Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Assign Administrator Roles

Applies To: Windows Server 2012, Windows Server 2012 R2



Checklist: Assign Roles > Configure IPAM Server Roles > Assign Administrator Roles

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

Use the following procedures to update server discovery and managed server role settings:

  1. On the IPAM server, click Tools on the Server Manager menu and then click Computer Management.

  2. In the Computer Management console tree, open Local Users and Groups and then click Groups. The following local IPAM security groups are displayed:

    • IPAM Administrators: IPAM administrators can view all IPAM data and manage all IPAM features.

    • IPAM ASM Administrators: IPAM address space management (ASM) administrators can manage IP address blocks, ranges, and addresses.

    • IPAM IP Audit Administrators: IPAM IP audit administrators can view IP address tracking data.

    • IPAM MSM Administrators: IPAM multi-server management (MSM) administrators can manage DNS and DHCP servers.

    • IPAM Users: IPAM users can view information in IPAM, but cannot manage IPAM features or view IP address tracking data.

  3. To add a user or group to the group, double-click the group, click Add, type the username under Enter the object names to select, and then click OK.

  4. Verify that the user you added is displayed under Members.

    IPAM admin

  5. To remove a user or group from the group, click the user under Members and then click Remove.

  6. To add or remove another user or group, repeat this procedure.

  7. Click OK when you are finished, and then close the Computer Management console.

The following table summarizes IPAM actions and functions that are permitted or denied with membership in the specified security group. Access rights are additive if a user or group is a member of multiple security groups.

 

Security Group Server Inventory IP Address Space Monitor and Manage Event Catalog IP Address Tracking Common Management Tasks

IPAM Administrators

Manage

Manage

Manage

View

View

Manage

IPAM ASM Administrators

Manage*

Manage

View

View

Denied

Manage

IPAM IP Audit Administrators

Manage*

View

View

View

View

Manage

IPAM MSM Administrators

Manage*

View

Manage

View

Denied

Manage

IPAM Users

View

View

View

View

Denied

View

*If the Group Policy-based automatic provisioning method is used, GPO access permission must be delegated to add or remove servers from GPO security filtering.

Common management tasks include:

  • Connect to an IPAM server

  • IPAM settings:

    • Configure server discovery

    • Configure custom fields

    • Configure utilization threshold

  • Starts server discovery

  • Retrieve all server data

Members of the local Administrators group on the IPAM server also have permission to modify the server inventory and perform common management tasks.

If a user does not have sufficient privileges to perform an action, they will receive an alert that is unique to the action they are attempting to perform.

IPAM Privileges

See Also

Reference

IPAM Server

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.