository will work just fine. 

    To make such a repository on a server you will need to do the following:

  • Install NuGet provider (this part must be done also on the clients that will connect to the repo to download modules)
  • Install NuGet.exe
  • Create the repository folder and share it
  • Configure the repository

    After the steps above are done you will have to perform the first step on the servers that will act as clients and also register the repo on them.

    Install NuGet provider

    For this part you will need an internet connected machine just for the first time in order to get the files in question (Windows 10 works also). So on the chosen computer just run the following Powershell command and press Y when prompted:

 


Find-Module

 

    The NuGet provider folder will be placed in: C:\Program Files\PackageManagement\ProviderAssemblies. This has to be copied to the repository server and on all the clients that will access the repo.

    Install NuGet.exe

     This file is needed just on the Powershell Module repository server in order to be able to publish modules to it. To get it just go to the following link and download the latest recommended version.

    Place the NuGet.exe file in C:\ProgramData\Microsoft\Windows\Powershell\PowershellGet. If any of the folders from the path are missing just create them yourself.

    Create the repository folder and share it

    Almost done! Now let’s create the actual path where the modules will be kept. I will make a folder C:\Repo and leave the default security permissions on it. For a production case you have to think which users will need Read access to be able to install modules and which ones will need Write access to publish modules. Also important if you use DSC to install modules and do not connect to the repo as a user is to put the computer accounts with Read permissions.

    The folder has to be shared to register it on the other clients. I set Administrators with Full Control and Everyone with Read.


New-Item -Name Repo -Path C:\ -Type Directory

New-SmbShare -FullAccess BUILTIN\Administrators -Path C:\Repo -Name Repo$

    Configure the repository

    Now it’s time to create the actual file share based repo. 


Regirter-PSRepository -Name PSRepo -SourceLocation C:\Repo -PublishLocation C:\Repo -InstallationPolicy Trusted -OneGetProvider NuGet

    With this command you now have the repository ready to go. Now you can publish modules, register the repo on clients and install modules.

    Register the file share repository on clients

    In order to use the repository you will have to register it on the machines you want to get modules on. The command to do this is user specific:


Register-PSRepository -Name PSRepo -SourceLocation \\SRV01\Repo$ -InstallationPolicy Trusted -OneGetProvider Nuget

    Examples of using the new repository

    OK. First lets make a very simple powershell module on the repository server composed of a PSM1 file and a PSD1 file.

    The module will be called TestModule so make a folder with this name somewhere on the server (not in the repo folder). The PSM1 file contents are:


Function Get-Stuff

{

'Stuff'

}

    Save the file as TestModule.psm1. Now for the TestModule.psd1:


@{
ModuleVersion='1.0.0'
RootModule='TestModule.psm1'
Description='Just a test module'
Author='Admin'
}

    Now to publish the newly created, very awsome and extra complicated module just run:


Publish-Module -Path C:\TestModule -Repository PSRepo

    Now go on a client and try to find and install it:


Find-Module TestModule

Install-Module TestModule

    I did not specify the repository because, since my machines have not been connected to the internet this is the only repo I have registered on them and also it would have been the default because it is the lates registered one.

    Now you can also test to change the version of the module in the PSD1 file and register it. Both versions are available and they can be seen either on the server in the folder or by adding -AllVersions to Find-Module. 

    There you have it! A quick look at building the simplest Powershell Module repository server.

Data Deduplication in Windows Server

   Starting with Windows Server 2012 Microsoft introduced a new technology (for them) into the OS: data deduplication. This feature is very useful for freeing up space on a volume by splitting files into smaller bits, finding the common ones, pointing the original file location to these bits and deleting the repeated ones. Depending on the workload, you will see variable percentanges of deduplication rates. Speaking of deduplication rates, you do not have to enable this feature just to see how much space you will save for a specific volume. Microsoft has a tool named DDPEval.exe that will approximate the space savings data deduplication will offer.

