Bedanta Shanker Mishra
asked on
How to know the IP configuration of a windows machine is stactic or Dynamic in an AD environment by analysing the network traffic
Hi,
I have a requirement to find out the Windows machines which have static IP configuration instead of DHCP by doing network packet analysis (By using Microsoft Netmon tool). There are thousands of client machines.
I need to know how can I get the list of machines which have static IP by doing protocol traffic analysis through the tool MS Netmon.
I have a requirement to find out the Windows machines which have static IP configuration instead of DHCP by doing network packet analysis (By using Microsoft Netmon tool). There are thousands of client machines.
I need to know how can I get the list of machines which have static IP by doing protocol traffic analysis through the tool MS Netmon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot Neilsr. Let me check out the script in my lab. I will post the output soon.
Thank you Qlemo.
Cheers :)
Thank you Qlemo.
Cheers :)
ASKER
Neilsr,
I ran the above script on my lab DC. Below is my observations.
After using your code with ps1 script :
The top three NIC configurations are for the DC itself and the 4th one is for a XP client machine. looks fine :). For a large number of machines it will be better to format this output by keeping these 7 Objects [DHCPEnabled, IPAddress, DefaultIPGateway, DNSDomain, ServiceName, Description and Index] in a tabular form to get them export in to a CSV file. I am working on it. Your notion regarding this will be deeply appreciated . Thanks again for your valuable support. Have a lovely day.
I ran the above script on my lab DC. Below is my observations.
PS C:\Users\Administrator\Desktop> Get-ADComputer -Filter *
DistinguishedName : CN=cloudflexweb-PDC,OU=Domain Controllers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName : cloudflexweb-PDC.logon.ds.cloudflexweb.com
Enabled : True
Name : cloudflexweb-PDC
ObjectClass : computer
ObjectGUID : b7f5aa73-3c1b-4eca-952e-0d78ccb478c2
SamAccountName : cloudflexweb-PDC$
SID : S-1-5-21-1648877103-3137164350-3771869934-1000
UserPrincipalName :
DistinguishedName : CN=cloudflexwebCAP-CLIENTXP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName : cloudflexwebCAP-ClientXP.logon.ds.cloudflexweb.com
Enabled : True
Name : cloudflexwebCAP-CLIENTXP
ObjectClass : computer
ObjectGUID : 4190af3a-0e1a-482b-af78-c029c9d8fda5
SamAccountName : cloudflexwebCAP-CLIENTXP$
SID : S-1-5-21-1648877103-3137164350-3771869934-1103
UserPrincipalName :
DistinguishedName : CN=cloudflexwebCAPCLIENTWIN8,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName : cloudflexwebCAPCLIENTWIN8.logon.ds.cloudflexweb.com
Enabled : True
Name : cloudflexwebCAPCLIENTWIN8
ObjectClass : computer
ObjectGUID : 97503804-0501-45a3-863e-d883d5b16b79
SamAccountName : cloudflexwebCAPCLIENTWIN8$
SID : S-1-5-21-1648877103-3137164350-3771869934-1109
UserPrincipalName :
DistinguishedName : CN=cloudflexweb-DB,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName : cloudflexweb-DB.logon.ds.cloudflexweb.com
Enabled : True
Name : cloudflexweb-DB
ObjectClass : computer
ObjectGUID : 84d04bbd-f6f1-48fb-9af9-519d9ec79cd3
SamAccountName : cloudflexweb-DB$
SID : S-1-5-21-1648877103-3137164350-3771869934-1110
UserPrincipalName :
DistinguishedName : CN=THEHACKER-HP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName : THEHACKER-HP.logon.ds.cloudflexweb.com
Enabled : True
Name : THEHACKER-HP
ObjectClass : computer
ObjectGUID : 3b133b26-2f4a-4803-b5cf-d9ddb800fc41
SamAccountName : THEHACKER-HP$
SID : S-1-5-21-1648877103-3137164350-3771869934-1112
UserPrincipalName :
After using your code with ps1 script :
PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1
DHCPEnabled : False
IPAddress : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}
DefaultIPGateway : {192.168.43.85}
DNSDomain :
ServiceName : E1G60
Description : Intel(R) PRO/1000 MT Network Connection
Index : 7
DHCPEnabled : True
IPAddress : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}
DefaultIPGateway : {192.168.43.1}
DNSDomain :
ServiceName : E1G60
Description : Intel(R) PRO/1000 MT Network Connection #2
Index : 10
DHCPEnabled : False
IPAddress : {192.168.43.244, fe80::f8a0:336:8302:a677}
DefaultIPGateway : {192.168.43.250, 192.168.43.85}
DNSDomain :
ServiceName : E1G60
Description : Intel(R) PRO/1000 MT Network Connection #3
Index : 13
DHCPEnabled : True
IPAddress : {192.168.43.201}
DefaultIPGateway : {192.168.43.243}
DNSDomain : logon.ds.ge.com
ServiceName : VMXNET
Description : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Index : 1
DHCPEnabled : True
IPAddress : {0.0.0.0}
DefaultIPGateway :
DNSDomain :
ServiceName : BthPan
Description : Bluetooth Device (Personal Area Network)
Index : 11
The top three NIC configurations are for the DC itself and the 4th one is for a XP client machine. looks fine :). For a large number of machines it will be better to format this output by keeping these 7 Objects [DHCPEnabled, IPAddress, DefaultIPGateway, DNSDomain, ServiceName, Description and Index] in a tabular form to get them export in to a CSV file. I am working on it. Your notion regarding this will be deeply appreciated . Thanks again for your valuable support. Have a lovely day.
