Project Description
This project aims an efficient provisionning system for the IPAM databases. Whatever the product, you have to figure out the database provisioning.

IPAM provisioning

This project aims to bridge the gap created by the limitation of the AddressUtilization feature in IPAM. The AddressUtilization collects IP address space usage data from DHCP servers for display of current and historical utilization. This feature do not manage the address utilization outside DHCP.

In other terms, only post IPAm installation and DHCP IPs are managed by IPAM. In a large scale environment, you have to choose another solution like Infoblox(r), GestioIP or so many other solutions which include a discovery process based on ICMP, SNMP or DNS.

This project is actually limited to ICMP discovery and use Active Directory to find subnets, DNS and DHCP.

Why and how Active Directory is in the IPAM discovery process?

Because Active Directory is an active directory. It's seem stupid but it's true. Active Directory hold a directory of all subnets, all DHCP servers and scopes, all DNS servers. In fact, workstations, switches if 802.1x is implemented, proxies, SMTP gateways, files servers with AD based ACL, application servers and authentication servers intensively use Active Directory.

As Active Directory needs subnetting, DNS and DHCP to service the security purposes herebefore listed, these directories are up to date and holistic. If not, keep on reading... :-)

Unfortunately, each time I am bearing the responsibility of an IT infrastructure for large companies (but not limited to), the DNS infrastructure becomes my first focus. The main issues are the subnetting, the forward lookup zones and the reverse lookup zones.

DNS Failures are not easy to detect because they mainly cause slow service or fake resolutions. As example, a common issue is about Kerberos which uses the Forward lookup zone and the Reverse lookup zone. The forward lookup resolution is running but the reverse lookup resolution fail and make the Kerberos failling only for "some" devices: All Windows domain members are working as expected, the Windows in workgroups are failling and Linux/Unix are working with a seperate radius server. Specially when complex subnetting is implemented. Additionally, the DNS infrastructures are managed by Linux/Unix teams without a good understanding of what are needs in DNS of the Windows' "world". This mainly causes isolations between DNS infrastructures, limit authentication and most of the time it is monstrously costly.

So Definitely, I strongly suggest to put together all DNS infrastructures (if you need consultancy, contact me) and to accomplish that, Active Directory is the best tool I know even if it is possible to host DNS service records on Linux/Unix server.

As requirements to use the provided script, all the subnets must be present in Active Directory and an efficient IP configuration on Windows machine executing the script must be set.

Without these previous requirements, you still are able to replace automatically filled data by parameters or by literals. See the initialization section in the script.

Requirements for automatic usage:
- The Active Directory subnet list must be complete
- The client DNS suffix Search list must be filled (on the server executing the script)
- The client machine running the scrip must be member of an Active Directory domain
- The client machine running the script must support (at least) PowerShell 4.0

This project is intended to create a csv file which can be imported into IPAM database.

https://gallery.technet.microsoft.com/scriptcenter/List-the-IP-addresses-in-a-60c5bb6b
http://www.indented.co.uk/indented-networktools/

Powershell 4.0 on Windows 2008 R2:
http://social.technet.microsoft.com/wiki/contents/articles/20623.step-by-step-upgrading-the-powershell-version-4-on-2008-r2.aspx

Last edited Apr 3, 2015 at 7:20 AM by SwitchNikky, version 6