“A” record, assign IP address – see DNS, assign name to IP address
common ports – see ports, common
connectivity test – see:
- Test-NetConnection
connectivity to several PCs in an OU, test
Get-ADComputer -Filter * -Server ad11 -SearchBase "OU=IT,OU=yourOU,DC=yourDomain,DC=com" Where {Test-Connection $_.Name -Count 1 -Quiet} | Select @{Name="Computername";Expression={$_.Name}}
connect to a server on a port, test
Can I connect to the vSQL5 server over port 1433 (default SQL Server port):
(New-Object System.Net.Sockets.TCPClient("vSQL5",1433)).Connected
should return True or False
first, I usually find DHCP servers in our domain
Get-DhcpServerInDC
then, choose one - let’s say ourDHCPServer
Get-DhcpServerv4Scope -ComputerName ourDHCPServer.ourDomain.com | foreach {Get-DhcpServerv4Lease -computername ourDHCPServer.ourDomain.com -allleases -ScopeId ($_.ScopeId)}
DHCP servers, list for this domain
Get-DhcpServerInDC
If this displays DHCP servers that are obviously obsolete, see remove old DHCP servers (not PowerShell)
- Start Adsiedit.msc
- Open the configuration Container
- Expand Services
- Expand Net Services
- On the right hand side you will find a record named CN=DHCPRoot
- Right Click the CN=DhcpRoot entry and then click Properties
- Highlight DhcpServers Attribute and click Edit
DNS, assign IP address to name (“A” record) – see DNS, assign name to IP address
DNS, assign name to IP address (“A” record)
Is this DNS name already assigned an IP address? If you”re running from your own PC, it”ll just assume your PC is a DNS server and, if it isn’t (it probably isn’t), it’ll squawk. That’s why you must specify the "Computername" pointing to your DNS server (which is often your domain controller or DC).
(Get-DnsServerResourceRecord -Computername dc1.myold.school.edu -ZoneName "myold.school.edu" -Name "SteelyDan").RecordData
Command above verifies that this DNS name still has the old IP assigned to it. To update to the new IP:
$OldObj
=
Get-DnsServerResourceRecord
-Computername dc1.myold.school.edu -ZoneName
"myold.school.edu"
-Name
"SteelyDan"
-RRType
"A"
$NewObj
= [ciminstance]::new($OldObj)
$NewObj.RecordData.IPv4Address
= [System.Net.IPAddress]::parse("192.168.126.112")
Set-DnsServerResourceRecord
-Computername dc1.myold.school.edu -NewInputObject
$NewObj
-OldInputObject
$OldObj
-ZoneName
"myold.school.edu"
-PassThru
DNS, resolve name to IP address (“A” record)
This is probably best place to start:
$name
=
"snoopy"
try
{
$dns
=
Resolve-DnsName
-Name
$name
-ErrorAction Stop
$resolvedName
=
$dns.Name
$IP
=
$dns.IPAddress
}
Catch
{
$resolvedName
=
"not resolved"
$IP
=
"not found"
}
Write-Host
"$serverName
$resolvedName
$IP"
If you already have the ZoneName, then this:
(Get-DnsServerResourceRecord -Computername dc1.myold.school.edu -ZoneName "myold.school.edu" -Name "SteelyDan").RecordData
DNS, list forward lookup zones
$zones
=
Get-DnsServerZone
-ComputerName DC1
$zones
|
?
{$_.ZoneName
-like
"*.edu"} | select ZoneName, ZoneType | sort ZoneName
DNS, list zone transfers for forward lookup zones
This gets lists for all DCs in the domain you’re in because DCs’ zone transfers are not necessarily the same for all the Forward Lookup Zones
#
get all domain servers
$DomainName
= (Get-ADDomain).DNSRoot
$DCList
=
Get-ADDomainController
-Filter * -Server
$DomainName
| sort HostName
$i=0;
$domainCount
=
$DCList.Count
$result
=
@()
foreach
$DC
in
$DCList) {
$i++;
$domainServerPercentTxt
= ($i/$domainCount).ToString("P")
Write-Host
"domain $i
of
$($domainCount)
($domainServerPercentTxt):
$($DC.HostName)"
-ForegroundColor Cyan
$zonesThisDC
=
Get-DnsServerZone
-ComputerName
$DC.HostName
#
only look at forward zones and no stubs
$forwardZonesNotStub
=
$zonesThisDC
|
?