.\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP. csv
Is all you need to get the CSV file. The formatting you see is done by PowerShell as you didn't tell what to do with the result. In that case up to 3 properties are shown in a table, more in a list.
You could also use Microsoft's PSExec to run IPConfig on a list of remote computers, such as
psexec @list.txt ipconfig >>C:\Temp\Output.txt
Where List.txt is a list of computer names, or IPs..
http://technet.microsoft.com/en-ca/sysinternals/bb897553.aspx
You could use the "find" command to limit the amount of information recorded.
psexec @list.txt ipconfig >>C:\Temp\Output.txt
Where List.txt is a list of computer names, or IPs..
http://technet.microsoft.com/en-ca/sysinternals/bb897553.aspx
You could use the "find" command to limit the amount of information recorded.
ASKER
Hi Qlemo,
I tried the "Export-CSV -NoType" through pipe but got the following error.
Could you please suggest any correction !
Hi Rob,
Thanks for your support. PSExec is really a great tool. I used that before. But as per our current policy approval of this tool for execution is really a challenge ! That is why trying to get this done by script.
I tried the "Export-CSV -NoType" through pipe but got the following error.
PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP.csv
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<< -NoType StaticIP.csv
+ CategoryInfo : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<< -NoType StaticIP.csv
+ CategoryInfo : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<< -NoType StaticIP.csv
+ CategoryInfo : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand
Could you please suggest any correction !
Hi Rob,
Thanks for your support. PSExec is really a great tool. I used that before. But as per our current policy approval of this tool for execution is really a challenge ! That is why trying to get this done by script.
ASKER
Modified Script :
OUTPUT:
Can I get the above output in below format ?
DHCPEnabled IPaddress
True {192.168.43.201}
So that it can be exported into CSV properly !
$Computers = Get-ADComputer -Filter *
foreach ($Computer in $Computers)
{
$wmiInfo = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer.name -ErrorAction:SilentlyContinue | format-list DHCPEnabled,IPaddress
$wmiinfo
}
OUTPUT:
PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1
DHCPEnabled : False
IPaddress : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}
DHCPEnabled : True
IPaddress : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}
DHCPEnabled : False
IPaddress : {192.168.43.244, fe80::f8a0:336:8302:a677}
DHCPEnabled : True
IPaddress : {192.168.43.201}
DHCPEnabled : True
IPaddress : {0.0.0.0}
Can I get the above output in below format ?
DHCPEnabled IPaddress
True {192.168.43.201}
So that it can be exported into CSV properly !
Try with:
Get-ADComputer -Filter * | % {
if (Test-Connection -Quiet $_.Name -Count 1) {
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinu
}
} | select PSComputername, DHCPEnabled, IPAddress | Export-Csv -noType StaticIP.csv
ASKER
Hi Qlemo,
I got the output on CSV as below : IP is not reflecting on CSV !!!
PSComputername DHCPEnabled IPAddress
FALSE System.String[]
TRUE System.String[]
FALSE System.String[]
TRUE System.String[]
FALSE System.String[]
TRUE System.String[]
TRUE System.String[]
Without Export or On Console :
Any idea pls !!!
I got the output on CSV as below : IP is not reflecting on CSV !!!
PSComputername DHCPEnabled IPAddress
FALSE System.String[]
TRUE System.String[]
FALSE System.String[]
TRUE System.String[]
FALSE System.String[]
TRUE System.String[]
TRUE System.String[]
Without Export or On Console :
PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch_New.ps1
DHCPEnabled IPAddress
----------- ---------
False {192.168.43.243}
True {169.254.43.215}
False {192.168.43.244}
True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
False {169.254.185.151, fe80::2542:9658:bf55:b997}
True {169.254.247.74, fe80::a94d:7b95:ddf0:f74a}
True {192.168.43.200}
Any idea pls !!!
