[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 346
  • Last Modified:

How to know the IP configuration of a windows machine is stactic or Dynamic in an AD environment by analysing the network traffic

Hi,
I have a requirement to find out the Windows machines which have static IP configuration instead of DHCP by doing network packet analysis (By using Microsoft Netmon tool). There are thousands of client machines.
I need to know how can I get the list of machines which have static IP by doing protocol traffic analysis through the tool MS Netmon.
0
Bedanta Shanker Mishra
Asked:
Bedanta Shanker Mishra
  • 11
  • 7
  • 3
  • +1
4 Solutions
 
Neil RussellTechnical Development LeadCommented:
Network traffic does not tell you if you are static or dhcp address.  

You would be far better off just doing a script to look at the NIC configuration of each machine on your network remotely.

Of course your DHCP server can tell you all of the IP addresses it has issued and are in use.
0
 
Bedanta Shanker MishraAuthor Commented:
Hi Neilsr,
Thanks for the reply. Yes, I agree, from DHCP server lease log we can get the detail of free and used IP from the pool. But for thousands of machines it is obviously a tedious task and time consuming. From packet analysis by filtering and extracting the DHCP packets we can find out the list of clients which are using dynamic IP. However the script part is a better option. Do you have a such kind of script ! That will really help. I think a PS script will be a good one.
0
 
QlemoC++ DeveloperCommented:
For static IP addresses overlapping with the DHCP pool you get special entries in the lease table, as those are getting blocked by the DHCP server.
A list of AD computers minus DHCP lease computers should get you those machines potentially being static. I would then go and apply the aforementioned script to only those.
On the other hand, running a login script collecting IP info is a common approach.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
Neil RussellTechnical Development LeadCommented:
I'm off out in a bit but in essence what you want is starting with this...
$Computers = Get-ADComputer -Filter *
foreach ($Computer in $Computers)
{
$wmiInfo = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer.name  -ErrorAction:SilentlyContinue
$wmiinfo
}

Open in new window


If you run that and observer its output, that will hopefully guide you in how to get what you want. OR qlemo can elaborate for you.
0
 
Bedanta Shanker MishraAuthor Commented:
Thanks a lot Neilsr. Let me check out the script in my lab. I will post the output soon.

Thank you Qlemo.

Cheers :)
0
 
Bedanta Shanker MishraAuthor Commented:
Neilsr,

I ran the above script on my lab DC. Below is my observations.

PS C:\Users\Administrator\Desktop> Get-ADComputer -Filter *


DistinguishedName : CN=cloudflexweb-PDC,OU=Domain Controllers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexweb-PDC.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexweb-PDC
ObjectClass       : computer
ObjectGUID        : b7f5aa73-3c1b-4eca-952e-0d78ccb478c2
SamAccountName    : cloudflexweb-PDC$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1000
UserPrincipalName :

DistinguishedName : CN=cloudflexwebCAP-CLIENTXP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexwebCAP-ClientXP.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexwebCAP-CLIENTXP
ObjectClass       : computer
ObjectGUID        : 4190af3a-0e1a-482b-af78-c029c9d8fda5
SamAccountName    : cloudflexwebCAP-CLIENTXP$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1103
UserPrincipalName :

DistinguishedName : CN=cloudflexwebCAPCLIENTWIN8,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexwebCAPCLIENTWIN8.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexwebCAPCLIENTWIN8
ObjectClass       : computer
ObjectGUID        : 97503804-0501-45a3-863e-d883d5b16b79
SamAccountName    : cloudflexwebCAPCLIENTWIN8$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1109
UserPrincipalName :

DistinguishedName : CN=cloudflexweb-DB,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : cloudflexweb-DB.logon.ds.cloudflexweb.com
Enabled           : True
Name              : cloudflexweb-DB
ObjectClass       : computer
ObjectGUID        : 84d04bbd-f6f1-48fb-9af9-519d9ec79cd3
SamAccountName    : cloudflexweb-DB$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1110
UserPrincipalName :

DistinguishedName : CN=THEHACKER-HP,CN=Computers,DC=logon,DC=ds,DC=cloudflexweb,DC=com
DNSHostName       : THEHACKER-HP.logon.ds.cloudflexweb.com
Enabled           : True
Name              : THEHACKER-HP
ObjectClass       : computer
ObjectGUID        : 3b133b26-2f4a-4803-b5cf-d9ddb800fc41
SamAccountName    : THEHACKER-HP$
SID               : S-1-5-21-1648877103-3137164350-3771869934-1112
UserPrincipalName :

Open in new window


After using your code with ps1 script :

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1


DHCPEnabled      : False
IPAddress        : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}
DefaultIPGateway : {192.168.43.85}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection
Index            : 7

