Skip to main content

PowerShell + SCCM 2012 : Boundaries

This is the second post in continuation of Getting Started series (not diving into the WMI as of now), hoping to cover few of the common tasks which ConfigMgr admins perform in the series.
[UPDATE] - Thanks to TechSmith  for giving me a free MVP copy of the Camtasia & SnagIt. Now will try to put links to youtube videos instead of the animated GIF's.

So first of the simple tasks which you can do with CM cmdlets is on the topic managing boundaries. Not gonna show each and every cmdlet but few use cases.

 Note - Assuming you have the PowerShell console loaded with the CM Module (see the Getting Started post for this)

 First let's ask PowerShell which cmdlets have *boundary* pattern in the noun :

 
PS> Get-Command -Module configurationmanager -Noun *boundary*

CommandType     Name                                               ModuleName
-----------     ----                                               ----------
Cmdlet          Add-CMBoundaryToGroup                              configurationmanager
Cmdlet          Get-CMBoundary                                     configurationmanager
Cmdlet          Get-CMBoundaryGroup                                configurationmanager
Cmdlet          New-CMBoundary                                     configurationmanager
Cmdlet          New-CMBoundaryGroup                                configurationmanager
Cmdlet          Remove-CMBoundary                                  configurationmanager
Cmdlet          Remove-CMBoundaryFromGroup                         configurationmanager
Cmdlet          Remove-CMBoundaryGroup                             configurationmanager
Cmdlet          Set-CMBoundary                                     configurationmanager
Cmdlet          Set-CMBoundaryGroup                                configurationmanager

One of the best thing I keep telling is the Verb-Noun naming convention for the cmdlets and the help subsystem making them so easy to discover.

 Note- Please update your help using either Update-Help (internet access needed) or Save-Help to get most out of it or use the -online switch with get-help to view the latest help in your default browser.

Create New Boundaries in Bulk


Take a wild guess on the cmdlet which will do this :D

New-CMBoundary can be used to create all 4 type of boundaries in ConfigMgr
 
One can create a new IPSubnet boundary by using below example..Make a note of how you specify the value of IPAddress & Mask which is used to calculate the NetworkAddress (SubnetID):
001
New-CMBoundary -Name Boundaryname -Type IPSubnet -Value '10.1.1.0/16' -Verbose
Look at the help for the cmdlet to get more examples.

 A fairly simple usage for this cmdlet can be that you have a CSV file having the information on the boundaries that are to be created and you can use the Import-CSV to get the Objects and pipe it to New-CMBoundary cmdlet.
The above demo is a very crude example but should give you an idea on what PowerShell can do for you :)

Use Case : Get IPRange Boundaries an IPAddress belongs too


 Another Cool thing which can be done using PowerShell is to look for which boundary (only IP Range boundaries) an IP Address falls in. This is very helpful in troubleshooting. Have used a Function named Get-IPAddressBoundary below which is based on Nickolaj's Post (have just modified it to return Objects back as per my requirement)

 You can find my modified Function at Technet Gallery here

Below is how one uses it (you have to dot source the function first):

PS> Get-IPAddressBoundary -SiteServer dexsccm -IPAddress 10.1.1.110


IPAddress     : 10.1.1.110
BoundaryFlags : 0
BoundaryID    : 16778243
BoundaryType  : 3
DisplayName   : testBoundary2
CreatedBy     : DEXTER\Administrator
ModifiedBy    : DEXTER\Administrator
Date Created  : 6/24/2014 7:14:05 PM
Date Modified : 6/24/2014 7:14:05 PM

If you have an IP Address which falls under more than one IPRange Boundary, then it returns multiple objects. I created deliberately one more Boundary to show this example( later removed it).

