Collect Active Directory missing subnets

The script is collecting the entries "NO_CLIENT_SITE" from netlogon.log file on specified domain controllers compute the list of subnets that you should add to your Active Directory

 
 
 
 
 
4.4 Star
(5)
6,365 times
Add to favorites
Active Directory
4/22/2014
E-mail Twitter del.icio.us Digg Facebook
  • seeing below error for one of the domains, works fine for others
    3 Posts | Last post October 12, 2015
    • Number of Domain Controllers to treat: 1
      : new-object : Exception calling ".ctor" with "2" argument(s): "The specified string parameter is empty.
      Parameter name: name"
      At C:\users\msurya\Desktop\subnets.ps1:175 char:13
      +     $context = new-object System.directoryServices.ActiveDirectory.DirectoryContext ...
      +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
          + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
    • Probably an issue with your domain controller.
      
      test the following:
      $context = new-object System.directoryServices.ActiveDirectory.DirectoryContext('DirectoryServer',"YOURDCNAME")
      
      [System.directoryServices.ActiveDirectory.DomainController]::GetDomainController($context)
      
      You should not have any error...
    • I get the exact same error.  Am able to run those commands individually just fine, and connect just fine if I specific DCs in my domain, however can't run it if I specify just my home domain.  Other domains work as well so EXACT same issue as dsuser here.
      
      I did notice that the command in the script here uses $hostname
      
      $context = new-object System.directoryServices.ActiveDirectory.DirectoryContext('DirectoryServer',$hostname)
      
      And when I hit a break point right before that point, when querying other domains $hostname returns valid data, however when querying my home domain (the query that returns this error) $hostname is blank and returns nothing.
  • Date parameter, as the starting point for the export?
    1 Posts | Last post April 12, 2015
    • Hi Alex,
      
      Thanks a lot for a very useful script!
      We run it in our environment once in a while & try to fix the issues with non-defined subnets. But I realized, that sometimes we get an outdated information, especially since thanks to your script we have just a few not defined subnets.
      
      Would you be able to add a parameter, so your script would only export & process the 'NO_CLIENT_SITE' entries starting from a specified date? Or simply something like "-ProcessDays 30", to address the events only from the last 30 days?
      
      Thanks a lot in any case, Michael.
  • All networks show 24 bit masks.
    2 Posts | Last post December 17, 2014
    • All of the results in the ADSubnets-MissingSubnets.csv file are marked as /24 masks even though we have networks with different masks that we need to reconcile.
      
      I couldn't really figure out the math in the script to "reverse engineer" that part.
      
      Can you explain why I'm seeing this?
      
      Thanks...
    • It's almost impossible to identify the network address of one IP... I could implement a solution to identify a the differents classes of subnets but I think it's not the best way to do.
      
      So the netmask is defined arbitrarily.
      
      I suggest that you declare all your missing subnets with a mask of 24bits then after you could use my second script: https://gallery.technet.microsoft.com/scriptcenter/Auditing-Active-Directory-c47935c0
      
      This script will identify the eventual reconciliations of your declared subnets.
  • cannot convert value error
    2 Posts | Last post November 07, 2014
    • Retrieving AD subnets: Cannot convert value "24
      CNF:29aa6a44-a34a-4954-ac0b-a9beeb389b57" to type "System.Int32". Error: "Input string was not in a correct format."
      At C:\Users\adm_tmccarty\Desktop\Slalom\Collect-MissingADSubnets.ps1:109 char:5
      +     [int] $IntIPLength = 32 - $IPv4Mask
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [], RuntimeException
          + FullyQualifiedErrorId : InvalidCastFromStringToInteger
      
      Ever seen that? any suggestions?
    • it's a conflict object... you should do a cleanup.
      
      http://msdn.microsoft.com/en-us/library/bb727059.aspx
  • Meaning of RangeStart and RangeEnd
    2 Posts | Last post December 06, 2013
    • Alex,
      
      Great script and extremely useful for our extremely large environment.  I do have a question though.  Can you shed light on what RangeStart and RangeEnd mean.  I have reviewed you code and I was unable to figure out the meaning of those data points.
      
      Again awesome script and super useful - Well Done!
    • Thanks a lot for your comment :)
      
      Well, the rangeStart and the rangeEnd are just the decimal values of the IpStart and IpEnd for each collected subnet. I can compare subnets easily by using these converted values.
      
      I don't know if it is clear...
  • Extending Export of ADSubnets-MissingSubnets.csv possible?
    2 Posts | Last post November 26, 2013
    • Hi Alex,
      
      thank you for that Script! It helps a lot in huge customer environments.
      One question, is it possible to extend the CSV export "ADSubnets-MissingSubnets.csv" for the column "DC Computername"?
      It would help to get the information from which DC the Clients are reporting missing subnet. In most cases you would now have the dependency Subnet <-> Site (because often customers named their site similarly to DC name - f.e. DC: DEFFMDC01, AD Site: DEFFM)
      
      Thanks.
    • Hello Dennis,
      
      I'm glad that you like my script :)
      
      Concerning your request, I don't see the interes. The entry "NO_CLIENT_SITE" means that your computer is contacting randomly a domain controller... The computer doesn't contact the nearest or the most reliable domain controller.
  • Very helpful
    1 Posts | Last post October 03, 2013
    • Hello Alex Winner,
      
      Thanks for your work. Your script helps us a lot. We could identify 104 missing subnets in our AD infrastructure and fix that.
      
      It would have taken a lot of time without it.
      
      Cheers.
  • Run it from non-domain joined computer
    2 Posts | Last post July 29, 2013
    • Hi there,
      
      This script is very handy indeed especially for consultants like me. I was wondering, is it possible to run this script from a none-domain joined computer? If yes, what is the syntax? 
      
      Reason I asked is because usually the clients' environment do not have the latest powershell v3 installed. Also in larger corporate environment, it's not very simple to request for powershell upgrade on their servers.
      
      Thanks,
    • It is not possible right now but I can implement it... I will work on that.