The module now contains these additional CmdLets.

• Refresh-DnsZone – Implements the ForceRefresh method for Secondary Zones
• Reload-ADDnsZone – Implements the UpdateFromDS method for AD Integrated Zones
• Reload-DnsZone
• Reset-DnsZoneType – Implements the ChangeZoneType method
• Resume-DnsZone
• Set-DnsZoneTransfer – Implements the ResetSecondaries method
• Start-DnsScavenging
• Start-DnsService
• Stop-DnsService
• Suspend-DnsZone – Implements the Pause method
• Update-DnsZoneFile

As usual, the module can be downloaded from code.msdn.microsoft.com/dnsshell.

Related posts:

1. DnsShell – alpha release DnsShell is my PowerShell module intended to help administer MS...
2. DnsShell: Get-AD* A new version of DnsShell has been released, this release...
3. DnsShell DnsShell is a Microsoft DNS administration module for PowerShell 2.0....

Related posts brought to you by Yet Another Related Posts Plugin.

The updated release is available on MSDN as version 0.2.0.

code.msdn.microsoft.com/dnsshell

Basic help is available for each of the new CmdLets.

Related posts:

1. DnsShell – alpha release DnsShell is my PowerShell module intended to help administer MS...
2. DnsShell DnsShell is a Microsoft DNS administration module for PowerShell 2.0....

Related posts brought to you by Yet Another Related Posts Plugin.

The module is currently available on MSDN.

The following CmdLets are implemented at this stage:

• Get-Dns
• Clear-DnsCache
• Get-DnsRecord
• Get-DnsServer
• Get-DnsZone
• New-DnsRecord
• New-DnsZone
• Remove-DnsObject
• Set-DnsRecord
• Get-ADDnsRecord

I am in the process of writing detailed CmdLet help, it will be made available as soon as possible.

Related posts:

1. DnsShell: Zone and Server CmdLets After fixing a couple of authentication bugs with Set-DnsRecord and...
2. DnsShell: Get-AD* A new version of DnsShell has been released, this release...

Related posts brought to you by Yet Another Related Posts Plugin.

The script can listen for DHCP offers for a specified number of seconds by using the DiscoverTimeout parameter, by default the script listens for 60 seconds. Note that a timeout is set for the ReceiveFrom method, this is set to 10 seconds in the script and applies to each receive attempt. If the connection times out the script will stop listening for offers regardless of the value for DiscoverTimeout.

This script has only been tested using PowerShell 2.0.

<#
  Net-DhcpDiscover.ps1

  Author: Chris Dent
  Date: 16/02/2010

  A script to send a DHCPDISCOVER request and report on DHCPOFFER
  responses returned by all DHCP Servers on the current subnet.

  DHCP Packet Format (RFC 2131 - http://www.ietf.org/rfc/rfc2131.txt):

  0                   1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |     op (1)    |   htype (1)   |   hlen (1)    |   hops (1)    |
  +---------------+---------------+---------------+---------------+
  |                            xid (4)                            |
  +-------------------------------+-------------------------------+
  |           secs (2)            |           flags (2)           |
  +-------------------------------+-------------------------------+
  |                          ciaddr  (4)                          |
  +---------------------------------------------------------------+
  |                          yiaddr  (4)                          |
  +---------------------------------------------------------------+
  |                          siaddr  (4)                          |
  +---------------------------------------------------------------+
  |                          giaddr  (4)                          |
  +---------------------------------------------------------------+
  |                                                               |
  |                          chaddr  (16)                         |
  |                                                               |
  |                                                               |
  +---------------------------------------------------------------+
  |                                                               |
  |                          sname   (64)                         |
  +---------------------------------------------------------------+
  |                                                               |
  |                          file    (128)                        |
  +---------------------------------------------------------------+
  |                                                               |
  |                          options (variable)                   |
  +---------------------------------------------------------------+

   FIELD      OCTETS       DESCRIPTION
   -----      ------       -----------

   op            1  Message op code / message type.
                    1 = BOOTREQUEST, 2 = BOOTREPLY
   htype         1  Hardware address type, see ARP section in "Assigned
                    Numbers" RFC; e.g., '1' = 10mb ethernet.
   hlen          1  Hardware address length (e.g.  '6' for 10mb
                    ethernet).
   hops          1  Client sets to zero, optionally used by relay agents
                    when booting via a relay agent.
   xid           4  Transaction ID, a random number chosen by the
                    client, used by the client and server to associate
                    messages and responses between a client and a
                    server.
   secs          2  Filled in by client, seconds elapsed since client
                    began address acquisition or renewal process.
   flags         2  Flags (see figure 2).
   ciaddr        4  Client IP address; only filled in if client is in
                    BOUND, RENEW or REBINDING state and can respond
                    to ARP requests.
   yiaddr        4  'your' (client) IP address.
   siaddr        4  IP address of next server to use in bootstrap;
                    returned in DHCPOFFER, DHCPACK by server.
   giaddr        4  Relay agent IP address, used in booting via a
                    relay agent.
   chaddr       16  Client hardware address.
   sname        64  Optional server host name, null terminated string.
   file        128  Boot file name, null terminated string; "generic"
                    name or null in DHCPDISCOVER, fully qualified
                    directory-path name in DHCPOFFER.
   options     var  Optional parameters field.  See the options
                    documents for a list of defined options.
#>

#
# Parameters
#

Param(
  # MAC Address String in Hex-Decimal Format can be delimited with
  # dot, dash or colon (or none)
  [String]$MacAddressString = "AA:BB:CC:DD:EE:FF",
  # Length of time (in seconds) to spend waiting for Offers if
  # the connection does not timeout first
  [Byte]$DiscoverTimeout = 60
)