    Using DDPEval before enabling deduplication

   This tool is very useful for generating reports about what data deduplication can achieve if enabled on a specific volume. It has a couple of switches which let you specify that the tool should evaluate files in use or the amount of CPU to use when running. Keep in mind that the values you will get from this tool are not 100% accurate and most probably you will see differences when actually enabling dedup. 

   In my case I have a 50GB partition on which there are a couple of ISO images (no duplicates) and some videos. These files total 22.07 GB in size and DDPEval says that after deduplication they will take up 16.79 GB.

   Here is an output from my test run of DDPEval:

DDPEval test run
DDPEval test run

   The /P switch lets the tool know to also evaluate files in use which in my case did not count because I had nothing open when running it.

    Enable Data deduplication

   If you are happy with what DDPEval returned then the next step is to actually enable data deduplication. The first thing to do is to install it either from Server Manager or using Powershell. Let’s see the second option:


Install-WindowsFeature FS-Data-Deduplication

Install data deduplication
Install data deduplication

   Easy enough. Now comes the interesting part: enable and configure data deduplication. This can also be done either from Server Manager or from Powershell. Installing the feature also installs a cool module for managing dedup. Here is how to find it and see the CmdLets that it offers: 


Get-Module *dedup* -ListAvailable

Get-Command -Module Deduplication

Data deduplication Powershell module
Data deduplication Powershell module

   Now we enable data deduplication for the D: volume (this is where I have my test data). Let’s switch it up and do it from Server Manager. Just go to the volumes view, right click on the desired item and select “Configure Data Deduplication..”.

Enable Data Deduplication
Enable Data Deduplication

   Next select the deduplicated workload. There are 3 pre-configured options:

  •    General purpose file server
  •    Hyper-V/VDI data
  •    Backup workload

   These 3 options are dedup policies which set a couple of options for deduplication like file type exclusions or the age of files to be deduplicated. Select the workload you will use, add whatever modifications you need like file or folder exclusions and click OK.

Configure Data Deduplication
Configure Data Deduplication

   In case you want to use Powershell to enable dedup just use Enable-DedupVolume:


Enabe-DedupVolume -Volume D:\ -UsageType Default

    Configure Data Deduplication

    When you enable deduplication you are not actually running anything but actually configuring scheduled tasks that will execute different dedup jobs. The scheduled tasks can of course also be run on demand and you can also execute the different deduplication jobs directly using Powershell.

   There are 4 data deduplication job types:

  •    Optimization (check files, create chunks, put them in the chunk store and create reparse points)
  •    Garbage collection (reclaim space by deleting chunks that do not point to any file)
  •    Integrity scrubbing (scans for corruption in the chunk store and repairs errors if possible)
  •    Unoptimization (disables deduplication for the specified volume)

   To get a list of the running jobs just use:


Get-DedupJob

Get a list of running jobs
Get a list of running jobs

   Out of the 4 jobs only the first 3 are executed on a schedule using Task Scheduler, while the forth has to be run manually since it is used to undedup a volume. You can see the 3 tasks in the Deduplication section of the Task Scheduler console.

Deduplication tasks
Deduplication tasks

   Use the following command to get the list with Powershell:


Get-ScheduledTask -TaskPath \Microsoft\Windows\Deduplication\

Deduplication tasks in Powershell
Deduplication tasks in Powershell

   Before I show you how to run the optimization job, just one tip: By default, deduplication will optimize files older than a specific number of days so if you want to test it after it is enabled you might think it did not work or it did not do a good job as some files might be newer than the minimum age. To set a file age use the following command (0 means deduplicate all files even if they are 1 minute old):


Set-DedupVolume -Volume D: -MinimumFileAgeDays 0

   Now we are all set. To deduplicate a volume on demand just start the dedup job either with the Start-DedupJob CmdLet or with the Start-ScheduledTask CmdLet. Check the volume status with Get-DedupVolume.


Start-ScheduledTask -TaskPath \Microsoft\Windows\Deduplication\-TaskName BackgroundOptimization<br />
Get-DedupJob

Get information about deduplication on a volume
Get information about deduplication on a volume

   This was just a short walkthrough of Data Deduplication on Windows Server. Have fun playing around with it.

