Microsoft IPAM - Account Setup


In many organisations there may be a requirement to provide a minimal set of permissions.  This article provides the permission set required for the MS IPAM to function.


  • Have licensed MS IPAM
  • Configured a service account in your Active Directory


Microsoft Windows Server hosting your IPAM Services

  1. The account you wish to use must be a member of the following builtin Windows group. This role will allow remote connectivity for your service account.
    1. Remote Management Users

Microsoft IPAM roles

  1. Your service account must be added to the following Roles in MS IPAM
    1. IP Address Record Administrator Role
    2. DNS Record Administrator Role

  2. Alternatively you can create a Role that embodies both of the above roles

Additional information

SovLabs MS IPAM Setup :
Microsoft IPAM Documentation :
Microsoft IPAM Permission sets :

Have more questions? Submit a request


Please sign in to leave a comment.