# Build a DHCPDISCOVER packet to send
#
# Caller: Main

Function New-DhcpDiscoverPacket
{
  Param(
    [String]$MacAddressString = "AA:BB:CC:DD:EE:FF"
  )

  # Generate a Transaction ID for this request

  $XID = New-Object Byte[] 4
  $Random = New-Object Random
  $Random.NextBytes($XID)

  # Convert the MAC Address String into a Byte Array

  # Drop any characters which might be used to delimit the string
  $MacAddressString = $MacAddressString -Replace "-|:|\."
  $MacAddress = [BitConverter]::GetBytes((
    [UInt64]::Parse($MacAddressString,
    [Globalization.NumberStyles]::HexNumber)))
  # Reverse the MAC Address array
  [Array]::Reverse($MacAddress)

  # Create the Byte Array
  $DhcpDiscover = New-Object Byte[] 243

  # Copy the Transaction ID Bytes into the array
  [Array]::Copy($XID, 0, $DhcpDiscover, 4, 4)

  # Copy the MacAddress Bytes into the array (drop the first 2 bytes,
  # too many bytes returned from UInt64)
  [Array]::Copy($MACAddress, 2, $DhcpDiscover, 28, 6)

  # Set the OP Code to BOOTREQUEST
  $DhcpDiscover[0] = 1
  # Set the Hardware Address Type to Ethernet
  $DhcpDiscover[1] = 1
  # Set the Hardware Address Length (number of bytes)
  $DhcpDiscover[2] = 6
  # Set the Broadcast Flag
  $DhcpDiscover[10] = 128
  # Set the Magic Cookie values
  $DhcpDiscover[236] = 99
  $DhcpDiscover[237] = 130
  $DhcpDiscover[238] = 83
  $DhcpDiscover[239] = 99
  # Set the DHCPDiscover Message Type Option
  $DhcpDiscover[240] = 53
  $DhcpDiscover[241] = 1
  $DhcpDiscover[242] = 1

  Return $DhcpDiscover
}

# Parse a DHCP Packet, returning an object containing each field
#
# Caller: Main

Function Read-DhcpPacket( [Byte[]]$Packet )
{
  $Reader = New-Object IO.BinaryReader(New-Object IO.MemoryStream(@(,$Packet)))

  $DhcpResponse = New-Object Object

  # Get and translate the Op code
  $DhcpResponse | Add-Member NoteProperty Op $Reader.ReadByte()
  if ($DhcpResponse.Op -eq 1)
  {
    $DhcpResponse.Op = "BootRequest"
  }
  else
  {
    $DhcpResponse.Op = "BootResponse"
  }

  $DhcpResponse | Add-Member NoteProperty HType -Value $Reader.ReadByte()
  if ($DhcpResponse.HType -eq 1) { $DhcpResponse.HType = "Ethernet" }

  $DhcpResponse | Add-Member NoteProperty HLen $Reader.ReadByte()
  $DhcpResponse | Add-Member NoteProperty Hops $Reader.ReadByte()
  $DhcpResponse | Add-Member NoteProperty XID $Reader.ReadUInt32()
  $DhcpResponse | Add-Member NoteProperty Secs $Reader.ReadUInt16()
  $DhcpResponse | Add-Member NoteProperty Flags $Reader.ReadUInt16()
  # Broadcast is the only flag that can be present, the other bits are reserved
  if ($DhcpResponse.Flags -BAnd 128) { $DhcpResponse.Flags = @("Broadcast") }

  $DhcpResponse | Add-Member NoteProperty CIAddr `
    $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
    "$($Reader.ReadByte()).$($Reader.ReadByte())")
  $DhcpResponse | Add-Member NoteProperty YIAddr `
    $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
    "$($Reader.ReadByte()).$($Reader.ReadByte())")
  $DhcpResponse | Add-Member NoteProperty SIAddr `
    $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
    "$($Reader.ReadByte()).$($Reader.ReadByte())")
  $DhcpResponse | Add-Member NoteProperty GIAddr `
    $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
    "$($Reader.ReadByte()).$($Reader.ReadByte())")

  $MacAddrBytes = New-Object Byte[] 16
  [Void]$Reader.Read($MacAddrBytes, 0, 16)
  $MacAddress = [String]::Join(
    ":", $($MacAddrBytes[0..5] | %{ [String]::Format('{0:X2}', $_) }))
  $DhcpResponse | Add-Member NoteProperty CHAddr $MacAddress

  $DhcpResponse | Add-Member NoteProperty SName `
    $([String]::Join("", $Reader.ReadChars(64)).Trim())
  $DhcpResponse | Add-Member NoteProperty File `
    $([String]::Join("", $Reader.ReadChars(128)).Trim())

  $DhcpResponse | Add-Member NoteProperty MagicCookie `
    $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
    "$($Reader.ReadByte()).$($Reader.ReadByte())")

  # Start reading Options

  $DhcpResponse | Add-Member NoteProperty Options @()
  While ($Reader.BaseStream.Position -lt $Reader.BaseStream.Length)
  {
    $Option = New-Object Object
    $Option | Add-Member NoteProperty OptionCode $Reader.ReadByte()
    $Option | Add-Member NoteProperty OptionName ""
    $Option | Add-Member NoteProperty Length 0
    $Option | Add-Member NoteProperty OptionValue ""

    If ($Option.OptionCode -ne 0 -And $Option.OptionCode -ne 255)
    {
      $Option.Length = $Reader.ReadByte()
    }

