Microsoft Active Directory: Centralized Management Using TCPWave

TCPWave

Introduction

TCPWave enables administrators to synchronize sites and associated subnets in Microsoft Active Directory servers with those in a TCPWave IP Address Management (IPAM) System and use it to centrally manage them. Also, central management of related Microsoft DNS services, including underscore zones in them, and Microsoft DHCP services is available. As part of this management, multiple capabilities are provided, including the following:

  • Full-featured IP address management of the addresses and address space in Microsoft components
  • Templates for subnets, DNS zones, DHCP options, etc., which save time and reduce errors
  • Secure role-based granular-level permissions for servers, networks, subnets, objects, etc.
  • Alerting on DNS and DHCP services
  • Comprehensive reports on IPAM, DNS, and DHCP, including on usage, statistics, and auditing

Additionally, this management of functionality in Microsoft components is done without the need for any TCPWave software on them. Instead, TCPWave IPAM Systems send PowerShell commands to Microsoft components using Windows Remote Management (WinRM).

More information on the functionality that TCPWave provides for Active Directory servers and information on using this functionality is provided in the sections below. For additional information on TCPWave's support of Microsoft DNS and DHCP services, see www.tcpwave.com/managing-dns-dhcp-services.

Background on Active Directory Sites and Subnets

In Microsoft Active Directory, Sites are used to represent the physical (as opposed to logical) structure of a network and can be used to represent physical locations. Furthermore, each Site can have a subnet or group of well-connected subnets associated with it.

Synchronize Changes Between TCPWave IPAM and MS AD

Changes made to sites and associated subnets in a TCPWave IPAM System are sent to Microsoft Active Directory servers. Also, a TCPWave IPAM System can retrieve the sites and associated subnets in the Microsoft Active Directory servers that it manages. An example series of steps that demonstrates the flow of information in both directions is as follows:

  1. Add a Microsoft Active Directory server in a TCPWave IPAM System.
  2. Retrieve the sites and associated subnets from an Active Directory server.
  3. Add a new site in a TCPWave IPAM System, and associate subnets with it.
  4. Add, change, or delete a subnet associated with a site while in a TCPWave IPAM System.

Additional information on each of these steps is presented below. For more detailed information on the actions taken in these steps, see the TCPWave IPAM Administrator Guide, including the section on "Microsoft AD Appliances.

  1. Add a Microsoft Active Directory server in a TCPWave IPAM System. First, in an IPAM System, create an IP address object using the IP address of an existing Microsoft Active Directory server. Then go to Network Management > DNS Management > Microsoft AD Sites & Services and select Add . Next, enter attribute values for this server, including the User Name and Password.

    Right after a new Active Directory server has been added, it is not immediately available for use by administrators and is displayed in red. After a few minutes, refresh the web page, and when the server is available it will be displayed in green. An example screenshot of a recently added server is shown below.
    policy-based-routing-for-webpage

  2. Retrieve the sites and associated subnets from an Active Directory server.
    To retrieve the sites and associated subnets from a server, on the Microsoft AD Sites & Services page, select the server's Appliance Name. Note that a message is displayed stating that information is being fetched. The sites and subnets are retrieved, and the sites are displayed in a screen similar to the following one.

  3. Microsoft Active Directory
    Note: If the retrieved subnets do not already exist in the IPAM System, they will be created. Furthermore, if networks for these subnets do not already exist, they will also be created.
  4. Add a new site in a TCPWave IPAM System, and associate subnets with it.
    To add a new site and associate subnets with it, do the following:
    1. Go to Network Management > IPv4 Address Space > IPv4 Subnet Groups, and then create a Subnet Group that will contain the subnets at the site.
    2. Go to Network Management > IPv4 Address Space. Then for each subnet that will be at the site, go to the subnet, and in the Properties tab for it, select the Subnet Group.
    3. Go to Network Management > DNS Management > Microsoft AD Sites & Services, and then select the Active Directory server's Appliance Name to edit it. Next, select Add , and then enter attribute values for the site, including one or more values for the Subnet Group. An example screenshot of this page is shown below.

    4. Microsoft Active Directory
    5. Select OK, which will send the new information to the Active Directory server.
    Note: A new Subnet Group will be created and used for the site the next time information is retrieved from the Active Directory server, which happens when editing a server to view the sites in it. The name of the new Subnet Group will be the name of the site along with a suffix of _SubGrp. For example, if the name of the site is Chicago, the name of the Subnet Group will be Chicago_SubGrp.
  5. Add, change, or delete a subnet associated with a site while in a TCPWave IPAM System.
    To add, change, or delete a subnet associated with a site, go to Network Management > IPv4 Address Space. Then go to the subnet, and in the Properties tab for it, make the appropriate update to the Subnet Group. An example screenshot is shown below. After selecting OK, the IPAM System will send the updated information to the site that uses the Subnet Group in the Active Directory server.
    Microsoft Active Directory
    Tip: Deleting one or more subnets can also be done from within a Subnet Group. To do this, go to Network Management > IPv4 Address Space > IPv4 Subnet Groups, and then perform the delete operation in the appropriate Subnet Group.

Solutions

Administrators can benefit from managing sites and associated subnets in Microsoft Active Directory servers and managing related Microsoft DNS and DHCP services using a TCPWave IPAM System. It is a full-featured DNS, DHCP, and IP address management (DDI) system that centrally manages these Microsoft components (as well as non-Microsoft components). For more information on how this functionality and other functionality in TCPWave's DDI products can meet your needs, contact the TCPWave Sales Team.

TCPWave