In the last post we went through mapping client IPs to AD subnets and sites. And we noticed that some IPs belong to two subnets, or different sites!
In this post we will use PowerShell (again!) to dig into 100s of subnets and find overlapping and conflicting records.
What is an overlapping subnet?
It is a term I created to describe a subnet (say 192.168.1.0/24) that overlaps a bigger subnet (192.168.0.0/16).
What are conflicting sites?
Two subnets that overlap and belong to different AD sites. Placing clients in two places at once belongs only to quantum physics!
To find the offending subnets, we build upon the previous technique to find if a subnet ID can be an address in a bigger subnet.
#Import sites CSV and calculate some properties
$Subnets = Import-Csv -Path C:\temp\sites.csv
$Subnets | ForEach-Object {
$_ | Add-Member -MemberType NoteProperty -Name "SiteName" -Value (($_.site -split ",")[0] -replace "CN=", "")
$_ | Add-Member -MemberType NoteProperty -Name "SubnetID" -Value ([IPAddress](($_.Name -split "/")[0]))
$_ | Add-Member -MemberType NoteProperty -Name "MaskBits" -Value ([int](($_.Name -split "/")[1]))
$_ | Add-Member -MemberType NoteProperty -Name "SubnetMask" -Value ([IPAddress]"$([system.convert]::ToInt64(("1"*$_.MaskBits).PadRight(32,"0"),2))")
}
#Find overlapping subnets
$SubnetOverlaps = foreach ($Subnet in $Subnets) {
$SmallSubnets = $Subnets | Where-Object { $_.MaskBits -gt $Subnet.MaskBits }
foreach ($SmallSubnet in $SmallSubnets ) {
if (($SmallSubnet.SubnetID.Address -band $Subnet.SubnetMask.Address) -eq $Subnet.SubnetID.Address){
[PSCustomObject]@{
Subnet = $Subnet.Name
OverlappingSubnet = $SmallSubnet.Name
SubnetSite = $Subnet.SiteName
OverlappingSite = $SmallSubnet.SiteName
SiteCollission = $Subnet.SiteName -ne $SmallSubnet.SiteName
}
}
}
}
$SubnetOverlaps | ogv
This produces a beautiful table,

Now it is time to review these subnets and decide what belongs where!
Cheers!
You must log in to post a comment.