    Switch ($Option.OptionCode)
    {
      0 { $Option.OptionName = "PadOption" }
      1 {
        $Option.OptionName = "SubnetMask"
        $Option.OptionValue = `
          $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
          "$($Reader.ReadByte()).$($Reader.ReadByte())") }
      3 {
        $Option.OptionName = "Router"
        $Option.OptionValue = `
          $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
          "$($Reader.ReadByte()).$($Reader.ReadByte())") }
      6 {
        $Option.OptionName = "DomainNameServer"
        $Option.OptionValue = @()
        For ($i = 0; $i -lt ($Option.Length / 4); $i++)
        {
          $Option.OptionValue += `
            $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
            "$($Reader.ReadByte()).$($Reader.ReadByte())")
        } }
      15 {
        $Option.OptionName = "DomainName"
        $Option.OptionValue = [String]::Join(
          "", $Reader.ReadChars($Option.Length)) }
      51 {
        $Option.OptionName = "IPAddressLeaseTime"
        # Read as Big Endian
        $Value = ($Reader.ReadByte() * [Math]::Pow(256, 3)) + `
          ($Reader.ReadByte() * [Math]::Pow(256, 2)) + `
          ($Reader.ReadByte() * 256) + `
          $Reader.ReadByte()
        $Option.OptionValue = $(New-TimeSpan -Seconds $Value) }
      53 {
        $Option.OptionName = "DhcpMessageType"
        Switch ($Reader.ReadByte())
        {
          1 { $Option.OptionValue = "DHCPDISCOVER" }
          2 { $Option.OptionValue = "DHCPOFFER" }
          3 { $Option.OptionValue = "DHCPREQUEST" }
          4 { $Option.OptionValue = "DHCPDECLINE" }
          5 { $Option.OptionValue = "DHCPACK" }
          6 { $Option.OptionValue = "DHCPNAK" }
          7 { $Option.OptionValue = "DHCPRELEASE" }
        } }
      54 {
        $Option.OptionName = "DhcpServerIdentifier"
        $Option.OptionValue = `
          $("$($Reader.ReadByte()).$($Reader.ReadByte())." + `
          "$($Reader.ReadByte()).$($Reader.ReadByte())") }
      58 {
        $Option.OptionName = "RenewalTime"
        # Read as Big Endian
        $Value = ($Reader.ReadByte() * [Math]::Pow(256, 3)) + `
          ($Reader.ReadByte() * [Math]::Pow(256, 2)) + `
          ($Reader.ReadByte() * 256) + `
          $Reader.ReadByte()
        $Option.OptionValue = $(New-TimeSpan -Seconds $Value) }
      59 {
        $Option.OptionName = "RebindingTime"
        # Read as Big Endian
        $Value = ($Reader.ReadByte() * [Math]::Pow(256, 3)) + `
          ($Reader.ReadByte() * [Math]::Pow(256, 2)) + `
          ($Reader.ReadByte() * 256) + `
          $Reader.ReadByte()
        $Option.OptionValue = $(New-TimeSpan -Seconds $Value) }
      255 { $Option.OptionName = "EndOption" }
      default {
        # For all options which are not decoded here
        $Option.OptionName = "NoOptionDecode"
        $Buffer = New-Object Byte[] $Option.Length
        [Void]$Reader.Read($Buffer, 0, $Option.Length)
        $Option.OptionValue = $Buffer
      }
    }

    # Override the ToString method
    $Option | Add-Member ScriptMethod ToString `
        { Return "$($this.OptionName) ($($this.OptionValue))" } -Force

    $DhcpResponse.Options += $Option
  }

  Return $DhcpResponse
}

# Create a UDP Socket with Broadcast and Address Re-use enabled.
#
# Caller: Main

Function New-UdpSocket
{
  Param(
    [Int32]$SendTimeOut = 5,
    [Int32]$ReceiveTimeOut = 5
  )

  $UdpSocket = New-Object Net.Sockets.Socket(
    [Net.Sockets.AddressFamily]::InterNetwork,
    [Net.Sockets.SocketType]::Dgram,
    [Net.Sockets.ProtocolType]::Udp)
  $UdpSocket.EnableBroadcast = $True
  $UdpSocket.ExclusiveAddressUse = $False
  $UdpSocket.SendTimeOut = $SendTimeOut * 1000
  $UdpSocket.ReceiveTimeOut = $ReceiveTimeOut * 1000

  Return $UdpSocket
}

# Close down a Socket
#
# Caller: Main

Function Remove-Socket
{
  Param(
    [Net.Sockets.Socket]$Socket
  )

  $Socket.Shutdown("Both")
  $Socket.Close()
}

#
# Main
#

# Create a Byte Array for the DHCPDISCOVER packet
$Message = New-DhcpDiscoverPacket -Send 10 -Receive 10

# Create a socket
$UdpSocket = New-UdpSocket

# UDP Port 68 (Server-to-Client port)
$EndPoint = [Net.EndPoint](
  New-Object Net.IPEndPoint($([Net.IPAddress]::Any, 68)))
# Listen on $EndPoint
$UdpSocket.Bind($EndPoint)

# UDP Port 67 (Client-to-Server port)
$EndPoint = [Net.EndPoint](
 New-Object Net.IPEndPoint($([Net.IPAddress]::Broadcast, 67)))
# Send the DHCPDISCOVER packet
$BytesSent = $UdpSocket.SendTo($Message, $EndPoint)