 
PS> Get-IPAddressBoundary -SiteServer dexsccm -IPAddress 10.1.1.99


IPAddress     : 10.1.1.99
BoundaryFlags : 0
BoundaryID    : 16778242
BoundaryType  : 3
DisplayName   : testBoundary1
CreatedBy     : DEXTER\Administrator
ModifiedBy    : DEXTER\SMSadmin
Date Created  : 6/24/2014 7:14:05 PM
Date Modified : 6/25/2014 3:48:15 AM

IPAddress     : 10.1.1.99
BoundaryFlags : 0
BoundaryID    : 16778245
BoundaryType  : 3
DisplayName   : Overlapping Boundary
CreatedBy     : DEXTER\SMSadmin
ModifiedBy    : DEXTER\SMSadmin
Date Created  : 6/26/2014 5:18:25 PM
Date Modified : 6/26/2014 5:18:25 PM


Another User Case : Process IPSubnet Boundaries to get more information

One more use case (Thanks to @Nickolaj for suggesting this to me) is to get the NetworkAddress (Subnet ID) , BroadCastAddress & IPRange for a IPSubnet boundary. 

 But there is a catch to this..you should have created your IPSubnet boundary using PowerShell for this to work...e.g "TestBoundary3" created in the animated GIF   video above

You must be wondering, Why this works only with boundaries created through PowerShell ? 
If you create an IPSubnet boundary using the Console it doesn't store the mask information anywhere..it does take the IP Address & Subnet mask as input but as soon as you. Click "Apply" a network address(SubnetID) is calculated and rest is removed the next time you open the properties.

See the video below showing that , earlier had animated GIF but my friend and a long time ConfigMgr community member @Harjit suggested to go with short video clips :)


Let's compare the Boundaries of BoundaryType = 0 (IPSubnet type) created from a CSV and the one created with the ConfigMgr Console. Take a note of the "Value" property.

 
PS> Get-CMBoundary | where BoundaryType -eq 0 | Format-Table -Property DisplayName,BoundaryType,Value -AutoSize

DisplayName   BoundaryType Value
-----------   ------------ -----
TestBoundary3            0 10.1.1.0/16
TESTIPSUBNET             0 10.2.0.0


Note - The Function (used later) uses the property "Value" to do its magic as the Function requires to be passed a Subnet Mask to calculate extra bits of information.

 Bottom line , we need to have SubnetMask store in the Value property of the Boundary Object. See the result when we pipe the above 2 boundaries to the Function

 Find the function --> Convert-IPSubnetToIPRangeBoundary 
Change the Name if you don't like it.

 Here is how you use it:

 
PS DEX:\> Get-CMBoundary | Convert-IPSUbnetToIPRangeBoundary 


NetworkAddress   : 10.1.0.0
BroadCastAddress : 10.1.255.255
HostMin          : 10.1.0.1
HostMax          : 10.1.255.254
IPRange          : 10.1.0.1  - 10.1.255.254
BoundaryFlags    : 0
BoundaryID       : 16778244
BoundaryType     : 0
CreatedBy        : DEXTER\Administrator
CreatedOn        : 6/24/2014 7:14:06 PM
DefaultSiteCode  : 
DisplayName      : TestBoundary3
GroupCount       : 0
ModifiedBy       : DEXTER\Administrator
ModifiedOn       : 7/5/2014 5:08:41 PM
SiteSystems      : 
Value            : 10.1.1.0/16

NetworkAddress   : 0.0.0.0
BroadCastAddress : 255.255.255.255
HostMin          : 0.0.0.1
HostMax          : 255.255.255.254
IPRange          : 0.0.0.1  - 255.255.255.254
BoundaryFlags    : 0
BoundaryID       : 16779246
BoundaryType     : 0
CreatedBy        : DEXTER\SMSadmin
CreatedOn        : 7/6/2014 4:48:45 AM
DefaultSiteCode  : 
DisplayName      : TESTIPSUBNET
GroupCount       : 0
ModifiedBy       : DEXTER\SMSadmin
ModifiedOn       : 7/6/2014 4:48:45 AM
SiteSystems      : 
Value            : 10.2.0.0
For the Boundary name "TESTIPSUBNET" the first 5 note properties added are not valid (NetworkAddress -to- IPRange).

 So what I am gonna do is update it with the mask value using the cmdlet Set-CMBoundary now:
001
Set-CMBoundary -Name TESTIPSUBNET -Value "10.2.2.0/16" -Verbose

Now the Mask value i.e. 16 is added to the Value property of the Boundary Object. Now let's run the function again.

