<

Fixing AD Subnets

Published on
3,051 Points
51 Views
Last Modified:
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Correctly defined Active Directory sites and subnet allows for the optimized replication, nearest service location, and authentication to the correct server

Introduction


NoClientSites.exe is a NETLOGON.log parser that is used to get a list of all authentications that happened from clients where the Active Directory site is not defined.


These IP addresses can then, in turn, be used to add the appropriate sites and subnets into Active Directory Sites and Services.


Download


A compiled version of NoClientSites.exe can be downloaded here, or compiled from the code provided at the end of this article.

http://blog.ittelligence.com/wp-content/uploads/2018/07/NoClientSites.zip


Usage


NoClientSites.exe provides two methods to get IP addresses without client sites.


The first method allows parsing a whole folder that contains multiple NETLOGON.log files, pre-copied to a central location.

NoClientSites.exe [PATHTONETLOGONFILES]


Alternatively, the NoClientSites.exe tool can be directly executed on each Domain Controllers

NoClientSites.exe


The Code


using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace NoClientSites
{
    class Program
    {
        static void Main(string[] args)
        {
            List<string> netlogonFilePaths = new List<string>();

            if (args.Length == 1)
            {
                string logPath = args[0];
                if (Directory.Exists(logPath))
                {
                    foreach (string file in Directory.GetFiles(logPath, "*.log"))
                    {
                        netlogonFilePaths.Add(file);
                    }
                }
            }
            else
            {
                netlogonFilePaths.Add(Path.Combine(Environment.GetEnvironmentVariable("SystemRoot"), "Debug", "netlogon.log"));
            }

            if (netlogonFilePaths.Count > 0)
            {
                SortedSet<string> ipAddressesWithoutSites = new SortedSet<string>();
                foreach (string netlogonFilePath in netlogonFilePaths)
                {
                    processNetlogon(netlogonFilePath, ref ipAddressesWithoutSites);
                }

                //Display IP addresses from SortedSet
                foreach (var ipAddress in ipAddressesWithoutSites)
                {
                    Console.WriteLine(ipAddress);
                }
            }
            else
            {
                ShowUsage();
            }
        }
        static void processNetlogon(string netlogonFilePath, ref SortedSet<string> ipAddressesWithoutSites)
        {
            //Read Netlogon.log file line by line and add IP addresses into HashSet
            try
            {
                StreamReader netlogonFile = new StreamReader(netlogonFilePath);

                string line;
                while ((line = netlogonFile.ReadLine()) != null)
                {
                    if (line.Contains("NO_CLIENT_SITE"))
                    {
                        ipAddressesWithoutSites.Add(line.Replace("NO_CLIENT_SITE: ", "|").Split('|')[1].Trim().Split(' ')[1]);
                    }
                }
            }
            catch
            {
                ShowUsage();
                Console.WriteLine($"Error reading file \"{netlogonFilePath}\"");
            }
        }
        private static void ShowUsage()
        {
            Console.WriteLine("");
            Console.WriteLine(" _____     _____ _ _         _   _____ _ _           ");
            Console.WriteLine("|   | |___|     | |_|___ ___| |_|   __|_| |_ ___ ___ ");
            Console.WriteLine("| | | | . |   --| | | -_|   |  _|__   | |  _| -_|_ -|");
            Console.WriteLine("|_|___|___|_____|_|_|___|_|_|_| |_____|_|_| |___|___|");
            Console.WriteLine("");
            Console.WriteLine("NoClientSites.exe [PATHTONETLOGONFILES]");
            Console.WriteLine("Or without a path directy on a Domain Controller");
            Console.WriteLine("NoClientSites.exe");
            Console.WriteLine("");
        }
    }
}


Demo Execution



I hope you found this tutorial useful. You are encouraged to ask questions, report any bugs or make any other comments about it below.

 

Note: If you need further "Support" about this topic, please consider using the Ask a Question feature of Experts Exchange. I monitor questions asked and would be pleased to provide any additional support required in questions asked in this manner, along with other EE experts...  

  

Please do not forget to press the "Thumb's Up" button if you think this article was helpful and valuable for EE members.

 

It also provides me with positive feedback. Thank you!

 

0
Comment
0 Comments

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Join & Write a Comment

Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month