Which of the following actions should you take?

You are employed as a network administrator at ABC.com. ABC.com has an Active Directory
domain named ABC.com. All servers on the ABC.com network have Windows Server 2012
installed.
ABC.com has a server named ABC-SR01, which hosts the IP Address Management (IPAM)
Server feature. ABC.com also has a server, named ABC-SR02, which is configured as a DHCP
server.
You have been instructed to make sure that a user, named Mia Hamm, who belongs to the IPAM
Users group on ABC-SR01, has the ability to modify the DHCP scopes on ABC-SR02 by making
use of use IPAM. You want to achieve this without assigning Mia Hamm any unnecessary
permissions.
Which of the following actions should you take?

A.
You should consider making Mia Hamm a member of the DHCP Administrators group on ABCSR02.

B.
You should consider making Mia Hamm a member of the IPAM Administrators group on ABCSR02.

C.
You should consider making Mia Hamm a member of the Local Administrators group on ABCSR02.

D.
You should consider making Mia Hamm a member of the Domain Administrators group.

Explanation:

Show Hint

← Previous question

Next question →

Leave a Reply 12

rishab

Members of the DHCP Administrators group can view and modify any data at the DHCP server. DHCP Administrators can create and delete scopes, add reservations, change option values, create superscopes, or perform any other activity needed to administer the DHCP server, including export or import of the DHCP server configuration and database. DHCP Administrators perform these tasks using the Netsh commands for DHCP or the DHCP console. For more information, see DHCP tools.

Members of the DHCP Administrators group do not have unlimited administrative rights. For example, if a DHCP server is also configured as a DNS server, a member of the DHCP Administrators group can view and modify the DHCP configuration but cannot modify DNS server configuration on the same computer.

Because members of the DHCP Administrators group have rights on the local computer only, DHCP Administrators cannot authorize or unauthorize DHCP servers in Active Directory. Only members of the Domain Admins group can perform this task. If you want to authorize or unauthorize a DHCP server in a child domain, you must have enterprise administrator credentials for the parent domain. For more information about authorizing DHCP servers in Active Directory, see Authorizing DHCP servers and Authorize a DHCP server in Active Directory.

sysadmin

I think it’s B. To do anything through IPAM you need IPAM permissions.
https://technet.microsoft.com/en-us/library/jj878348.aspx

James L

I agree with sysadmin. Whilst the DHCP Administrators group allows you to do all things indicated above these are only available to you through the IPAM console from the IPAM server if you have the correct permissions on the IPAM server also, As C and D don’t answer this question we are left with only B as the right answer
https://technet.microsoft.com/en-gb/library/jj878341.aspx

Not_crazy

from :https://technet.microsoft.com/en-ca/library/jj878303.aspx#add_or_edit_ranges

Ensure that you have sufficient permissions to add IP addresses to the IPAM database. To enable this permission, you must be a member of the IPAM ASM Administrators group, or the IPAM Administrators group.

So, answer is B:

alexia

I just changed the DHCP scope in my lab through IPAM with DHCP Administrators rights… Why do the questions need to be so tricky..?..

Jamil

B
https://technet.microsoft.com/en-us/library/dd759157.aspx

MalotJean

B should read “You should consider making Mia Hamm a member of the IPAM Administrators group on ABC-SR01.” and not ABCSR02.
The IPAM server is ABC-SR01, that’s where the IPAM Administrators group is.

All the other answers are wrong.
tested in lab: DHCP Administrators and even Local Administrator membership on DHCP server do not allow user to change scope.
So answer is B, provided the name of the server is corrected.

Just_JS

Correct Answer is: B
Explantion: https://technet.microsoft.com/en-us/library/jj878342(v=ws.11).aspx#server

An IPAM server is a domain member computer running Windows Server® 2012 or a later operating system. You cannot install IPAM Server on a domain controller, and it is not recommended to install IPAM Server on the same server with DHCP Server

IPAM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have privileges to view all IPAM data and perform all IPAM tasks.

The IPAM server communicates on a periodic basis with DHCP servers, DNS servers, domain controllers, and NPS using remote management technologies including: remote procedure call (RPC), Windows Management Instrumentation (WMI), Server Message Block (SMB) and Web Services for Management (WS-Management). This eliminates the need for deploying and maintaining dedicated management agents on each server, but requires that specific firewall ports be made available to the IPAM server.

*In This Case: DHCP Server Role

Server Role Communication Methods Actions
DHCP RPC, WMI, SMB, WS-Management Monitor: IP address utilization
Monitor: Service status
Configure: Servers and scopes
Audit: IP address lease events
Audit: DHCP configuration events

Protocol specifications used by the IPAM server to communicate with managed servers include Microsoft Dynamic Host Configuration Protocol (DHCP) Server Management Protocol Specification [MS-DHCPM], Domain Name Service (DNS) These specifications use RCP as the underlying communication protocol.

The IPAM client communicates with managed servers to remotely manage DHCP and DNS servers using Windows PowerShell provider with [MS-DHCPM] and [MS-DNSP]. The IPAM client also uses Windows PowerShell with [MS-PSRP] to query the IPAM server port configuration and [MS-GPOL] to configure Group Policy.

Just_JS

*Prior Post Correction: Due To Editing Typo

Server Role: DHCP
Communication Methods: RPC, WMI, SMB, WS-Management
Actions: IP address utilization, Monitor: Service status,
Configure: Servers and scopes, Audit: IP address lease events, Audit: DHCP configuration events

As You Were, Private!

Explantion: https://technet.microsoft.com/en-us/library/jj878342(v=ws.11).aspx#server