How to Configure Windows Server 2019 IPAM

How to Configure Windows Server 2019 IPAM

IP Address Management (IPAM) in Windows Server 2019 is a built-in framework for discovering, monitoring, auditing, and managing IP address space across your network. IPAM centralizes management of DHCP and DNS servers, tracks IP address allocation and availability, and provides historical data for auditing. This guide covers installing IPAM, connecting it to managed servers, configuring IP address space management, and generating utilization reports.

Installing IPAM on Windows Server 2019

# Install the IPAM server feature and management tools
Install-WindowsFeature -Name IPAM -IncludeManagementTools

# Verify installation
Get-WindowsFeature -Name IPAM | Select-Object Name, InstallState

# The IPAM feature includes:
# - IPAM Server (Microsoft-IPAM-Server)
# - IPAM Client tools
# - WMI providers for IPAM

# Open IPAM in Server Manager or use PowerShell
Import-Module IpamServer

Provisioning IPAM

IPAM requires initial provisioning to set up its Windows Internal Database (WID) or SQL Server backend and configure Group Policy Objects for managed server access:

# Provision IPAM with Group Policy-based provisioning method
# This creates GPOs that configure DHCP and DNS servers to allow IPAM access
Invoke-IpamGpoProvisioning `
  -Domain "domain.local" `
  -GpoPrefixName "IPAM" `
  -IpamServerFqdn "ipam-server.domain.local" `
  -DelegatedGpoUser "DOMAINipam-admin" `
  -PassThru

# The command creates three GPOs:
# IPAM_DHCP - configures firewall and WMI access on DHCP servers
# IPAM_DNS - configures firewall and DNS auditing on DNS servers
# IPAM_DC_NPS - configures event forwarding on domain controllers

Starting and Configuring the IPAM Service

# Start the IPAM service
Start-Service -Name "IPAM"
Set-Service -Name "IPAM" -StartupType Automatic

# Verify service status
Get-Service -Name "IPAM" | Select-Object Name, Status

# Run server discovery to find DHCP and DNS servers in the domain
Invoke-IpamServerProvisioning

# Or configure the database storage location (must be done before first use)
# Default is Windows Internal Database
# For SQL Server, configure during Server Manager IPAM setup wizard

Adding Managed Servers to IPAM

# Discover servers in the domain automatically
Start-IpamServerDiscovery -Force

# Check discovery status
Get-IpamDiscoveredServer | Select-Object ServerName, ServerType, DiscoveryStatus

# Manually add a server for IPAM management
Add-IpamServerInventory `
  -ServerName "dhcp-server01.domain.local" `
  -ServerType DHCP

Add-IpamServerInventory `
  -ServerName "dns-server01.domain.local" `
  -ServerType DNS

# Set management status (Managed = IPAM actively monitors and configures)
Set-IpamServerInventory `
  -ServerName "dhcp-server01.domain.local" `
  -ManageabilityStatus Managed

# Retrieve all managed servers
Get-IpamServerInventory | Select-Object ServerName, ServerType, ManageabilityStatus, 
  Connectivity | Format-Table -AutoSize

Configuring IP Address Space

# Add IP address blocks to IPAM
# Add a supernet (e.g., 192.168.0.0/16)
Add-IpamBlock -NetworkId "192.168.0.0/16" -Description "Corporate Network Space" `
  -Owner "Network Team" -CustomFieldValues @{"BusinessUnit"="IT"; "Location"="HQ"}

# Add subnets within the block
Add-IpamSubnet `
  -NetworkId "192.168.1.0/24" `
  -Description "Server VLAN 10" `
  -VlanId 10 `
  -Owner "Server Team" `
  -AddressSpace "Default"

Add-IpamSubnet `
  -NetworkId "192.168.2.0/24" `
  -Description "Management VLAN 20" `
  -VlanId 20

Add-IpamSubnet `
  -NetworkId "192.168.10.0/24" `
  -Description "DMZ VLAN 100" `
  -VlanId 100

# View all IP address blocks
Get-IpamBlock | Select-Object NetworkId, Description, TotalAddresses, AssignedAddresses | Format-Table

# View all subnets
Get-IpamSubnet | Select-Object NetworkId, Description, Overlapping, 
  TotalAddresses, AssignedAddresses, PercentageUtilized | Format-Table

Managing IP Address Assignments

# Add a static IP address record to IPAM
Add-IpamAddress `
  -IpAddress "192.168.1.50" `
  -ManagedByService "Non-Managed" `
  -Description "PRTG Monitoring Server" `
  -Owner "IT-Ops" `
  -DeviceType Server `
  -IpAddressState InUse

# Search for an available IP in a subnet
$available = Get-IpamFreeAddress -NetworkId "192.168.1.0/24" -NumAddresses 5
$available | Select-Object IpAddress | Format-Table

# Find all addresses in a subnet that are unassigned
Get-IpamAddress -NetworkId "192.168.1.0/24" | 
  Where-Object { $_.IpAddressState -eq "Unassigned" } |
  Select-Object IpAddress | Format-Table

# Update an IP address record
Set-IpamAddress `
  -IpAddress "192.168.1.50" `
  -Description "PRTG & Zabbix Monitoring" `
  -DeviceType Server

Generating IPAM Utilization Reports

# Generate a subnet utilization report
Get-IpamSubnet | Select-Object NetworkId, Description, TotalAddresses, 
  AssignedAddresses, PercentageUtilized |
  Sort-Object PercentageUtilized -Descending |
  Export-Csv "C:ReportsSubnetUtilization_$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation

# Find highly-utilized subnets (>80%)
Get-IpamSubnet | Where-Object { $_.PercentageUtilized -gt 80 } |
  Select-Object NetworkId, Description, PercentageUtilized, TotalAddresses, AssignedAddresses |
  Format-Table -AutoSize

# DHCP scope utilization
Get-IpamDhcpScope | Select-Object Name, StartAddress, EndAddress, TotalAddresses, 
  InUseAddresses, PercentageInUse | Format-Table -AutoSize

IPAM’s centralized IP address management is most valuable in large organizations with hundreds of subnets and DHCP scopes managed across multiple servers. Establish a process for reviewing IPAM data weekly — check for subnets approaching capacity, verify that static IP assignments are documented, and audit DHCP lease logs for unauthorized devices. IPAM’s audit trails also provide valuable forensic data when investigating security incidents that require tracing an IP address to a specific machine and user account.