DHCPEnabled      : True
IPAddress        : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}
DefaultIPGateway : {192.168.43.1}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection #2
Index            : 10

DHCPEnabled      : False
IPAddress        : {192.168.43.244, fe80::f8a0:336:8302:a677}
DefaultIPGateway : {192.168.43.250, 192.168.43.85}
DNSDomain        :
ServiceName      : E1G60
Description      : Intel(R) PRO/1000 MT Network Connection #3
Index            : 13

DHCPEnabled      : True
IPAddress        : {192.168.43.201}
DefaultIPGateway : {192.168.43.243}
DNSDomain        : logon.ds.ge.com
ServiceName      : VMXNET
Description      : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Index            : 1

DHCPEnabled      : True
IPAddress        : {0.0.0.0}
DefaultIPGateway :
DNSDomain        :
ServiceName      : BthPan
Description      : Bluetooth Device (Personal Area Network)
Index            : 11

Open in new window


The top three NIC configurations are for the DC itself and the 4th one is for a XP client machine. looks fine :). For a large number of machines it will be better to format this output by keeping these 7 Objects [DHCPEnabled, IPAddress, DefaultIPGateway, DNSDomain, ServiceName, Description and Index] in a tabular form to get them export in to a CSV file. I am working on it. Your notion regarding this will be deeply appreciated .  Thanks again for your valuable support. Have a lovely day.
0
 
QlemoC++ DeveloperCommented:
.\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP. csv

Open in new window

Is all you need to get the CSV file. The formatting you see is done by PowerShell as you didn't tell what to do with the result. In that case up to 3 properties are shown in a table, more in a list.
0
 
Rob WilliamsCommented:
You could also use Microsoft's  PSExec to run IPConfig on a list of remote computers, such as
  psexec @list.txt  ipconfig  >>C:\Temp\Output.txt
Where List.txt is a list of computer names, or IPs..
http://technet.microsoft.com/en-ca/sysinternals/bb897553.aspx
You could use the "find" command to limit the amount of information recorded.
0
 
Bedanta Shanker MishraAuthor Commented:
Hi Qlemo,

I tried the "Export-CSV -NoType" through pipe but got the following error.

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1 | Export-CSV -NoType StaticIP.csv
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:34
+ .\StaticIP_Fetch.ps1 | Export-CSV <<<<  -NoType StaticIP.csv
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ExportCsvCommand

Open in new window


Could you please suggest any correction !

Hi Rob,
Thanks for your support.  PSExec is really a great tool. I used that before. But as per our current policy approval of this tool for execution is really a challenge ! That is why trying to get this done by script.
0
 
Bedanta Shanker MishraAuthor Commented:
Modified Script :

$Computers = Get-ADComputer -Filter *
foreach ($Computer in $Computers)
{
$wmiInfo = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $Computer.name -ErrorAction:SilentlyContinue | format-list DHCPEnabled,IPaddress
$wmiinfo
}

Open in new window



OUTPUT:

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch.ps1


DHCPEnabled : False
IPaddress   : {192.168.43.243, fe80::711e:9752:fbd2:7ee4}

DHCPEnabled : True
IPaddress   : {192.168.43.85, fe80::5d3:1bcd:f408:2bd7}

DHCPEnabled : False
IPaddress   : {192.168.43.244, fe80::f8a0:336:8302:a677}





DHCPEnabled : True
IPaddress   : {192.168.43.201}

DHCPEnabled : True
IPaddress   : {0.0.0.0}

Open in new window


Can I get the above output in below format ?

DHCPEnabled                    IPaddress
       True                         {192.168.43.201}

So that it can be exported into CSV properly !
0
 
QlemoC++ DeveloperCommented:
Try with:
Get-ADComputer -Filter * | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name  -ErrorAction SilentlyContinu
  }
} | select PSComputername, DHCPEnabled, IPAddress | Export-Csv -noType StaticIP.csv

Open in new window

0
 
Bedanta Shanker MishraAuthor Commented:
Hi Qlemo,

I got the output on CSV as below : IP is not reflecting on CSV !!!