# Begin receiving and processing responses
$NoConnectionTimeOut = $True

$Start = Get-Date

While ($NoConnectionTimeOut)
{
  $BytesReceived = 0
  Try
  {
    # Placeholder EndPoint for the Sender
    $SenderEndPoint = [Net.EndPoint](
      New-Object Net.IPEndPoint($([Net.IPAddress]::Any, 0)))
    # Receive Buffer
    $ReceiveBuffer = New-Object Byte[] 1024
    $BytesReceived = $UdpSocket.ReceiveFrom($ReceiveBuffer, [Ref]$SenderEndPoint)
  }
  #
  # Catch a SocketException, thrown when the Receive TimeOut value is reached
  #
  Catch [Net.Sockets.SocketException]
  {
    $NoConnectionTimeOut = $False
  }

  If ($BytesReceived -gt 0)
  {
    Read-DhcpPacket $ReceiveBuffer[0..$BytesReceived]
  }

  If ((Get-Date) -gt $Start.AddSeconds($DiscoverTimeout))
  {
    # Exit condition, not error condition
    $NoConnectionTimeOut = $False
  }
}

Remove-Socket $UdpSocket

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Download all the functions and examples at once: Net-SubnetMath.ps1

Convert an IP to binary

This function uses System.Convert to change each octet of an IP address into it’s binary form. PadLeft is used to add leading zero’s if required.

Function ConvertTo-BinaryIP( [String]$IP ) {

  $IPAddress = [Net.IPAddress]::Parse($IP)

  Return [String]::Join('.',
    $( $IPAddress.GetAddressBytes() | %{
      [Convert]::ToString($_, 2).PadLeft(8, '0') } ))
}

Convert an IP to a 32-bit decimal

Allows conversion of an IP Address to an unsigned 32-bit integer.

Function ConvertTo-DecimalIP( [String]$IP ) {

  $IPAddress = [Net.IPAddress]::Parse($IP)
  $i = 3
  $IPAddress.GetAddressBytes() | %{
    $DecimalIP += $_ * [Math]::Pow(256, $i); $i-- }

  Return [UInt32]$DecimalIP
}

Convert a decimal number or binary IP to a dotted IP

Used to switch a decimal or binary IP back to the more common dotted decimal format. The function uses a simple pair of regular expressions to determine which format is presented.

Function ConvertTo-DottedDecimalIP( [String]$IP ) {

  Switch -RegEx ($IP) {
    "([01]{8}\.){3}[01]{8}" {

      Return [String]::Join('.', $( $IP.Split('.') | %{
        [Convert]::ToInt32($_, 2) } ))
    }
    "\d" {

      $IP = [UInt32]$IP
      $DottedIP = $( For ($i = 3; $i -gt -1; $i--) {
        $Remainder = $IP % [Math]::Pow(256, $i)
        ($IP - $Remainder) / [Math]::Pow(256, $i)
        $IP = $Remainder
       } )

      Return [String]::Join('.', $DottedIP)
    }
    default {
      Write-Error "Cannot convert this format"
    }
  }
}

Convert a subnet mask to a mask length

Occasionally it is desirable to calculate the subnet mask bit length. This can be done using the following.

Function ConvertTo-MaskLength( [String]$Mask ) {

  $IPMask = [Net.IPAddress]::Parse($Mask)
  $Bits = "$( $IPMask.GetAddressBytes() | %{
    [Convert]::ToString($_, 2) } )" -Replace "[\s0]"

  Return $Bits.Length
}

Convert a mask length to a subnet mask

To a dotted decimal IP via binary and an unsigned 32-bit integer.

Function ConvertTo-Mask( [Byte]$MaskLength ) {

  Return ConvertTo-DottedDecimalIP ([Convert]::ToUInt32(
    $(("1" * $MaskLength).PadRight(32, "0")), 2))
}

Calculate the subnet network address

The functions above can be used with along with a bitwise AND operation against an IP address and subnet mask to calculate the network address.

Note that this function includes calls to both ConvertTo-DottedDecimalIP and ConvertTo-DecimalIP.

Function Get-NetworkAddress( [String]$IP, [String]$Mask ) {

  Return ConvertTo-DottedDecimalIP $(
    (ConvertTo-DecimalIP $IP) -BAnd
    (ConvertTo-DecimalIP $Mask))
}

Calculate the subnet broadcast address

The function is right at the bottom, the explanation is, of course, entirely optional.

Getting to the Broadcast Address is a bit more complicated than the Network Address. A Bitwise Or is executed against an Inverted Subnet Mask. For example, the Inverted form of 255.255.255.0 is 0.0.0.255.

Inverting the decimal value of the subnet mask can be performed using BNot, the Complement Operator (see Get-Help About_Comparison_Operators).

Unfortunately BNot only returns a signed 64-bit integer (in the range -9223372036854775808 to 9223372036854775807).

PS C:\> $Value = ConvertTo-DecimalIP 255.255.255.0; $Value
4294967040
PS C:\> $Value.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     UInt32                                   System.ValueType

PS C:\> $Inverted = -BNot $Value; $Inverted
-4294967041
PS C:\> $Inverted.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Int64                                    System.ValueType

PS C:\> # Convert to Binary (Base 2)
PS C:\> [Convert]::ToString($Inverted, 2)
1111111111111111111111111111111100000000000000000000000011111111

The first 32 bits have are 1 (feel free to count). This happens because of the implicit conversion between UInt32 and Int64. Those 32 leading 1′s must go; Back to Binary And.

PS C:\> $Inverted -BAnd [UInt32]::MaxValue
255

The operation takes advantage of the implicit conversion between types to get [UInt32]::MaxValue and to an Int64 type. As a result, this is what BAnd did:

1: 11111111 11111111 11111111 11111111 00000000 00000000 00000000 11111111
2: 00000000 00000000 00000000 00000000 11111111 11111111 11111111 11111111
3: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 11111111

Where 1 is the Int64 value from -BNot, 2 is the implicit conversion of [Int32]::MaxValue to Int64, and 3 is the result of the And operation. Finally, the resulting value can be implicitly (or explicitly) converted back to UInt32.