Change from Server Core to GUI and back

   Note: This works only on Windows Server 2012 and Windows Server 2012 R2

   In case you still have 2012 or 2012 R2 and need to re-enable the GUI on a server core installation or, why not, transform a GUI version into server core then you may find this useful. The extent of the post will cover going from a Server Core only installation (server never had the GUI part installed or it was removed permanently) to GUI. Going back is simple as it takes just a Powershell CmdLet and switching from Server Core to GUI with the graphic components already on the server also requires just a CmdLet.

    Starting with Server Core and going to GUI

   If you install a Windows Server as server core you do not have the graphical components included in the installation so you will need them from an installation media. Try running Get-WindowsFeature and you will see that the 3 features under User Interfaces and Infrastructure are Removed, not just Not installed.

GUI features removed
GUI features removed

   In this case before trying to install the GUI features we must first get the components. These are located in the SxS folder that is in the install.wim file from the Windows Server 2012/2012 R2 ISO. In this example my ISO is mounted in D:\.

   To get the SxS folder first we must get get the index list from the WIM to make sure we mount the SKU that contains GUI components. Just run the following:


Get-WindowsImage -ImagePath D:\sources\install.wim

Windows WIM indexes
Windows WIM indexes

   Judging from the names only indexes 2 and 4 are good for our purpose. OK, now we mount the image. First create a folder where it will be linked (C:\mount in this case) and run the CmdLet:


Mount-WindowsImage -Path C:\mount -ImagePath C:\sources\install.wim -Index 2 -ReadOnly

Mount install WIM
Mount install WIM

   The -ReadOnly is needed because we are mounting the WIM directly from a DVD and it cannot be modified in this case. 

   Now just install the GUI components and after that restart the server.


Install-WindowsFeature -Name Server-Gui-Shell -Source C:\mount\Windows\WinSxS

Install GUI components
Install GUI components

   Note: In case the graphical components are already located in your Windows installation then just run the above command without the -Source parameter.

    Starting with GUI and going to Server Core

   This is the easy part and highly recommended after an installation and configuration of the server. Just run this command to get the switch done:


Remove-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell

   Add -Remove to the command to permanently delete the graphical components. If you do this and want to enable the GUI later just use the method I showed in this post. The WinSxS folder can be placed in a shared folder to make things easier.

Windows 10 1809 pulled and Windows Server 2019 is collateral damage

   As you probably have heard, there are a lot of problems with the October 2018 update of Windows 10. One of the most known and the one Microsoft used for a reason for pulling the update is the ‘File deletion problem’ for users that are upgrading from a previous build. How such a problem escaped from the eye of the QA team and the persons curating the bugs signaled by Insiders is unimaginable for me but here we are.

   The sad thing is that not only Windows 10 1809 is the victim of carelessness on Microsoft’s part but also Windows Server 1809 and Windows Server 2019 (the long awaited Windows Server 2019 for people not buying in the Semi-Annual Channel movement or the ones that like to click from time to time on C:\ rather than always typing dir C:\).

Server 2016 pulled
Server 2019 pulled

   You may be wondering why was also the server OS removed from the official MS download sites? Well Windows Server 2019 and Windows 10 have more than the Windows name in common; they actually share a lot of code between them and it’s normal that this version would also be pulled as MS needs to merge the fixed code and reintegrate everything so we get a new, maybe working, final build of client and server. “But I never update my server OS, I always install it from scratch!” you say. Maybe you do it but there could be other admins/organizations that use the update method (supported by Microsoft with a maximum of 2 earlier versions). One other reason is this: do you really believe that the update is the only thing that does not work in the new build? For sure not, in my opinion so it is better to wait and be safe (think of the time you were a teenager).

