Assign IPAM Server and Administrator Roles
Applies To: Windows Server 2012 R2, Windows Server 2012
Two tasks are discussed in this topic:
Configuring IPAM server roles enables you to define specific domains and servers that will be managed by an IPAM server. A single IPAM server can perform multiple management functions for multiple domains. You can also restrict an IPAM server to specific roles or limit the scope of servers to be managed.
Configuring IPAM security groups enables you to define the set of permissions that users have when they access your IPAM server. IPAM security groups can be used to assign unique responsibilities to administrators.
Some reasons you might want to configure unique IPAM server roles include:
IPAM servers are deployed in the organization using a distributed or hybrid deployment topology.
Multiple IPAM servers are deployed at a single site.
A site managed by an IPAM server has unique requirements.
You are expanding your IPAM deployment.
You are adding new sites or domains to your organization.
You are configuring the scope of management for an IPAM server as part of a staged deployment.
IPAM server roles can be assigned by configuring the scope of server discovery and customizing server manageability. IPAM servers can also be assigned to specific functions such as address space management, multi-server management, or network audit by using IPAM security groups. To perform these tasks, see Configure IPAM Server Roles.
It is important to define what tasks can be performed by users that have access to the IPAM server. This topic discusses two ways to configure these permissions: using local security groups and using role-based settings.
When you install IPAM Server on a computer running Windows Server 2012 or Windows Server 2012 R2, the following local role-based IPAM security groups are created:
IPAM MSM Administrators
IPAM ASM Administrators
IPAM IP Audit Administrators
On a computer running Windows Server 2012, you must use these local security groups to assign administrator roles on the IPAM server. For more information about these IPAM security groups, see IPAM Server. To configure these security groups, see Assign Administrator Roles.
On a computer running Windows Server 2012 R2, you can also use these local security groups to assign administrator roles. However, Windows Server 2012 R2 also includes the ability to configure new, customized security groups. For more information about this feature, see Access Control. To configure role-based access settings now, see Configure Role Based Access Control.