Script or utility to export/import AD subnets?

  • Thread starter Thread starter Trust No One®
  • Start date Start date
T

Trust No One®

Hi all,

I'm after a script or utility that will allow me to export all the subnet
objects in an AD domain, and subsequently import them into another AD
domain.

So far I've had little success.

Has anyone come across such a thing? Several hundred subnets are involved so
I'd hate to have to type them all in! :)
 
Trust No One® said:
Hi all,

I'm after a script or utility that will allow me to export all the subnet
objects in an AD domain, and subsequently import them into another AD
domain.
Click to expand...

You can off course do this with an ADSI (custom?) script but the question
implies a need to import a LARGE number of IP Subnets which should almost
never be required.
So far I've had little success.

Has anyone come across such a thing? Several hundred subnets are involved
so I'd hate to have to type them all in! :)
Click to expand...

You can SUMMARIZE adjacent subnets by decreasing the subnet mask (1-bit
summarizes 2, 2 bits summarize 4, 3-8, 4-16, in powers of two.)

I use the term "Step Size" when discussing and teaching either such
summaries
or subnet "sizes". So subnets come in step sizes of 4, 8, 16 etc -- and
subnets
can be summarized in step sizes of 2, 4, 8, 16 etc.

When ISPs combine subnets like this it is usually referred to as
"Supernetting"
-- i.e., creating one larger 'supernetwork' from multiple smaller
subnetworks.

The rule is actually that the LOWEST subnet summarized must be on a multiple
of the "Step Size", and the entire step size MUST be included, i.e., they
must
be adjacent, contiguous, begin at a multiple of the step size, and continue
to
JUST below the NEXT multiple (which would be the next network or supernet.)

Example:

Actual current (sub)networks in Chicago office:
192.168.200.0/24 --- 192.168.207.0/24

Effective summary of these subnets by reducing the mask:
192.168.200.0/21

21 bits is 3 LESS than 24 so it will summarize those 8 subnets, starting at
200, and going up to 207 which is just before the NEXT multiple of 8, 208.

One might wonder, "But what if my subnets are not contiguous? What are
the chances of that happening?"

Actually the chances should be excellent since good (sub)network design
attempts to do this sort of thing whenver possible in a location that uses
multiple subnets, and AGAIN at "district" and "regional" network locations.

The idea is to be able to write the FEWEST number of Routes (then it
is called "route summarization") either by a human or even by smart
router.

This leads to both human and computer/network efficiencies, since the
routing tables and route updates between routers are smaller.
 
Herb said:
You can off course do this with an ADSI (custom?) script but the
question implies a need to import a LARGE number of IP Subnets which
should almost never be required.
Click to expand...
Hi Herb, thanks your reply wrt to summarizing subnets

Unfortunately we do have a large number of sites, ranging from small
overseas sites to very large locations in our hub locations.

That in itself is no justification for having hundreds of subnets defined in
AD, and in some cases I have been able to get away with summarizing subnets
exactly as you described.

However we use Active Directory printer location tracking, and while it is a
brilliant feature (and the users love it), it does have the side-effect that
we have to define a whole lot more subnet objects in AD :(
 
Trust No One® said:
Hi Herb, thanks your reply wrt to summarizing subnets

Unfortunately we do have a large number of sites, ranging from small
overseas sites to very large locations in our hub locations.

That in itself is no justification for having hundreds of subnets defined
in AD, and in some cases I have been able to get away with summarizing
subnets exactly as you described.

However we use Active Directory printer location tracking, and while it is
a brilliant feature (and the users love it), it does have the side-effect
that we have to define a whole lot more subnet objects in AD :(
Click to expand...

In that case, try to Scripting Resource Center or even the Script-o-Matic
at Microsoft to see if there is something built or close to what you
need....

Googling: [ site:microsoft.com "script-o-matic" adsi ]
 
ADFIND and ADMOD could do the job for you by using CSV files

EXPORT:
ADFIND -config -rb "CN=Subnets,CN=Sites" -f "(objectCategory=subnet)"
objectClass siteObject description -adcsv > SUBNETS.TXT

IMPORT
admod -csv -add -import < SUBNETS.TXT

of course you add your own list of attributes to export

have fun


Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Paul Bergson said:
See if the scripts here are of value to you

http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
Click to expand...
 
Back
Top