PSComputername      DHCPEnabled      IPAddress
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                               FALSE           System.String[]
                                                TRUE           System.String[]
                                                TRUE           System.String[]


Without Export or On Console :

PS C:\Users\Administrator\Desktop> .\StaticIP_Fetch_New.ps1

                                                                         DHCPEnabled IPAddress
                                                                         ----------- ---------
                                                                               False {192.168.43.243}
                                                                                True {169.254.43.215}
                                                                               False {192.168.43.244}
                                                                                True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
                                                                               False {169.254.185.151, fe80::2542:9658:bf55:b997}
                                                                                True {169.254.247.74, fe80::a94d:7b95:ddf0:f74a}
                                                                                True {192.168.43.200}

Open in new window


Any idea pls !!!
0
 
Bedanta Shanker MishraAuthor Commented:
Yes, please re-open the question, Sorry, I closed before getting the absolute solution. Thank you.
0
 
Bedanta Shanker MishraAuthor Commented:
Thanks, Qlemo. Also requesting you to have a look at the output !
0
 
QlemoC++ DeveloperCommented:
There is another issue, as PSComputerName seems to be available with PS 3, not PS 2 (hence it is empty in your output).
This script will (a) process the machines in alphabetical order, (b) provide (empty) output for machines not reached, and (c) create the proper CSV output. If an interface has more than one IP, which happens e.g. with IPv6, those IPs are listed comma-separated.
Get-ADComputer -Filter * | sort Name | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinue
  } else {
    New-Object PsObject -Property @{__Server = $_.Name; DHCPEnabled = $null; IPAddress = $null}
  }
 } | select @{n='ComputerName'; e={$.__Server}},
            DHCPEnabled,
            @{n='IPAddress'; e={$_.IPAddress -join ','}} |
   Export-CSV -NoType IPs.csv

Open in new window

0
 
Bedanta Shanker MishraAuthor Commented:
Great, let me check the script in lab :) Yes, on PS3 and PS4 PSComputerName is present (tested with PS4). Thank you...
0
 
Bedanta Shanker MishraAuthor Commented:
Works like a charm. CSV output is proper. But a small issue still exists for PSComputerName !

PC with PS4 | Output :

PS C:\Users\VLAB\Desktop> .\StaticIP_Fetch_New.ps1

ComputerName                                      DHCPEnabled                                       IPAddress
------------                                      -----------                                       ---------

                                                  True                                              192.168.43.164,fe80::1ca9:88e5:a04b:50ac
                                                  True                                              192.168.43.200

Open in new window


PC with PS4 | Output Simple Cmdlet: :

PS C:\Users\VLAB\Desktop> Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE | select PSComputerName, DHCPEnabled, IP
Address

PSComputerName                                                                          DHCPEnabled IPAddress
--------------                                                                          ----------- ---------
VLAB-HP                                                                                   True {192.168.43.164, fe80::1ca9:88e5:a04b:50ac}
VLAB-HP                                                                                   True {192.168.43.200}

Open in new window


From the above output it is clear that  PSComputerName is available, but through script it is not giving the result. I checked by adding "PSComputerName" against "ComputerName" in script at "select @{n='ComputerName'; e={$.__Server}}", but that didn't work. It will be great to have your help on this.  Thanks a lot again !
0
 
QlemoC++ DeveloperCommented:
Strange.  __Server is available with WMI on PS 2, but let me perform some tests again...
0
 
QlemoC++ DeveloperCommented:
What a stupid mistake - I left out an underline ...
Get-ADComputer -Filter * | sort Name | % {
  if (Test-Connection -Quiet $_.Name -Count 1) {
    Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter IPEnabled=TRUE -ComputerName $_.name -ErrorAction SilentlyContinue
  } else {
    New-Object PsObject -Property @{__Server = $_.Name; DHCPEnabled = $null; IPAddress = $null}
  }
 } | select @{n='ComputerName'; e={$_.__Server}},
            DHCPEnabled,
            @{n='IPAddress'; e={$_.IPAddress -join ','}} |
   Export-CSV -NoType IPs.csv

Open in new window

0
 
Bedanta Shanker MishraAuthor Commented:
Thank you So much Qlemo :) This is the final output through CSV export  (The perfect One):

ComputerName                           DHCPEnabled      IPAddress
VLAB1AD-DB            
VLAB1AD-PDC                                    FALSE      192.168.43.243
VLAB1AD-PDC                                     TRUE      192.168.43.85
VLAB1AD-PDC                                    FALSE      192.168.43.244
VLABCLIENTWIN8            
VLAB-CLIENTXP                                     TRUE      192.168.43.211
VLAB-CLIENTXP                                     TRUE      0.0.0.0
VLAB-HP                                                     TRUE      192.168.43.164,fe80::1ca9:88e5:a04b:50ac
VLAB-HP                                                     TRUE      192.168.43.200

Cheers
Bedanta
0
 
QlemoC++ DeveloperCommented:
Best to split between multiple answers, because the solution takes a different approach than the original question.

Neilsr  http:#a40549386      100
Neilsr  http:#a40549505      150
Qlemo http:#a40549487      100
Qlemo http:#a40556760      150
0
 
Neil RussellTechnical Development LeadCommented:
Agreed with Qlemo two different questions answered really.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 11
  • 7
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now