    My opinion on the latest Microsoft blunder

   I think that we get such issues at every build release (at least Windows 10 builds) because of Microsoft’s new direction to force everyone to update at their pace (which it seems they also cannot keep up with). Even though they loosened up a little with the new fall update 30 month support they are still bent on releasing 2 builds per year and it seems it is overwhelming even for them. For IT pros in companies, the promise of easy upgrades seems further and further with each build Microsoft releases.

   The sad thing is that now also the server OS is dragged in this situation and it is pretty bad. On one hand MS says ‘We released 2019. Upgrade now!’ and on the other they pull the download a couple of days after that because of problems. How am I supposed to trust them with my production workload when this happens?

   In the end I hope this is a lesson for Microsoft either to not rush releases just to meet self imposed deadlines or to lessen up this policy of Update! Update! Update! Let’s see…

 

Linux in WSL on Windows 10

    Note: The Windows version used in this article was Windows 10 Enterprise 1809 but installing Ubuntu or other supported Linux distros should work the same at least for 1803 and 1709.

   Note2: This is just one method for installing a Linux distribution in WSL. There is also the possibility to get a distro from the Microsoft Store if available.

    In case you work in a diverse environment where you don’t manage only Windows then you may have come across the need to have a Windows client and a Linux client, or at least some tools from each OS. Microsoft tried to solve this situation by introducing WSL on Windows 10 (and Windows Server).

    WSL stands for Windows Services for Linux and it is actually a distribution that runs on top of Windows 10. 

    In order to have WSL on Windows 10 with a specific Linux distribution follow these steps:

    – Enable the WSL feature

    – Download a distribution

    – Install the distribution in WSL

    Enable the WSL feature

    This can be done with a powershell command and requires a restart before continuing.


Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

    Press Y after the command finishes in order to restart the computer.

Enable WSL on Windows 10
Enable WSL on Windows 10

    Download a distribution

    Now that the WSL feature is installed we need a Linux distribution that is supported. At the time of writing this article there are 7 variants available:

    Ubuntu 18.04

    Ubuntu 18.04 ARM

    Ubuntu 16.04

    Debian GNU/Linux

    Kali Linux

    OpenSUSE

    SLES

    Either right click on a link and save the content somewhere or use the following Powershell command.


Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1804 -OutFile .\Ubuntu.appx -UseBasicParsing

    The appx file will be saved in the current directory where the powershell prompt is located.

Donwload the Linux distribution
Donwload the Linux distribution

    Install the distribution in WSL

    Installing the desired distro is fairly simple. The appx file is actually an archive so all is needed is to extract the contents in a folder from where the Linux distribution will run from now on and to initialize it with a username and password.

    To extract the archive contents just replace the appx with zip:


Rename-Item .\Ubuntu.appx .\Ubuntu.zip
Expand-Archive .\Ubuntu.zip

Extract the package contents
Extract the package contents

    Navigate with Powershell to the folder where the distro should run from (the package should also be there), replace appx with zip and extract the archive. A folder named Ubuntu should now be created and in it there should be a file named ubuntu1803.exe. This exe should be executed to initialize the current distribution and to execute the Linux prompt from now on.

    Before executing the exe make sure Powershell (or cmd) is executed as Administrator. A username and password will be required; do not forget the password as it will be needed anytime you run an elevated command with sudo.  

Install Ubuntu WSL
Install Ubuntu WSL

    Run the Linux shell

    To open the shell just use one of the following commands from cmd or Powershell:

    – WSL.exe

    – Bash.exe

    – Ubuntu1804.exe (from the install directory)

 

IPAM Events

    IPAM Events introduction

    The third interesting thing we can do in the IPAM console is to view Events of different types. Just click on EVENT CATALOG and you will see the 3 categories of events in the lower menu pane.

    The 3 event types are:

  • IPAM Configuration Events: You can see what configuration chages have been done to the IPAM server and also events related to IP addresses.
  • DHCP Configuration Events: In this pane you will be able to see what changes have been made to the DHCP servers like scopes, configurations, reservations and more
  • IP Address Tracking: You will see events about IP addresses selected by IP, MAC and host name. This pane contains events that show logons searchable by user name

IPAM Events Menu
IPAM Events Menu

    IPAM Configuation Events

    You wil be able to see events related to configurations applied to the IPAM servers. This includes adding address ranges, scopes, changing settings, adding addresses, and much more. Let’s look at some examples.

