Moving back to the IPAM server itself, I set the provisioning method to GPO (instead of manual) and noted that you have to run Invoke-IPAMGPOProvisioning in each domain that you want to manage.
After provisioning, you tell it what domains you want to manage (you still have to use Powershell to create the GPOs in each domain). I don't know what effect this step actually has. Next, you get to "Step 4" which is to manually kick off the ServerDiscovery task in Task Scheduler. Interestingly, you can't view the details of what this task actually does.
Next up, ran the Invoke-IPAMGPOProvisioning commandlet. This creates three GPOs in the specified domain, letting the IPAM server read event logs, get through the Windows firewall, and create scheduled tasks on the servers that you choose to manage through the IPAM console.
When you go back to the IPAM console and tell it that a discovered server should be managed, that server is added to the newly created GPOs that are attached at the domain level.
Next, you right-click a discovered server and select "Retrieve all server data". This immediately fires up several tasks in the Task Scheduler:
- Audit: collects events from domain controllers, NPS, and DHCP servers.
- Address Expiry: tracks IP address expiry state and logs notifications.
- ServiceMonitoring: collects DNS zone status events from DNS servers.
- AddressUtilization: collects IP address space usage data from DHCP servers.
- ServerConfiguration: collects configuration info from DHCP and DNS servers.
I found the explanation of these groups in a Microsoft Word document, but it's also listed in the "Description" field of the task.
There's also the ServerAvailability task which "collects status information from DHCP and DNS servers" and the ServerDiscovery task which "automatically discovers domain controllers, DHCP servers and DNS servers in the domains you select".
This is all that I'm going to do with IPAM for now.