{$_.IsReverseLookupZone
-eq
$false
-and
$_.ZoneType
-ne
"Stub"}
$j
=
0;
$zoneCount
=
$forwardZonesNotStub.Count
foreach
($zone
in
$forwardZonesNotStub) {
$j++;
$zonePercentTxt
= ($j/$zoneCount).ToString("P")
Write-Host
" domain # $i, zone
$j
of
$($zoneCount)
($zonePercentTxt):
$($zone.ZoneName)" -ForegroundColor
Magenta
$NotifyServersList
=
$zone.NotifyServers
-join(", ")
$SecondaryServerList
=
$zone.SecondaryServers
-join(", ")
$result
+=
New-Object
-TypeName PSObject -Property @{
"DomainName"
=
$DC.HostName
"ZoneName"
=
$zone.ZoneName
"ZoneType"
=
$zone.ZoneType
"Notify"
=
$zone.Notify
"NotifyServersList"
=
$NotifyServersList
"NotifyServers"
=
$zone.NotifyServers
"SecureSecondaries"
=
$zone.SecureSecondaries
"SecondaryServerList"
=
$SecondaryServerList
}
}
}
# display results
$result
=
$result
| select DomainName, ZoneName, ZoneType,
Notify, NotifyServersList, SecureSecondaries, SecondaryServerList
$result
| ogv
DNS, reverse DNS entries for range of IPs
this gets range from 192.168.116.0 through 192.168.117.254
$IPFirstATwoOctets
=
"191.168"
$result
=
@()
$3rdOctetBegin
=
116
$3rdOctetEnd
=
117
$3rdOctetCount
=
$3rdOctetEnd
-
$3rdOctetBegin
+
1
$4thOctetCount
=
254
$k=0
for
($i=$3rdOctetBegin;
$i
-le
$3rdOctetEnd;
$i++) {
$k++
# count our 3rd
octed, starting with 1 - even though we might start at some higher number up to
254
$percent3rdOctetTxt
=
($k/$3rdOctetCount).ToString("P0")
# no decimal
for
($j=1;
$j
-le
254
;$j++) {
$percent4thOctetTxt
=
($j/$4thOctetCount).ToString("P1")
# 1 decimal
$IP
=
"$IPFirstATwoOctets.$i.$j"
$IPPadZeroes
=
($IP.Split(".")
|
%
{$_.PadLeft(3,"0")}) -join
"."
# to sort
$messagePrefix
=
"$k
of
$($3rdOctetCount)
3rd octet ($percent3rdOctetTxt),
$j
of
$($4thOctetCount)
($percent4thOctetTxt) 4th octet:"
try
{
$NameHost
=
(Resolve-DnsName
$IP
-ErrorAction
Stop).NameHost
Write-Color
-Text
$messagePrefix,
"$IP
",
"found!"
-Color Gray,
Cyan,
Green
$result
+=
New-Object
-TypeName PSObject -Property
@{
"IP"
=
$IP
"IPPadZeroes"
=
$IPPadZeroes
"NameHost"
=
$NameHost
}
}
catch
{
Write-Color
-Text
$messagePrefix,
"$IP
",
"not found!"
-Color Gray,
Blue,
Red
-BackGroundColor Black,
Black,
DarkYellow
$NameHost
=
"missing"
$result
+=
New-Object
-TypeName PSObject
-Property
@{
"IP"
=
$IP
"IPPadZeroes"
=
$IPPadZeroes
"NameHost"
=
"missing"
}
}
}
}
$result
=
$result
|
select IP,
IPPadZeroes,
$result
|
ogv
firewall ports - see ports, firewall, see connect to a server on a port, test
firewall, configure for domains and trusts
are ports 53, 135, 445 & 3268 enabled?
Get-NetFirewallPortFilter -PolicyStore ActiveStore `
|
?
{($_.LocalPort
-eq
"53")
-or
($_.LocalPort
-eq
"135")
-or
($_.LocalPort
-eq
"389")
-or
($_.LocalPort
-eq
"445")
-or
($_.LocalPort
-eq
"3268 ")} `
| Sort-Object LocalPort, Protocol | Format-Table -Property *
or more simply:
Get-NetFirewallPortFilter -PolicyStore ActiveStore `
|
?
{($_.LocalPort
-eq
"53")
-or
($_.LocalPort
-eq
"135")
-or
($_.LocalPort
-eq
"389")
-or
($_.LocalPort
-eq
"445")
-or
($_.LocalPort
-eq
"3268")} `
| Sort-Object LocalPort, Protocol | Format-Table Protocol, LocalPort, InstanceID
But not sure this is the right approach. This seems more centered on services rather than ports...
IP Address of the PC/Server from where you run command
# internal
Get-NetIPAddress
| select IPAddress, InterfaceAlias, AddressFamily |
?
{$_.AddressFamily
-eq
"IPv4"
-and
$_.InterfaceAlias
-notlike
"Loopback*"} | ft -a
# external - often need to include "-UseBasicParsing" parameter if
"Internet Explorer's first-launch configuration is not complete" or you'll get an error
(Invoke-WebRequest
-uri
"http://ifconfig.me/ip"
-UseBasicParsing).Content
# external with latitude/longitude, city, state, zip info
Invoke-RestMethod
-Uri ("http://ipinfo.io/"+(Invoke-WebRequest
-uri
"http://ifconfig.me/ip"
-UseBasicParsing).Content)
This might give error:
Invoke-WebRequest : The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.
