• Follow
Automating The Network Redesign Process
Powershell

Automating The Network Redesign Process

Part of my job is to take care of the network and NAC. So I’m here to replace the switches, set up new access points and implement the NAC solution. Each site has it own class B LAN network, which is not so good, not for security nor administration.

Go to the profile of Saggie Haim
4 min read
By Saggie Haim

Namaste! I’m sitting in my hotel room, it’s very late, hoping not to get sick. It’s my first day in India, as my company has an office here in New Delhi. If you wonder why I hope not to get sick, well, this was my dinner today:

Hindi Dish

To be honest, it was very nice, not the best I had, but far from my worst one. If you didn’t notice, it had chicken inside. Part of my job is to take care of the network and NAC. So I’m here to replace the switches, set up new access points and implement the NAC solution. Each site has it own class B LAN network, which is not so good, not for security nor administration. So I need to re-design the network. To do so, I need to apply a new configuration for the switches, the firewall, the Domain Services and the servers (Client will get new configuration from DHCP). Now, if our LAN was simple, with VLANs for Users and Servers, it was easy. However, due to the security requirement and the network segregation, we have 17 VLANs to create. To do it once its ok, to do it in our 15 sites, its a pain! So I said to my self as a true lazy guy: “Saggie, There is no chance you are gonna do it again.” So I decided to automate the process. First, We need to plan, So i’m sitting down to write the tasks I have to make:

  1. Create DHCP Scopes
  2. Set DHCP Server options
  3. Update Site and services
  4. Create DNS reverse lookup zone

Then, I needed to write down the challenges In front of me:

  1. Each site has it own DC and DHCP Servers
  2. Each site has it own LAN network

Now, I could start writing my script. So I divided the script to three sections:

Gathering Information:

It necessary to know which DHCP server I want to modify, I don’t want to add the scope to the wrong server, it also necessary to know what are the Domain Controllers and DNS servers, the Site name and location and most important, because that why we are here the network segment. I’m using the Read-host command to populate the variables easily.

$DCServer = Read-Host -Prompt "Enter The DC Server FQDN or IP"
$DHCPServer = Read-Host -Prompt "Enter The DHCP Server FQDN or IP"
$NetSeg = Read-Host -Prompt "Enter the Network Sufix (if the network is 10.102.0.1, enter 102)"
$DNSServer01 = Read-host -Prompt "Enter Primary DNS Server"
$DnsServer02 = Read-Host -Prompt "Enter Secondary DNS Server"
$SiteName = Read-Host -Prompt "Enter Site And Services site name"

Creating the Scopes:

Now, that I have all the information I need for the particular site, I can start building the ‘static’ scopes. I’m building an array for each scope, so it will be easy to use it later in the script:

$FirstScope = [Ordered]@{
    Name = "Network-1";
    ScopeId = "10."+$NetSeg+".1.0";
    StartRange = "10."+$NetSeg+".1.1";
    EndRange = "10."+$netSeg+".1.254";
    SubNetMask = "255.255.255.0";
    Description = "Network-2";
    LeaseDuration = "3.00:00:00";
    defaultGateway = "10."+$NetSeg+".1.254"
}
$SecondScope = [Ordered]@{
    Name = "Network-2";
    ScopeId = "10."+$NetSeg+".2.0";
    StartRange = "10."+$NetSeg+".2.1"
    EndRange = "10."+$netSeg+".2.254"
    SubNetMask = "255.255.255.0"
    Description = "Network-2"
    LeaseDuration = "3.00:00:00"
    defaultGateway = "10."+$NetSeg+".2.254"
}

Creating the Scope, Site and Services Subnets and DNS reverse lookup zone:

At this point, we have all the information we need. we can start creating the DHCP scope, update the scope options, set DHCP server options, create DNS reverse lookup zone, and create the subnets for AD Site and Services. To do that, I’m using the the following cmdlets: Add-DhcpServerv4Scope – To create the DHCP scopes Set-DhcpServerv4OptionValue – To add Scope and server options New-ADReplicationSubnet – To create new subnets in Site And Services Add-DnsServerPrimaryZone – To Create new DNS reverse lookup zone

ForEach-Object {
    ## creating the Scopes
    Add-DhcpServerV4Scope -Name $_.Name -Description $_.Description -LeaseDuration $_.LeaseDuration -StartRange $_.StartRange -EndRange $_.EndRange -SubnetMask $_.SubNetMask -ComputerName $DHCPServer;
    ## Setting DefaultGateway for each scope
    Set-DhcpServerv4OptionValue -ComputerName $DHCPServer -ScopeId $_.ScopeId -OptionId 03 -Value $_.defaultGateway;
    ## create new subnets in Site And Services
    $name = $_.ScopeID + "/24";
    New-ADReplicationSubnet -Server $DCServer -Name $name -Site $SiteName -Location $SiteName
    ## Create new DNS reverse lookup zone
    Add-DnsServerPrimaryZone -DynamicUpdate Secure -NetworkId $name -ReplicationScope Forest -ComputerName $DCServer
}
 
## Setting DHCP Server Options
Set-DhcpServerV4OptionValue -DnsDomain "Saggiehaim.net" -DnsServer $DnsServer01,$DnsServer02

Simple as that, now it takes less than 3 seconds to redesign the network entirely. Doing some cleaning and working with the firewall team to finish everything. It’s important when you write a script, to know who is going to use it. In this case, I’m the only one who is going to use it, so I’m not entering any validations to my script. If you are creating the script for someone else, it’s important to add some safe switches to make sure everything running correctly. I recommend to learn the cmdlet, use the links to Microsoft docs, and understand what you are doing. Don’t run anything from the post without testing it before! Use it on your own risk. Hope you enjoyed reading.

PowershellAutomation
Next article
Creating Powershell Profile
Share Tweet Send
0 Comments
Loading...

Related Articles

No results found
Navigate up/down
Enter Go to article
/ Search new term
Esc Close search