A very long explanation for a very short function.

Function Get-BroadcastAddress( [String]$IP, [String]$Mask ) {

  Return ConvertTo-DottedDecimalIP $(
    (ConvertTo-DecimalIP $IP) -BOr
    ((-BNot (ConvertTo-DecimalIP $Mask)) -BAnd [UInt32]::MaxValue))
}

Get-NetworkInfo

Putting the functions above to work, providing a summary of an IP address range.

Function Get-NetworkInfo( [String]$IP, [String]$Mask ) {
  If ($IP.Contains("/"))
  {
    $Temp = $IP.Split("/")
    $IP = $Temp[0]
    $Mask = $Temp[1]
  }

  If (!$Mask.Contains("."))
  {
    $Mask = ConvertTo-Mask $Mask
  }

  $DecimalIP = ConvertTo-DecimalIP $IP
  $DecimalMask = ConvertTo-DecimalIP $Mask

  $Network = $DecimalIP -BAnd $DecimalMask
  $Broadcast = $DecimalIP -BOr
    ((-BNot $DecimalMask) -BAnd [UInt32]::MaxValue)
  $NetworkAddress = ConvertTo-DottedDecimalIP $Network
  $RangeStart = ConvertTo-DottedDecimalIP ($Network + 1)
  $RangeEnd = ConvertTo-DottedDecimalIP ($Broadcast - 1)
  $BroadcastAddress = ConvertTo-DottedDecimalIP $Broadcast
  $MaskLength = ConvertTo-MaskLength $Mask

  $BinaryIP = ConvertTo-BinaryIP $IP; $Private = $False
  Switch -RegEx ($BinaryIP)
  {
    "^1111"  { $Class = "E"; $SubnetBitMap = "1111" }
    "^1110"  { $Class = "D"; $SubnetBitMap = "1110" }
    "^110"   {
      $Class = "C"
      If ($BinaryIP -Match "^11000000.10101000") { $Private = $True } }
    "^10"    {
      $Class = "B"
      If ($BinaryIP -Match "^10101100.0001") { $Private = $True } }
    "^0"     {
      $Class = "A"
      If ($BinaryIP -Match "^00001010") { $Private = $True } }
   }   

  $NetInfo = New-Object Object
  Add-Member NoteProperty "Network" -Input $NetInfo -Value $NetworkAddress
  Add-Member NoteProperty "Broadcast" -Input $NetInfo -Value $BroadcastAddress
  Add-Member NoteProperty "Range" -Input $NetInfo `
    -Value "$RangeStart - $RangeEnd"
  Add-Member NoteProperty "Mask" -Input $NetInfo -Value $Mask
  Add-Member NoteProperty "MaskLength" -Input $NetInfo -Value $MaskLength
  Add-Member NoteProperty "Hosts" -Input $NetInfo `
    -Value $($Broadcast - $Network - 1)
  Add-Member NoteProperty "Class" -Input $NetInfo -Value $Class
  Add-Member NoteProperty "IsPrivate" -Input $NetInfo -Value $Private

  Return $NetInfo
}

Get-NetworkRange

Calculate each host address within the network range.

Function Get-NetworkRange( [String]$IP, [String]$Mask ) {
  If ($IP.Contains("/"))
  {
    $Temp = $IP.Split("/")
    $IP = $Temp[0]
    $Mask = $Temp[1]
  }

  If (!$Mask.Contains("."))
  {
    $Mask = ConvertTo-Mask $Mask
  }

  $DecimalIP = ConvertTo-DecimalIP $IP
  $DecimalMask = ConvertTo-DecimalIP $Mask

  $Network = $DecimalIP -BAnd $DecimalMask
  $Broadcast = $DecimalIP -BOr ((-BNot $DecimalMask) -BAnd [UInt32]::MaxValue)

  For ($i = $($Network + 1); $i -lt $Broadcast; $i++) {
    ConvertTo-DottedDecimalIP $i
  }
}

Examples

# Use of Convert Functions
ConvertTo-BinaryIP 192.168.1.1
ConvertTo-DecimalIP 192.168.1.1
ConvertTo-DottedDecimalIP 11000000.10101000.00000001.00000001
ConvertTo-DottedDecimalIP 3232235777
ConvertTo-MaskLength 255.255.128.0
ConvertTo-Mask 17

# Use of Network and Broadcast Address Functions
Get-NetworkAddress 192.168.1.1 255.255.255.0
Get-BroadcastAddress 192.168.1.1 255.255.255.0

# Use of Network Info
Get-NetworkInfo 229.168.1.1 255.255.248.0
Get-NetworkInfo 172.16.1.243 18
Get-NetworkInfo 10.0.0.3/14

# Use of Network Range
Get-NetworkRange 192.168.1.5 255.255.255.248
Get-NetworkRange 172.18.0.23 30
Get-NetworkRange 172.18.0.23/29

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

# The current Domain

$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext

# The Primary Group Token for Domain Users and Guests will always be
# the same value (no matter the forest). Used as a demonstration of
# how the value can be retrieved

$OldGroup = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$OldGroup.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")

$NewGroup = [ADSI]"LDAP://CN=Domain Guests,CN=Users,$DomainNC"
$NewGroup.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")

# Determine which accounts will be effected by the change

$BaseOU = [ADSI]"LDAP://OU=SomeWhere,$DomainNC"
$LdapFilter = "(&(objectClass=user)(objectCategory=person)" + `
  "(primaryGroupId=$OldGroupToken))"

# Find the users

$Searcher = New-Object DirectoryServices.DirectorySearcher($BaseOU, $LdapFilter)
$Searcher.PageSize = 1000

$Searcher.FindAll() | %{
  $User = $_.GetDirectoryEntry()

  # The user must be a member of the group first

  $NewGroup.Add($User.AdsPath)

  # Change the Primary Group

  $User.Put("primaryGroupId", $NewGroupToken)
  $User.SetInfo()

  # Then the old group can be removed

  $OldGroup.Remove($User.AdsPath)
}

Related posts:

1. Accept or reject messages from This function reads delivery restrictions from objects in Active Directory....
2. Get-DsAcl The goal of this PowerShell function is to create a...
3. Building LDAP filters for date based attributes Active Directory contains a number of attributes which hold date...