    You can see events related to server management and discovery:

IPAM Events: Servermanagement
IPAM Events: Server management

    Adding address blocks creates also events. The same goes for creating addresses.

IPAM Events: Adding address block
IPAM Events: Adding address block

    Updates you make to DHCP from IPAM are also logged.

IPAM Events: Modify DHCP settings
IPAM Events: Modify DHCP settings

    In case you want to find an event from a specific category then you can filter them. Just expand the main pane to reveal the Add criteria button.

IPAM Events: Expand main pane
IPAM Events: Expand main pane

   Expand the criteria list and choose one or more. Let’s pick Task Category and enter for example Multi-Server Management in the text box. After  you click search the events have been filtered.

IPAM Events: Filter
IPAM Events: Filter

    DHCP Configuration Events

    The events you can find in this part are all about DHCP. When you create a scope or change a setting an event is created with what was done. For example setting the lease duration creates an event with the exact information that was changed.

IPAM Events: Setting DHCP options
IPAM Events: Setting DHCP options

   Of course you can filter these events also in the same way as the previous category.

    IP Address and Logon Events

    Probably the most interesting part of the events are the ones about IP Address tracking and also account logons. This means that you will be able to see which host got which IP and when a specific account authenticated to the domain.

    There are 4 criteria usable to search for events:

  • IP Address
  • Host ID (MAC Address)
  • Host name
  • User name

IPAM Events: Address tracking
IPAM Events: Address tracking

    If you need to search for events by IP address just click on that specific tab, enter the IP address and also a time interval. All events between the 2 periods and which are related to that IP will be found.

IPAM Events: Search by IP
IPAM Events: Search by IP

    Searching by MAC or by Host name is exactly the same. Just put in the info and the events will be retrieved. Filterig by User name is done also in the same way but the interesting thing is that you will get events about Authentication on the domain for that user with date, time and host on which the event occured. Let’s try for Administrator:

IPAM Events: User authentication
IPAM Events: User authentication

    Other types of events are also retrieved, of course, but I think these are the most interesting.

    IPAM Events purge

    In case you have IPAM installed on Windows Server 2016 you have the ability to delete old events directly from the IPAM interface. The older versions of Windows did not provide this functionality. This action is useful if the database gets too big and you need to delete some data.

    I order to purge old events just select Purge event catalog data from the TASKS drop down, select the event types to target and set a date. All events older than or with the same date will be deleted.

IPAM Events: Start a purge
IPAM Events: Start a purge

IPAM Events: Purge Settings
IPAM Events: Purge Settings

    After you do this task and check the IP Address tracking events everything older than that date should be gone.

 

IPAM Services Tasks

    In the last post we covered tasks related to IP address space that abstract the actual infrastructure like services and servers. In this post we will go a little deeper and see tasks related to services like DHCP and servers that host them. You can find the submenus which we will use under Monitor and Manage.

    We will be looking at the first 3 menu items. From the last one you can configure the servers to be shown in groups based on different criteria. The first submenu you can see is DNS and DHCP Servers from where you will be able to configure settings related to the actual DNS and DHCP servers. In the next 2 submenus you will see your DNS zones and DHCP scopes and will be able to change settings and do different tasks.

    IPAM tasks related to DNS and DHCP servers

    After you click on the first submenu you will see a list of both DNS and DHCP servers along with some info about their state, time elapsed while in that state and more.

IPAM Services: View server list
IPAM Services: View server list

    In case you want to see only DHCP servers for example just choose this option from the Server Type drop down. When only DHCP servers are selected you will have the option to choose different information that can be viewed by selecting it from the View drop down menu.

