<

Fixing AD Subnets

Published on
4,102 Points
102 Views
Last Modified:
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
Correctly defined Active Directory sites and subnet allows for the optimized replication, nearest service location, and authentication to the correct server

Introduction


NoClientSites.exe is a NETLOGON.log parser that is used to get a list of all authentications that happened from clients where the Active Directory site is not defined.


These IP addresses can then, in turn, be used to add the appropriate sites and subnets into Active Directory Sites and Services.


Download


A compiled version of NoClientSites.exe can be downloaded here, or compiled from the code provided at the end of this article.

http://blog.ittelligence.com/wp-content/uploads/2018/07/NoClientSites.zip


Usage


NoClientSites.exe provides two methods to get IP addresses without client sites.


The first method allows parsing a whole folder that contains multiple NETLOGON.log files, pre-copied to a central location.

NoClientSites.exe [PATHTONETLOGONFILES]


Alternatively, the NoClientSites.exe tool can be directly executed on each Domain Controllers

NoClientSites.exe


The Code


using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace NoClientSites
{
    class Program
    {
        static void Main(string[] args)
        {
            List<string> netlogonFilePaths = new List<string>();

            if (args.Length == 1)
            {
                string logPath = args[0];
                if (Directory.Exists(logPath))
                {
                    foreach (string file in Directory.GetFiles(logPath, "*.log"))
                    {
                        netlogonFilePaths.Add(file);
                    }
                }
            }
            else
            {
                netlogonFilePaths.Add(Path.Combine(Environment.GetEnvironmentVariable("SystemRoot"), "Debug", "netlogon.log"));
            }

            if (netlogonFilePaths.Count > 0)
            {
                SortedSet<string> ipAddressesWithoutSites = new SortedSet<string>();
                foreach (string netlogonFilePath in netlogonFilePaths)
                {
                    processNetlogon(netlogonFilePath, ref ipAddressesWithoutSites);
                }

                //Display IP addresses from SortedSet
                foreach (var ipAddress in ipAddressesWithoutSites)
                {
                    Console.WriteLine(ipAddress);
                }
            }
            else
            {
                ShowUsage();
            }
        }
        static void processNetlogon(string netlogonFilePath, ref SortedSet<string> ipAddressesWithoutSites)
        {
            //Read Netlogon.log file line by line and add IP addresses into HashSet
            try
            {
                StreamReader netlogonFile = new StreamReader(netlogonFilePath);

                string line;
                while ((line = netlogonFile.ReadLine()) != null)
                {
                    if (line.Contains("NO_CLIENT_SITE"))
                    {
                        ipAddressesWithoutSites.Add(line.Replace("NO_CLIENT_SITE: ", "|").Split('|')[1].Trim().Split(' ')[1]);
                    }
                }
            }
            catch
            {
                ShowUsage();
                Console.WriteLine($"Error reading file \"{netlogonFilePath}\"");
            }
        }
        private static void ShowUsage()
        {
            Console.WriteLine("");
            Console.WriteLine(" _____     _____ _ _         _   _____ _ _           ");
            Console.WriteLine("|   | |___|     | |_|___ ___| |_|   __|_| |_ ___ ___ ");
            Console.WriteLine("| | | | . |   --| | | -_|   |  _|__   | |  _| -_|_ -|");
            Console.WriteLine("|_|___|___|_____|_|_|___|_|_|_| |_____|_|_| |___|___|");
            Console.WriteLine("");
            Console.WriteLine("NoClientSites.exe [PATHTONETLOGONFILES]");
            Console.WriteLine("Or without a path directy on a Domain Controller");
            Console.WriteLine("NoClientSites.exe");
            Console.WriteLine("");
        }
    }
}


Demo Execution



I hope you found this tutorial useful. You are encouraged to ask questions, report any bugs or make any other comments about it below.

 

Note: If you need further "Support" about this topic, please consider using the Ask a Question feature of Experts Exchange. I monitor questions asked and would be pleased to provide any additional support required in questions asked in this manner, along with other EE experts...  

  

Please do not forget to press the "Thumb's Up" button if you think this article was helpful and valuable for EE members.

 

It also provides me with positive feedback. Thank you!

 

0
Comment
0 Comments

Featured Post

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Join & Write a Comment

This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month