Related posts brought to you by Yet Another Related Posts Plugin.

Function Get-ChildItemToDepth {
  Param(
    [String]$Path = $PWD,
    [String]$Filter = "*",
    [Byte]$ToDepth = 255,
    [Byte]$CurrentDepth = 0,
    [Switch]$DebugMode
  )

  $CurrentDepth++
  If ($DebugMode) { $DebugPreference = "Continue" }

  Get-ChildItem $Path | %{
    $_ | ?{ $_.Name -Like $Filter }

    If ($_.PsIsContainer) {
      If ($CurrentDepth -le $ToDepth) {

        # Callback to this function
        Get-ChildItemToDepth -Path $_.FullName -Filter $Filter `
          -ToDepth $ToDepth -CurrentDepth $CurrentDepth

      } Else {

        Write-Debug $("Skipping GCI for Folder: $($_.FullName) " + `
          "(Why: Current depth $CurrentDepth vs limit depth $ToDepth)")

      }
    }
  }
}

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Function Get-IISLogSetting
{
  Param([String[]]$Servers = $Env:Computername)

  $Servers | %{
    $Server = $_

    $WMI = New-Object Management.ManagementScope("\\$Server\root\MicrosoftIISv2")
    $WMI.Options.Authentication = "PacketPrivacy"
    $Query = New-Object Management.ObjectQuery( `
      "SELECT Name, LogFileDirectory, LogFileTruncateSize, " + `
      "LogType, LogFilePeriod FROM IIsWebServerSetting")

    $Searcher = New-Object Management.ManagementObjectSearcher($WMI, $Query)

    Trap [UnauthorizedAccessException]
    {
      Write-Error "$($Server): Unable to connect or Access is denied"
      continue
    }
    $Searcher.Get() | Select-Object `
      @{n='Name';e={ $Server }}, `
      @{n='Site';e={ $_.Name }}, `
      @{n='IIS Logging';e={
        Switch ($_.LogType) {
          0 { "Disabled" }
          1 { "Enabled" }
        } }}, `
      @{n='Log Path';e={ $_.LogFileDirectory }}, `
      @{n='Log File Size';e={
        If ([Int]$_.LogFileTruncateSize -eq -1) { "Unlimited" } else {
          "$([Int]$_.LogFileTruncateSize / 1Gb) Gb" } }}, `
      @{n='Log File Rollover';e={
        Switch ($_.LogFilePeriod) {
          0 { "Size" }
          1 { "Date" }
        } }}
  }
}

Related posts:

1. Accept or reject messages from This function reads delivery restrictions from objects in Active Directory....

Related posts brought to you by Yet Another Related Posts Plugin.

Written for and tested under PowerShell 2.0. The script could probably use some error handling.

# SysLog.ps1
#
# A basic SysLog server. Behaviour should be fairly consistent with
# RFC 3164 (http://www.ietf.org/rfc/rfc3164.txt).

# Network Configuration

$SysLogPort = 514                  # Default SysLog Port
$Buffer = New-Object Byte[] 1024   # Maximum SysLog message size

# Server Configuration

$EnableMessageValidation = $True   # Enable check of the PRI and Header
$EnableRelay = $True               # Enable relay to $RelayTargetIP
$EnableLocalLogging = $True        # Enable local logging of received messages
$EnableConsoleLogging = $False     # Enable logging to the console
$EnableHostNameLookup = $True      # Lookup hostname for connecting IP
$EnableHostNamesOnly = $True       # Uses Host Name only instead of FQDNs

$RelayTargetIP = "10.0.0.1"        # Must be an IP Address
$LogFolder = "C:\SysLog\LogFiles"  # Path must exist

# Global variables used to store day and date-stamp for log roll-over

$Day = (Get-Date).Day
$DateStamp = (Get-Date).ToString("yyyy.MM.dd")

# Relay Initialisation

If ($EnableRelay)
{
  $RelayTarget = [Net.IPAddress]::Parse($RelayTargetIP)
  $RelayTargetEndPoint = New-Object Net.IPEndPoint($RelayTarget, $SysLogPort)
}

# A launcher for the process
#
# Caller: Manual / Script

Function Start-SysLog
{
  $Socket = CreateSocket
  StartReceive $Socket
}

# Create and bind to the socket
#
# Caller: Start-SysLog

Function CreateSocket
{
  $Socket = New-Object Net.Sockets.Socket(
    [Net.Sockets.AddressFamily]::Internetwork,
    [Net.Sockets.SocketType]::Dgram,
    [Net.Sockets.ProtocolType]::Udp)

  $ServerIPEndPoint = New-Object Net.IPEndPoint(
    [Net.IPAddress]::Any,
    $SysLogPort)

  $Socket.Bind($ServerIPEndPoint)