IPAM Services: List only DHCP servers
IPAM Services: List only DHCP servers

    If you right click on one o the servers you will be able to see the options available. We can edit the DHCP server properties, add/delete DHCP server wide options, create a scope, add new user/vendor classes, launch the DHCP MMC connected to that server and more.

IPAM Services: View DHCP server tasks
IPAM Services: View DHCP server tasks

    Server properties which can be edited are related to DNS Dynamic Updates, DNS Credentials for dynamic updates and also MAC Filters as you can see from the image below.

IPAM Services: Edit DHCP serer properties
IPAM Services: Edit DHCP serer properties

   Adding or removing DHCP server wide options is very easy from the IPAM interface. Here is a screenshot with the dialog box for this task:

Add/Remove DHCP server wide options
Add/Remove DHCP server wide options

   You can see a lot of info about the servers or services highlighted in the Details View. Here is an example of information about a DHCP server.

IPAM Services: Details View
IPAM Services: Details View

   If you right click on a DNS server you will observer that the options are a little slimmer. We can open a DNS MMC, create a zone and create forwarders. Not too much to talk about here.

IPAM Services: DNS tasks
IPAM Services: DNS tasks

    We can create a zone very easily from IPAM by just selecting the option on a speciic DNS server and completing the info like zoe name, type, category, where to store it and more.

IPAM Services: Create a DNS zone
IPAM Services: Create a DNS zone

    IPAM tasks related to DHCP scopes

    Let’s head over to the DHCP Scopes submenu. Here, of course, we will see a list of our DHCP scopes and some info about them like lease duration, prefix length, percent occupied and more.

IPAM Services: DHCP Scopes view
IPAM Services: DHCP Scopes view

    Tasks that we can perform on scopes is edit them, duplicate them, create reservations, configure scopes for failover, deactivate them and more.

Scope tasks
Scope tasks

    If you want to create a DHCP reservation it is very simple: just enter a name for it, an IP address and the MAC address of the client which will get the IP. DNS Dynamic Updats should be set to Yes if you want the client to have a DNS entry generated.

IPAM Services: Create DHCP reservation
IPAM Services: Create DHCP reservation

    And here is how it looks in the DHCP console:

DHCP reservation
DHCP reservation

    Reservations can also be viewed from the DHCP Scopes pane by setting Current View to Reservations. The one we created is Inactive because the MAC address that I used does not correspond to any of my clients.

IPAM Services: DHCP reservation virew
IPAM Services: DHCP reservation virew

    IPAM tasks related to DNS zones

    The last part we will cover in this post is the DNS Zones submenu. The info we see by default is a list of all forward lookup zones from the managed DNS servers with some information about them like Status, Primary Server and more. There are not a lot of tasks possible for DNS zoes as you can see:

IPAM Services: DNS Zones
IPAM Services: DNS Zones

    Probably one of the most usual tasks you do regarding DNS is to add records. From IPAM you can do this really easy. Just select your zone and open the Add DNS resource record wizard. Select the resource type, specify the name, IP address and if a PTR record should be created in the reverse lookup zone. Add it to the list and finish the wizard.

Add a DNS A record
Add a DNS A record

    And here it is in the DNS MMC console:

DNS Console
DNS Console

    I advize you to try the features out for yourself in your test environment to get a real feel for the IPAM console. 

IPAM IP Address Space Tasks

    Since we saw an overview of the IPAM console in the previous post, I think it’s time to go deeper in the IP address space tasks in this post. We will be looking into creating address blocks, adding addresses, finding available addresses and other tasks. We will do everything from the IP ADDRESS SPACE section of the IPAM console.

Address Space Tasks Menu
Address Space Tasks Menu

 

    Address Space tasks related to Address Blocks

    Address Blocks are the biggest unit of classification for address space. You would usually assign an address block to a network like 172.16.0.0/16, for example.  You will have to create all your address blocks manually because IPAM does not do it by itself. Let’s create the block for 192.168.1.0/24.