 
PS DEX:\> Get-CMBoundary | Convert-IPSUbnetToIPRangeBoundary 


NetworkAddress   : 10.1.0.0
BroadCastAddress : 10.1.255.255
HostMin          : 10.1.0.1
HostMax          : 10.1.255.254
IPRange          : 10.1.0.1  - 10.1.255.254
BoundaryFlags    : 0
BoundaryID       : 16778244
BoundaryType     : 0
CreatedBy        : DEXTER\Administrator
CreatedOn        : 6/24/2014 7:14:06 PM
DefaultSiteCode  : 
DisplayName      : TestBoundary3
GroupCount       : 0
ModifiedBy       : DEXTER\Administrator
ModifiedOn       : 7/5/2014 5:08:41 PM
SiteSystems      : 
Value            : 10.1.1.0/16

NetworkAddress   : 10.2.0.0
BroadCastAddress : 10.2.255.255
HostMin          : 10.2.0.1
HostMax          : 10.2.255.254
IPRange          : 10.2.0.1  - 10.2.255.254
BoundaryFlags    : 0
BoundaryID       : 16779246
BoundaryType     : 0
CreatedBy        : DEXTER\SMSadmin
CreatedOn        : 7/6/2014 4:48:45 AM
DefaultSiteCode  : 
DisplayName      : TESTIPSUBNET
GroupCount       : 0
ModifiedBy       : DEXTER\Administrator
ModifiedOn       : 7/7/2014 7:45:21 PM
SiteSystems      : 
Value            : 10.2.2.0/16

I think showed you the difference and how to use the function. Let me know if this is helpful to you and if any suggestions on how I can improve it :)

 One can use the Get-IPAddressBoundary and tweak it a bit to accept the pipeline input of the above Convert-IPSubnetToIPRangeBoundary...It's pretty straighforward, but wanna leave that to your imagination :P

 Rest of the Boundary & Boundary Groups management stuff is easy to figure out using the Get-Help and Get-Command. Explore and Enjoy !
Resources
Check if an IP Address is within an IP Range boundary in ConfigMgr 12  - Nickolaj Andersen
http://www.scconfigmgr.com/2014/04/15/check-if-an-ip-address-is-within-an-ip-range-boundary-in-configmgr-2012/

Technet : Modified Get-IPAddressBoundary Function
http://gallery.technet.microsoft.com/Get-Boundaries-an-5fa3a1c4

Technet : Convert-IPSUbnetToIPRangeBoundary Function
http://gallery.technet.microsoft.com/Convert-IPSubnet-SCCM-a03d1cac


Labels:

Popular posts from this blog

Test connectivity via a specific network interface

Recently while working on a Private cloud implementation, I came across a scenario where I needed to test connectivity of a node to the AD/DNS via multiple network adapters.  Many of us would know that having multiple network routes is usually done to take care of redundancy. So that if a network adapter goes down, one can use the other network interface to reach out to the node. In order to make it easy for everyone to follow along, below is an analogy for the above scenario: My laptop has multiple network adapters (say Wi-Fi and Ethernet) connected to the same network. Now how do I test connectivity to a Server on the network only over say Wi-Fi network adapter?
Get-FullPost »

PowerShell + SCCM : Run CM cmdlets remotely

Today I saw a tweet about using implicit remoting to load the Configuration Manager on my machine by Justin Mathews . It caught my eye as I have never really tried it, but theoretically it can be done. Note - The second tweet says "Cannot find a provider with the name CMSite", resolution to which is in the Troubleshooting section at the end.
Get-FullPost »

PowerShell : Trust network share to load modules & ps1

Problem Do you have a central network share, where you store all the scripts or PowerShell modules ? What happens if you try to run the script from a network share ? or if you have scripts (local) which invoke scripts or import PowerShell modules stored on this network share ? Well you would see a security warning like below (Note - I have set execution policy as 'Unrestricted' not 'bypass' here): Run a .ps1 from the network share Well this is a similar warning, which you get when you download scripts from Internet. As the message says run Unblock-File cmdlet to unblock the script and then run it, let's try it.
Get-FullPost »