  Return $Socket
}

# Recieve a single message
#
# Caller: Start-SysLog

Function StartReceive([Net.Sockets.Socket]$Socket)
{
  # Placeholder to store source of incoming packet
  $SenderIPEndPoint = New-Object Net.IPEndPoint([Net.IPAddress]::Any, 0)
  $SenderEndPoint = [Net.EndPoint]$SenderIPEndPoint

  $ServerRunning = $True
  While ($ServerRunning -eq $True)
  {
    $BytesReceived = $Socket.ReceiveFrom($Buffer, [Ref]$SenderEndPoint)
    $Message = $Buffer[0..$($BytesReceived - 1)]

    $Message = ValidateMessage $Message $SenderEndPoint.Address.IPAddressToString

    If ($EnableRelay)
    {
      RelayMessage $Socket $Message
    }
  }
}

# Relay the message to an upstream SysLog server. Either basic forwarding,
# or full validation.
#
# Caller: StartReceive

Function RelayMessage([Net.Sockets.Socket]$Socket, [Byte[]]$Message)
{
  [Void]$Socket.SendTo($Message, $RelayTargetEndPoint)
}

# Check the validity of the message (if option is enabled). Adjust message
# according to recommendations in RFC 3164.
#
# Caller: StartReceive

Function ValidateMessage([Byte[]]$Message, [String]$HostName)
{
  If ($EnableMessageValidation)
  {
    $MessageString = [Text.Encoding]::ASCII.GetString($Message)

    If (IsValidPRI($MessageString))
    {
      If (!(IsValidDateTime($MessageString)))
      {
        $PRI = [Int]($MessageString -Replace "<|>.*")
        $HostName = GetHostName $HostName
        $MessageString = "<$PRI>$(NewDateTimeString) $HostName $MessageString"
        $Message = EncodeMessage $MessageString
      }
    }
    Else
    {
      $HostName = GetHostName $HostName
      $MessageString = "<13>$(NewDateTimeString) $HostName $MessageString"
      $Message = EncodeMessage $MessageString
    }
  }
  If ($EnableLocalLogging -Or $EnableConsoleLogging)
  {
    If ($MessageString -eq $Null)
    {
      $MessageString = [Text.Encoding]::ASCII.GetString($Message)
    }
    If ($EnableLocalLogging) { WriteToLog $MessageString $HostName }
    If ($EnableConsoleLogging) { Write-Host $MessageString }
  }
  Return $Message
}

# Validate the PRI (Priority Field - Facility and Severity)
# No parsing is performed. No network prioritisation is implemented
#
# Caller: ValidateMessage

Function IsValidPRI([String]$MessageString)
{
  If ($MessageString.SubString(0, 1) -ne "<")
  {
    Return $False
  }
  If (!$MessageString.SubString(2, 3).Contains(">"))
  {
    Return $False
  }

  $PRI = [Int]($MessageString -Replace "<|>.*")
  # PRI = (Facility * 8) + Severity. Maximum and minimum values from RFC 3164
  If ($PRI -lt 1 -Or $PRI -gt 191)
  {
    Return $False
  }
  Return $True
}

# Validate the TimeStamp formatting
#
# Caller: ValidateMessage

Function IsValidDateTime([String]$MessageString)
{
  $IsValid = $False
  If ($MessageString -Match "(?<=\>)\w{3}\s\s?\d{1,2}\s(\d\d:){2}\d\d(?=\s)")
  {
    $Date = New-Object DateTime
    ForEach ($Format in @("MMM  d hh:mm:ss", "MMM dd hh:mm:ss"))
    {
      $Date = New-Object DateTime
      $IsValid = [DateTime]::TryParseExact(
        $Matches[0],
        $Format,
        [Globalization.CultureInfo]::InvariantCulture,
        [Globalization.DateTimeStyles]::AssumeUniversal,
        [Ref]$Date)
      If ($IsValid) { Return $True }
    }
  }
  Return $False
}

# Create a new DateTime String
#
# Caller: ValidateMessage

Function NewDateTimeString
{
  $Date = (Get-Date).ToUniversalTime()
  If ($Date.Day -lt 10)
  {
    Return $Date.ToString("MMM  d HH:mm:ss")
  }
  Return $Date.ToString("MMM dd HH:mm:ss")
}

# Attempt to lookup the HostName if an IP value was passed.
# [Net.Dns]::GetHostEntry fails to return if a Forward Lookup record
# does not exist. NsLookup as a simple alternative.
#
# Caller: ValidateMessage

Function GetHostName([String]$HostName)
{
  If (!$EnableHostNameLookup) { Return $HostName }
  If ([Net.IPAddress]::TryParse($HostName, [Ref]$Null))
  {
    $Temp = (nslookup -q=ptr $HostName | ?{ $_ -Like "*name = *" })
    $Temp = $Temp -Replace ".*name = "
    If ($Temp -ne [String]::Empty) { $HostName = $Temp }
  }
  If ($EnableHostNamesOnly)
  {
    Return $HostName.Split(".")[0]
  }
  Return $HostName
}

# Returns a Byte Array representation of the original message.
# If the length is greater than 1024 Bytes the array is truncated
# as stipulated under RFC 3164.
#
# Caller: ValidateMessage

Function EncodeMessage([String]$MessageString)
{
  $Message = [Text.Encoding]::ASCII.GetBytes($MessageString)
  If ($Message.Length -gt 1024)
  {
    Return $Message[0..1023]
  }
  Return $Message
}

# Maintain a per-host log file in the $LogFolder
# Script does not clean up old log files
#
# Caller: ValidateMessage

Function WriteToLog([String]$MessageString, [String]$HostName)
{
  # Simple time based roll-over check
  If ((Get-Date).Day -ne $Day)
  {
    $Day = (Get-Date).Day
    $DateStamp = (Get-Date).ToString("yyyy.MM.dd")
  }

  $LogFile = "$LogFolder\$HostName-$DateStamp.log"
  $MessageString >> $LogFile
}

# Start the server

Start-SysLog

Related posts:

1. DHCP Discovery A PowerShell script to send a DHCP Discover request and...
2. IPv4 subnet math with PowerShell Written to complement the VbScript version of this post. This...