   From the Tasks menu in the upper right select Add P Address Block…

Open the Add Address Block wizard
Open the Add Address Block wizard

    In IPAM all fields with a star in front of them are mandatory. Put in the Network ID 192.168.1.0, the Prefix Length 24 and, of course, 192.168.1.0 and 192.168.1.255 for the Start Address and End Address.

Address Space Task: Add Address Block
Address Space Task: Add Address Block

    Now you can view the result. One interesting thing we can see is that the address utilization of a block’s ranges is displayed in the summary. Since in our case we have the DHCP server with only one IP used this is what we get in the output:

Address Block Info
Address Block Info

    The other task we can do with blocks is to edit one. The edit screen looks exactly like the create screen; nothing special. Next up is IP Address Ranges.

    IP Address Space tasks related to Address Ranges

    We can divide an address block in multiple ranges. An address range might be for example a DHCP scope or just a division of a network with static addresses managed by IPAM. In the case of ranges that correspond to DHCP scopes we don’t have to do anything for them to show up in the database; they are imported automatically.

    If you have your scope created this is what you should see when switching to the IP Address Ranges context menu in the upper left:

IP Address Ranges
IP Address Ranges

    And here is what we can do with an address range:

IP Address Range tasks
IP Address Range tasks

    We cannot edit most of the properties of a range that is imported from DHCP. From the second menu item we can associate the address range with a DNS reverse lookup zone.

    One task that you probably do a lot of times is search for available IPs to allocate to devices. You can do this now using Find and Allocate Available IP Address… When you click it, IPAM will find an address, ping it, check if it is in DNS and permit you to use it in case it is vacant. 

Find available IP Address
Find available IP Address

    Since this is a DHCP related range it makes sense to create a reservation with the found address because DHCP is perfectly capable to find an IP address all by itself. So scroll down and let’s complete the information needed. In the first part you don’t have to do anything:

Add IP Address info
Add IP Address info

    Now scroll down and let’s enter the next information. For the Client ID put the device MAC address without any separator character. You can also enter the MAC at the beginning and check the Associate MAC to Client ID checkbox. Select one of your DHCP servers for the Reservation Server Name and make sure everything else looks like in the screenshot.

Add DHCP reservation
Add DHCP reservation

    We can also add the IP address in DNS in case the device cannot register itself. Just enter a name and select the forward and reverse lookup zone so an A and PTR record can be created. Check the checkbox also.

Add DNS record
Add DNS record

    Click OK and wait. You should see a reservation on the DHCP server and records in the forward and reverse lookup zone.

    One last task we can do is to reclaim addresses. Open the Reclaim IP Address wizard and let’s start.

Reclaim IP Address
Reclaim IP Address

    From here select the address you want to reclaim and click OK. In case you want to delete the DNS and DHCP related data make sure you check the 2 boxes on the top of the window.

    IP Address Space tasks related to IP Addresses

    In the last part of the post we will see what we can do with individual addresses. The first task is to add one. We do this by opening Add IP Address… rom the TASKS menu. The wizard is the same like the one when we found an available address and used it. I will add my 2 domain controller addresses and choose IPAM for the Service.

    One other way to add addresses (and not only) is to import them. You can make this task by creating a CSV file with the address info and selecting Import IP Addresses… from TASKS. Here is how the file looks when importing the IPAM-SRV1 address:

CSV to import IP address
CSV to import IP address

    And in case you want to copy the text to try it for yourself:


IP address,managed by service,service instance,device type,ip address state,assignment type,device name
192.168.1.2,ipam,localhost,host,in-use,static,IPAM-SRV1

    Copy the text, place it in a file and save it with the .CSV extension. You should have 3 addresses in the list:

IP address list
IP address list

    As for tasks related to IPs: we can edit the info, create a DHP reservation, create DNS entries and delete the above mentioned.

   Note: IPAM does not import IPs given by DHCP servers out of the box. A scheduled task has to be created in order to do this. Microsoft provides a Powershellmodule for this, which I will cover in a later post.

    These have been some of the basic tasks we can do related to IP Address Management. Next we will look at managing servers and services.