ASKER
Yes, please re-open the question, Sorry, I closed before getting the absolute solution. Thank you.
ASKER
Thanks, Qlemo. Also requesting you to have a look at the output !
There is another issue, as PSComputerName seems to be available with PS 3, not PS 2 (hence it is empty in your output).
This script will (a) process the machines in alphabetical order, (b) provide (empty) output for machines not reached, and (c) create the proper CSV output. If an interface has more than one IP, which happens e.g. with IPv6, those IPs are listed comma-separated.
This script will (a) process the machines in alphabetical order, (b) provide (empty) output for machines not reached, and (c) create the proper CSV output. If an interface has more than one IP, which happens e.g. with IPv6, those IPs are listed comma-separated.
Get-ADComputer -Filter * | sort Name | % {
if (Test-Connection -Quiet $_.Name -Count 1) {
Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinue
} else {
New-Object PsObject -Property @{__Server = $_.Name; DHCPEnabled = $null; IPAddress = $null}
}
} | select @{n='ComputerName'; e={$.__Server}},
DHCPEnabled,
@{n='IPAddress'; e={$_.IPAddress -join ','}} |
Export-CSV -NoType IPs.csv
ASKER
Great, let me check the script in lab :) Yes, on PS3 and PS4 PSComputerName is present (tested with PS4). Thank you...
ASKER
Works like a charm. CSV output is proper. But a small issue still exists for PSComputerName !
PC with PS4 | Output :
PC with PS4 | Output Simple Cmdlet: :
From the above output it is clear that PSComputerName is available, but through script it is not giving the result. I checked by adding "PSComputerName" against "ComputerName" in script at "select @{n='ComputerName'; e={$.__Server}}", but that didn't work. It will be great to have your help on this. Thanks a lot again !
PC with PS4 | Output :
PS C:\Users\VLAB\Desktop> .\StaticIP_Fetch_New.ps1
ComputerName DHCPEnabled IPAddress
------------ ----------- ---------
True 192.168.43.164,fe80::1ca9:88e5:a04b:50ac
True 192.168.43.200
PC with PS4 | Output Simple Cmdlet: :
PS C:\Users\VLAB\Desktop> Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE | select PSComputerName, DHCPEnabled, IP
Address
PSComputerName DHCPEnabled IPAddress
-------------- ----------- ---------
VLAB-HP True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
VLAB-HP True {192.168.43.200}
From the above output it is clear that PSComputerName is available, but through script it is not giving the result. I checked by adding "PSComputerName" against "ComputerName" in script at "select @{n='ComputerName'; e={$.__Server}}", but that didn't work. It will be great to have your help on this. Thanks a lot again !
Strange. __Server is available with WMI on PS 2, but let me perform some tests again...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you So much Qlemo :) This is the final output through CSV export (The perfect One):
ComputerName DHCPEnabled IPAddress
VLAB1AD-DB
VLAB1AD-PDC FALSE 192.168.43.243
VLAB1AD-PDC TRUE 192.168.43.85
VLAB1AD-PDC FALSE 192.168.43.244
VLABCLIENTWIN8
VLAB-CLIENTXP TRUE 192.168.43.211
VLAB-CLIENTXP TRUE 0.0.0.0
VLAB-HP TRUE 192.168.43.164,fe80::1ca9: 88e5:a04b: 50ac
VLAB-HP TRUE 192.168.43.200
Cheers
Bedanta
ComputerName DHCPEnabled IPAddress
VLAB1AD-DB
VLAB1AD-PDC FALSE 192.168.43.243
VLAB1AD-PDC TRUE 192.168.43.85
VLAB1AD-PDC FALSE 192.168.43.244
VLABCLIENTWIN8
VLAB-CLIENTXP TRUE 192.168.43.211
VLAB-CLIENTXP TRUE 0.0.0.0
VLAB-HP TRUE 192.168.43.164,fe80::1ca9:
VLAB-HP TRUE 192.168.43.200
Cheers
Bedanta
Best to split between multiple answers, because the solution takes a different approach than the original question.
Neilsr http:#a40549386 100
Neilsr http:#a40549505 150
Qlemo http:#a40549487 100
Qlemo http:#a40556760 150
Neilsr http:#a40549386 100
Neilsr http:#a40549505 150
Qlemo http:#a40549487 100
Qlemo http:#a40556760 150
Agreed with Qlemo two different questions answered really.
ASKER
Thanks for the reply. Yes, I agree, from DHCP server lease log we can get the detail of free and used IP from the pool. But for thousands of machines it is obviously a tedious task and time consuming. From packet analysis by filtering and extracting the DHCP packets we can find out the list of clients which are using dynamic IP. However the script part is a better option. Do you have a such kind of script ! That will really help. I think a PS script will be a good one.