Powershell Needful Things put that in your pipeline


Find missing subnets in Active Directory

I was doing an Active Directory health check for a customer, and one of the things I normally include, is to review the netlogon.log to find IP addresses or machines which are not linked to any subnet / site in Active Directory. These entries are listed as NO_CLIENT_SITE in the log.

This is a very manual task of logging onto each domain controller and copying the file to a central location, and then sifting through the data to remove any duplicate IP addresses etc. This task becomes very time consuming if you have a large number of domain controllers.

I decided to write a Powershell script to do the work for me. The advantage of the script, is that the data is stored in a CSV which can be imported to be sorted and manipulated to find recent entires, or remove duplicate computer names and / or IP addresses.

The code doesn't currently look for the no_client_site error specifically, it will import the entire file. The script does not rely on the Microsoft Active Directory module so you can use it with Windows 2003 domain controllers.

I hope you find this script useful and your comments and suggestions are always welcome.

$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
Write-Host '..current domain is' $dom

Write-Host '..getting all domain controllers in domain'
$dcs = $dom | % { $_.DomainControllers } | Select Name
$at = ($dcs | Measure-Object).count

foreach ($dc in $dcs)
        $path = '\\' + $dc.name + '\admin$\debug\netlogon.log'
        if ((test-path $path) -eq $true)
                Write-Host "..collecting logfile from ($at)" $path
                [array]$colLogs += gc $path
            $at --

Write-Host '..combining logs'
$outFile = '.\expFile.txt'
$colLogs | Out-File $outFile

Write-Host '..importing combined log as csv'
$importString = Import-Csv $outFile -Delimiter ' ' -Header Date,Time,Domain,Error,Name,IPAddress

Write-Host '..exporting results'
$importString | select Date, Name, IPAddress | sort IPAddress -Unique | Export-Csv .\expDB.csv
Comments (9) Trackbacks (1)
  1. This is a very clever, elegant, and useful snippit my friend. Thanks much!

  2. Awesome work – I love Powershell.

    If, like me, you work in a larger environment (45 DCs), you might find these files are too large for your system to work with – mine (64 bit with 8GB RAM) ran all night and never completed. The solution [for me] was to only focus on the most recent 50 entries for each DC. Obviously, this may need to be run a couple of times over several days, but in a changing environment like we have at the moment (with mergers going on), this was far more efficient.

    To do this I updated line 15 to:

    [array]$colLogs += gc $path | Select-Object -last 50

  3. I was looking for a solution to this, and I found your blog. Like someone outlined above the snippet has some issues when running against a large number of DCs and really misconfigured Sites and Services Config (where lots of subnets are not defined). I combined my idea to fix this with your script, and put it up on my blog here
    In short, first i’m copying the files, locally, then i’m processing each one for unique records, which get added to a report variable, that is in turn filtered to show only unique records.
    I’ve also added some regex code to put some additional columns that split the first 3 octets (A., A.B., A.B.C.) from the IP address to help identifying missing subnets.

    • Great stuff! This is the part of the Powershell community that I love so much, to see someone else build on something I started.

      What I normally do, due to the lack of information in the netlogon.log, is to run another script which I have, to reset the netlogon.log to a new file, and then wait 2 weeks before running the above.

      All in all though great to see someone using my code and expanding on it, and publishing the result!

  4. Great !!
    I was thinking of this a time ago, but I never had time to do this.
    An other idea based on this, will consist to calculate subnet of each ip address and insert all data in the default first site. At last, once a week, I will have to look at it and distribute the subnet object where it truly belong.
    If I make it, I wiil send you the script.

    Thank you.

  5. Thanks for sharing your thoughts about active directory. Regards

  6. Awesome Job , Thanks alot

Leave a comment