From a8187bd7f25bc9ca25fd948c944a12d7fb0fce9a Mon Sep 17 00:00:00 2001
From: Sam Erde <samuel.erde@gmail.com>
Date: Wed, 11 Dec 2024 15:42:47 -0500
Subject: [PATCH] PSSA
---
.../Domain Services/DNSZonesRemote.ps1 | 38 ++++++++++---------
.../Get-MissingADSubnets v2.ps1 | 14 +++----
2 files changed, 27 insertions(+), 25 deletions(-)
diff --git a/Active Directory/Domain Services/DNSZonesRemote.ps1 b/Active Directory/Domain Services/DNSZonesRemote.ps1
index 1acf5a4..6273a70 100644
--- a/Active Directory/Domain Services/DNSZonesRemote.ps1
+++ b/Active Directory/Domain Services/DNSZonesRemote.ps1
@@ -1,20 +1,23 @@
<#
.SYNOPSIS
-Loop through a list of specified domain controllers, and then loop through all DNS Server zones on each domain controller to make desired changes.
+Loop through a list of specified domain controllers, and then loop through all DNS Server zones on each domain
+controller to make desired changes.
.DESCRIPTION
-This script was written to change the Secondary Servers setting and the SecureSecondaries setting on all DNS zones on all DNS Servers (all domain controllers,
-in our environment.) It provides an ideal way to adjust settings for one (or all) zones across every zone server, because some settings are stored individually
-in each server's registry, and not completed replicated, even when the zone is AD-integrated.
+This script was written to change the Secondary Servers setting and the SecureSecondaries setting on all DNS zones on
+all DNS Servers (all domain controllers, in our environment.) It provides an ideal way to adjust settings for one (or
+all) zones across every zone server, because some settings are stored individually in each server's registry, and not
+completed replicated, even when the zone is AD-integrated.
-Our servers actually havce Remote Registry access disabled, so the remote part of this script will not work, but the inner loop beginning with the collection
-of zones ("$zones = Get-ChildItem ...") from the registry can be run manually on each DNS Server, still saving time and providing more accuracy than multiple
-manual changes could.
+Our servers actually have Remote Registry access disabled, so the remote part of this script will not work, but the
+inner loop beginning with the collection of zones ("$zones = Get-ChildItem ...") from the registry can be run manually
+on each DNS Server, still saving time and providing more accuracy than multiple manual changes could.
.NOTES
-Be sure to test your changes first by using -WhatIf on the Set-ItemProperty cmdlets, and also by testing your changes manually with at least one zone. Check the
-registry and the GUI after running your script, and note that changing some zone settings via the registry will require the DNS Server service to be restarted
-in order for those changes to be read and take effect.
+Be sure to test your changes first by using -WhatIf on the Set-ItemProperty cmdlets, and also by testing your changes
+manually with at least one zone. Check the registry and the GUI after running your script, and note that changing some
+zone settings via the registry will require the DNS Server service to be restarted in order for those changes to be read
+and take effect.
#>
if ($session) { Remove-PSSession $session }
@@ -22,11 +25,11 @@ if ($session) { Remove-PSSession $session }
#Specify a list of DNS servers manually, or just get a list of all domain controllers in the domain.
#$servers = @("","","","","")
$servers = Get-ADDomainController -Filter * | Select-Object Hostname
-$creds = Get-Credential
+$Creds = Get-Credential
#Loop through each server in the list, opening a PowerShell remoting session, then show the name and status of the session. Skips (continue) to the next server if a connection fails.
foreach ($srv in $servers) {
$server = $srv.Hostname
- $session = New-PSSession -ComputerName $server -Name $server -Credential $creds
+ $session = New-PSSession -ComputerName $server -Name $server -Credential $Creds
Try {
Write-Host -ForegroundColor Green "Connecting to $server... " -NoNewline
Enter-PSSession $session
@@ -39,17 +42,16 @@ foreach ($srv in $servers) {
$zones = Get-ChildItem -Path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\'
foreach ($zone in $zones) {
- Write-Host -NoNewline -ForegroundColor Yellow `n`n 'Name: ' (Get-ItemProperty -PSPath $zone.PSPath).PSChildName
- Write-Host -NoNewline `n 'SecondaryServers: ' (Get-ItemProperty -PSPath $zone.PSPath).SecondaryServers
- Write-Host -NoNewline `n 'SecureSecondaries: ' (Get-ItemProperty -PSPath $zone.PSPath).SecureSecondaries `n
+ Write-Host "`n`n 'Name: ' (Get-ItemProperty -PSPath $zone.PSPath).PSChildName" -NoNewline -ForegroundColor Yellow
+ Write-Host "`n 'SecondaryServers: ' (Get-ItemProperty -PSPath $zone.PSPath).SecondaryServers" -NoNewline
+ Write-Host "`n 'SecureSecondaries: ' (Get-ItemProperty -PSPath $zone.PSPath).SecureSecondaries `n" -NoNewline
- #Set-ItemProperty -PSPath $zone.PSPath -Name "SecondaryServers" -Value "" -Whatif
- #Set-ItemProperty -PSPath $zone.PSPath -Name "SecureSecondaries" -Value "3" -Whatif
+ #Set-ItemProperty -PSPath $zone.PSPath -Name "SecondaryServers" -Value "" -WhatIf
+ #Set-ItemProperty -PSPath $zone.PSPath -Name "SecureSecondaries" -Value "3" -WhatIf
}
#Cleanup and then show the current PSSession state.
