which group should you add User1?

Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 has the IP Address Management (IPAM) Serverfeature installed.
Server2 has the DHCP Server server role installed.
A user named User1 is a member of the IPAM Users group on Server1.
You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2.
The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?

Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named Server1 and Server2 that run Windows Server 2012.
Server1 has the IP Address Management (IPAM) Serverfeature installed.
Server2 has the DHCP Server server role installed.
A user named User1 is a member of the IPAM Users group on Server1.
You need to ensure that User1 can use IPAM to modify the DHCP scopes on Server2.
The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?

A.
IPAM ASM Administrators on Server1

B.
IPAMUG in Active Directory

C.
DHCP Administrators on Server2

D.
IPAM MSM Administrators on Server1

Explanation:
Sever2 “DHCP Users” group membership is required tomodify scopes on Server2
of course DHCP Administrators can proceed these tasks too.
================
from the MSPress book “Upgrading your skills to MCSA Windows Server 2012”
IPAM Provisioning
IPAM installation sets up various periodic data collection tasks to collect relevant data from managedDNS,
DHCP, DC and NPS servers to enable address space management, multi-server management and
monitoring and event catalog scenarios. All IPAM tasks launch under the Network Service account, which
presents the local computers credentials to remoteservers.
To accomplish this, administrators must enable readaccess and security permissions for the required
resources over managed servers for the IPAM servers computer account. Further the relevant firewall ports
need to be configured on these managed servers.
IPAM Access Settings
The following table provides a mapping of the IPAM functionality and managed server role type to access
setting and FW rule required by IPAM periodic tasks:
[…]
IPAM Access Monitoring
IPAM access monitoring tracks the provisioning state of the following statuses on the server roles, which are
displayed in the details pane of the IPAM server inventory view:



Leave a Reply 3

Your email address will not be published. Required fields are marked *


B-Art

B-Art

http://technet.microsoft.com/en-us/library/dn268503.aspx

I disagree! The USER does NOT need any rights on Server2!
Server1 NEEDS rights on Server2 (Network Service Account).
“… To be managed by IPAM, server security settings and firewall ports must be configured to allow the IPAM (!)server(!) access to perform required monitoring and configuration functions….”
The user must be a member of the IPAM ASM Administrators Group.
***(Address Space Management)***

N.B.
REMEMBER: IPAM CAN NOT COEXIST on a DC!

Lostineurope

Lostineurope

A) Add User1 to the IPAM ASM (Address Space Management) Administrators Group.

IPAM’s ADDRESS SPACE MANAGEMENT (ASM) Feature enables you to gain visibility into all aspects of your IP ADDRESS INFRASTRUCTURE (DHCP SCOPES) from a single console. With IPAM, you can create a highly customized, multi-level hierarchy of address space on your network and use it to manage IPv6 addresses and IPv4 public and private addresses. The ASM feature includes a robust reporting capability that enables detailed tracking of IP address utilization trends with customized thresholds and alerts.

The answer in NOT ‘DHCP Administrators’.
Due to that being a DHCP Server ‘Specific’ Local Setting.

Lostineurope

Lostineurope

NOTE: There is a New 2012R2 IPAM Account.
IPAM DHCP Administrators

This could be on Updated Test.