Retrieve Active Directory subnets with PowerShell
To create a list of all subnets belonging to an AD site requires a lot of manual work, especially as the environment gets larger. However, there is of course another way to retrieve Active Directory subnets with PowerShell.
Index
Customer scenario
This article describes a real practical example. One of our customers planned to shut down a computer center. In addition, the customer wanted to shut down the Active Directory domain controller. As the AD domain controller was the last one on the AD site, it had to be deleted as well after the move.
The subnets of this site were to be added to the next closest Active Directory site. Read more in depth analysis about this topic in article Finding the next closest domain controller. In order to coordinate this project I wanted to create a list of all subnets. However, when I realised the length of the scroll bar in the Active Directory Sites and Services console I quickly changed my mind. Creating a list manually would take too much time.
There must be a way of retrieving subnets with the help of PowerShell?
Correct! In the following chapters I will explain how to retrieve Active Directory subnets with PowerShell.
Retrieving subnets with PowerShell
Find out the Distinguished Name of the AD site
You can find the Sites and Services configuration in the configuration naming context of the respective forest. To ensure that the script works independently in different environments I built the Distinguished Name of the site from several strings.
CN=<siteName>, CN=Sites, CN=<Configuration Partition>
|
1 2 3 4 5 |
import-module activedirectory $siteName = “Old-DataCenter” $configNCDN = (Get-ADRootDSE).ConfigurationNamingContext $siteContainerDN = (“CN=Sites,” + $configNCDN) $siteDN = “CN=” + $siteName + “,” + $siteContainerDN |
In our example, the Distinguished Name of the site is the following:
CN=Old-DataCenter,CN=Sites,CN=Configuration,DC=domain,DC=net
Binding an Active Directory site as an object
With the help of the Active Directory PowerShell cmdlet get-ADObject you can bind the site as an object.
|
1 |
$siteOBJ=Get-ADObject -Identity $siteDN -properties * |
The attribute siteObjectBL contains a list of Distinguished Names for subnets that belong to this site. Unfortunately this is not easily readable.
CN=10.10.10.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=domain,DC=net
Displaying subnet addresses
In order to display the subnet address in a readable way you have to bind every subnet as an object into a foreach loop and enter the feature “Name“:
|
1 2 3 4 5 6 |
foreach ($subnetDN in $siteObj.siteObjectBL) { $subnet=$null $subnet=Get-ADObject -Identity $subnetDN $subnet.Name } |
(* note: Yes, I could have split the string to extract the net address. However, I wanted to try it this way…)
Now the subnet addresses are displayed in a nice and orderly list.
10.10.10.0/24
10.10.20.0/24
10.10.30.0/24
10.10.40.0/24
…
Have fun trying it by yourself.
The whole script: Retrieving Active Directory subnets
Below you find the whole script “Retrieve Active Directory subnets with PowerShell” in a compact version.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
import-module activedirectory $siteName = “Old-DataCenter” $configNCDN = (Get-ADRootDSE).ConfigurationNamingContext $siteContainerDN = (“CN=Sites,” + $configNCDN) $siteDN = “CN=” + $siteName + “,” + $siteContainerDN $siteOBJ=Get-ADObject -Identity $siteDN -properties * foreach ($subnetDN in $siteObj.siteObjectBL) { $subnet=$null $subnet=Get-ADObject -Identity $subnetDN $subnet.Name } |
This script will save you time and effort, and provide you with reliable results .
FirstAttribute AG – Microsoft Consulting Partner for
Migration and Active Directory
1 Comment
Leave your reply.