if ($session) { Exit-PSSession }
if ($session) { Remove-PSSession $session }
Write-Host -ForegroundColor DarkYellow $session.ComputerName $session.State `n`n -NoNewline
-
}
diff --git a/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1 b/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1
index f60565e..4e3f738 100644
--- a/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1
+++ b/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1
@@ -157,17 +157,17 @@
$NumberOfIPs = ([System.Math]::Pow(2, $IntIPLength)) - 1
- $IpStart = New-IPv4NetworkAddress $ObjInputAddress $BlockBytes $IPv4Mask
+ $IpStart = New-IPv4NetworkAddress -Address $ObjInputAddress -nbBytes $BlockBytes -IPv4Mask $IPv4Mask
$Obj | Add-Member -type NoteProperty -Name Subnet -Value "$($IpStart)/$($IPv4Mask)"
$Obj | Add-Member -type NoteProperty -Name IpStart -Value $IpStart
$ArrBytesIpStart = $IpStart.GetAddressBytes()
[array]::Reverse($ArrBytesIpStart)
- $RangeStart = [system.bitconverter]::ToUInt32($ArrBytesIpStart, 0)
+ $RangeStart = [System.BitConverter]::ToUInt32($ArrBytesIpStart, 0)
$IpEnd = $RangeStart + $NumberOfIPs
- if (($IpEnd.Gettype()).Name -ine 'double') {
+ if (($IpEnd.GetType()).Name -ine 'double') {
$IpEnd = [Convert]::ToDouble($IpEnd)
}
@@ -178,7 +178,7 @@
$ArrBytesIpEnd = $IpEnd.GetAddressBytes()
[array]::Reverse($ArrBytesIpEnd)
- $Obj | Add-Member -type NoteProperty -Name RangeEnd -Value ([system.bitconverter]::ToUInt32($ArrBytesIpEnd, 0))
+ $Obj | Add-Member -type NoteProperty -Name RangeEnd -Value ([System.BitConverter]::ToUInt32($ArrBytesIpEnd, 0))
# return $Obj
$Obj
@@ -438,7 +438,7 @@
$SubnetObj = New-Object -TypeName PsObject
if ( $ObjIP.AddressFamily -match 'InterNetwork' ) {
- $SubnetObj = New-IPv4 $SubnetObj $ObjIP $IPv4Mask
+ $SubnetObj = New-IPv4 -Obj $SubnetObj -ObjInputAddress $ObjIP -IPv4Mask $IPv4Mask
$SubnetObj | Add-Member -MemberType NoteProperty -Name Computer -Value $Entry.Computer
$ArrIPs += $SubnetObj
} # end if $ObjIP.AddressFamily -match 'InterNetwork'
@@ -482,7 +482,7 @@
$SubnetObj = New-Object -TypeName PsObject
$SubnetObj | Add-Member -type NoteProperty -Name Name -Value ([string] $Subnet.Properties['cn'])
$SubnetObj | Add-Member -type NoteProperty -Name Location -Value ([string] $Subnet.Properties['location'])
- $SubnetObj | Add-Member -type NoteProperty -Name Site -Value ([string] $RegexCN.Match( $Subnet.Properties['siteobject']).Groups[1].Value)
+ $SubnetObj | Add-Member -type NoteProperty -Name Site -Value ([string] $RegexCN.Match( $Subnet.Properties['SiteObject']).Groups[1].Value)
$InputAddress = (($SubnetObj.Name).Split('/'))[0]
$ADSubnetPrefix = (($SubnetObj.Name).Split('/'))[1]
@@ -492,7 +492,7 @@
# Check if IP is a IPv4 (IPv6 not collected)
if ( $ObjInputAddress.AddressFamily -eq 'InterNetwork' ) {
- $SubnetObj = New-IPv4 $SubnetObj $ObjInputAddress $ADSubnetPrefix
+ $SubnetObj = New-IPv4 -Obj $SubnetObj -ObjInputAddress $ObjInputAddress -IPv4Mask $ADSubnetPrefix
$SubnetsArray += $SubnetObj
} # end if $ObjInputAddress.AddressFamily -eq 'InterNetwork'
} # end foreach $Subnet