IP address, assign to DNS name – see DNS, assign name to IP address
IP, find for DNS entry – see DNS, resolve name to IP address, reverse IP lookup
Get-ADComputer -property * -filter {ipv4address -eq "123.45.67.89"} | select CN, SamAccountName, CanonicalName, DNSHostName, ObjectGUID
(Invoke-WebRequest ifconfig.me/ip).Content.Trim()
Start with an array of $events,
each with an IP immediately followed by a port number and a date/time
$events
=
@(
[PSCustomObject]@{IP
=
"123.45.67.89:59796";
TimeCreated
=
"2024-04-04 08:30:00"},
[PSCustomObject]@{IP
=
"123.45.67.89:59798";
TimeCreated
=
"2024-04-04 11:15:00"},
[PSCustomObject]@{IP
=
"123.45.67.99:59799";
TimeCreated
=
"2024-04-04 10:11:00"},
[PSCustomObject]@{IP
=
"123.45.67.99:59800";
TimeCreated
=
"2024-04-04 11:10:00"}
)
# Convert "TimeCreated" to actual DateTime objects
$events
|
%
{$_.TimeCreated
=
Get-Date
$_.TimeCreated}
# Extract the IP component (before the ":")
$IPwithoutPort
=
$events
|
%
{
$IPcomponent
=
($_.IP
-split
":")[0]
[PSCustomObject]@{
IP
=
$IPcomponent
TimeCreated
=
$_.TimeCreated
}
}
# Group by IP component and find the most recent TimeCreated
$groupByIPmostRecent
=
$IPwithoutPort
|
group
-Property IP
|
%
{$_.Group
|
sort
-Property TimeCreated
-Descending
|
select
-First
1}
foreach
($mostRecent
in
$groupByIPmostRecent){
$IP
=
$mostRecent.IP
$mostRecent
=
$mostRecent.TimeCreated
$daysAgo
=
New-TimeSpan
-Start
$mostRecent
-End
$now
# Calculate the number of days between the most recent date/time and now
$integerDaysAgo
=
[math]::Truncate($daysAgo.Days)
$color=$null
$color
=
switch
($integerDaysAgo) {
0
{"Red"}
1
{"yellow"}
Default
{"Green"}
}
Write-Host
"most recent Event ID 2889 from
$IP
was at
$mostRecent
($integerDaysAgo
days ago)"
-ForegroundColor
$color
}
IP, reverse lookup – see reverse IP lookup
IPs for servers, list – see server IPs, list
nslookup -type=SRV _ldap._tcp.elephant.com
usually just lists domain controllers
MAC addresses associated with DHCP addresses - see DHCP addresses/MAC addresses
network connectivity for PCs – see connectivity to a bunch of PCs in an OU, test
- Test-Connection command to test network connectivity to PCs/server (same as ping)
- Test-NetConnection command to test network connectivity to PCs/server over a specific port
ping alternative –
- Test-Connection command to test network connectivity to PCs/server (same as ping)
- Test-NetConnection command to test network connectivity to PCs/server over a specific port
- 53 – DNS (Domain Name System) queries
- 80 – HTML
- 1433 – SQL
- 3389 – Remote Desktop Protocol (RDP)
port, connect to a server over, can I? – see connect to a server on a port, test
Get-NetTCPConnection -State Established
seems to sort descending by LocalPort
Get-NetFirewallPortFilter -PolicyStore ActiveStore | ? {$_.LocalPort -ne "any"} | Sort-Object LocalPort, Protocol | Format-Table -Property *
$IP = "123.123.123.123"
sometimes this works
Resolve-DnsName $IP
but this seems to work more consistently
$server = [System.Net.Dns]::GetHostByAddress($IP).Hostname
also lists OU; excludes servers with no IPs
$servers | sort {[regex]::Replace( $_.IPv4Address, "\d+", {$args.Value.PadLeft(3, "0") } )} | ? {$_.IPv4Address -ne $null} | select Name, IPv4Address, @{n="OU";e={$OU = ($_.DistinguishedName.Substring($_.DistinguishedName.IndexOf(",OU=")+1).Substring(0,$_.DistinguishedName.Substring($_.DistinguishedName.IndexOf(",OU=")+1).IndexOf(",DC=")) -replace "OU=", "").Split(",");[array]::Reverse($OU);$OU -join "/"}} |ogv
Test-Connection to test network connectivity using ICMP (Internet Control Message Protocol) echo requests (commonly known as “ping”). It does not directly test connectivity over specific ports. – see also Test-NetConnection to test connectivity to a specific port on a remote host, connectivity to a bunch of PCs in an OU, test
Test-Connection 123.45.67.89
Test-NetConnection to test connectivity to a specific port on a remote host. – see also Test-Connection to test network connectivity using ICMP does not directly test connectivity over specific ports, connectivity to a bunch of PCs in an OU, test
The default port used for TCP port connectivity checks is 80 (HTTP).
Test-NetConnection -ComputerName "MutantNinjaTurtles" -Port 1433
will try to communicate with server over port 1433 (SQL Server)
zone transfers (DNS) – see DNS, list zone transfers for forward lookup zones