Related posts brought to you by Yet Another Related Posts Plugin.

Properties

Usage examples

Standard output (reporting on organizational units in the current domain):

Get-DsAcl

Format Table:

Get-DsAcl | Format-Table

Store in a variable:

ACLs = Get-DsAcl

Export to CSV:

Get-DsAcl | Export-CSV "Rights.csv"

Reporting on User objects:

Get-DsAcl -ObjectType "user"

Reporting on a sub-OU:

Get-DsAcl "OU=Test,DC=domain,DC=com"
# Or
Get-DsAcl -SearchRoot "OU=Test,DC=domain,DC=com"

Reporting on contacts in a sub-OU:

Get-DsAcl "OU=Test,DC=domain,DC=com" -ObjectType "contact"

Using a custom LDAP filter:

Get-DsAcl -LdapFilter "(objectClass=*)"

Including Inherited entries:

Get-DsAcl -LdapFilter "(name=Chris Dent)" -Inherited | Format-Table

Get-DsAcl

Function Get-DSACL {
  # Function to list permissions assigned to objects in Active Directory
  # This function reports on organizationalUnits within the domain by default.

  Param(
    $SearchRoot = ([ADSI]"LDAP://RootDSE").Get("defaultNamingContext"),
    $ObjectType = "organizationalUnit",
    $LdapFilter = "(&(objectClass=$ObjectType)(objectCategory=$ObjectType))",
    [Switch]$Inherited = $False
  )

  # Set the output field separator (default is " ")
  $OFS = "\"

  # Connect to RootDSE
  $RootDSE = [ADSI]"LDAP://RootDSE"
  # Connect to the Schema
  $Schema = [ADSI]"LDAP://$($RootDSE.Get('schemaNamingContext'))"
  # Connect to the Extended Rights container
  $Configuration = $RootDSE.Get("configurationNamingContext")
  $ExtendedRights = [ADSI]"LDAP://CN=Extended-Rights,$Configuration"

  # Find objects based on $SearchRoot and $ObjectType
  $Searcher = New-Object DirectoryServices.DirectorySearcher(`
    [ADSI]"LDAP://$SearchRoot", `
    $LdapFilter)

  $Searcher.FindAll() | %{
    $Object = $_.GetDirectoryEntry()

    # Retrieve all Access Control Entries from the AD Object
    $ACL = $Object.PsBase.ObjectSecurity.GetAccessRules(`
      $True, `
      $Inherited, `
      [Security.Principal.NTAccount])

    # Get interesting values
    $ACL | Select-Object @{n='Name';e={ $Object.Get("name") }}, `
      @{n='DN';e={ $Object.Get("distinguishedName") }}, `
      @{n='ObjectClass';e={ $Object.Class }}, `
      @{n='SecurityPrincipal';e={ $_.IdentityReference.ToString() }}, `
      @{n='AccessType';e={ $_.AccessControlType }}, `
      @{n='Permissions';e={ $_.ActiveDirectoryRights }}, `
      @{n='AppliesTo';e={
        #
        # Change the values for InheritanceType to friendly names
        #
        Switch ($_.InheritanceType) {
          "None"            { "This object only" }
          "Descendents"     { "All child objects" }
          "SelfAndChildren" { "This object and one level Of child objects" }
          "Children"        { "One level of child objects" }
          "All"             { "This object and all child objects" }
        } }}, `
      @{n='AppliesToObjectType';e={
        If ($_.InheritedObjectType.ToString() -NotMatch "0{8}.*") {
          #
          # Search for the Object Type in the Schema
          #
          $LdapFilter = `
            "(SchemaIDGUID=\$($_.InheritedObjectType.ToByteArray() | `
            %{ '{0:X2}' -f $_ }))"
          $Result = (New-Object DirectoryServices.DirectorySearcher(`
            $Schema, $LdapFilter)).FindOne()
          $Result.Properties["ldapdisplayname"]
        } Else { "All" } }}, `
      @{n='AppliesToProperty';e={
        If ($_.ObjectType.ToString() -NotMatch "0{8}.*") {
          #
          # Search for a possible Extended-Right or Property Set
          #
          $LdapFilter = "(rightsGuid=$($_.ObjectType.ToString()))"
          $Result = (New-Object DirectoryServices.DirectorySearcher(`
            $ExtendedRights, $LdapFilter)).FindOne()
          If ($Result) {
            $Result.Properties["displayname"]
          } Else {
            #
            # Search for the attribute name in the Schema
            #
            $LdapFilter = "(SchemaIDGUID=\$($_.ObjectType.ToByteArray() | `
              %{ '{0:X2}' -f $_ }))"
            $Result = (New-Object DirectoryServices.DirectorySearcher(`
              $Schema, $LdapFilter)).FindOne()
            $Result.Properties["ldapdisplayname"]
          }
        } Else { "All" } }}, `
      @{n='Inherited';e={ $_.IsInherited }}
  }
}

Related posts:

1. Changing the Primary Group with PowerShell Exactly as the title says, an example of how to...
2. Accept or reject messages from This function reads delivery restrictions from objects in Active Directory....
3. Building LDAP filters for date based attributes Active Directory contains a number of attributes which hold date...

Related posts brought to you by Yet Another Related Posts Plugin.