Author Posts

September 13, 2016 at 3:23 pm

I've inherited a large AD environment, and I'm trying to find AD sites that have no subnet attached to them. Should be easy, right? First, let's list all our sites:

(Output examples have irrelevant properties removed for space.)

PS H:\> Get-ADReplicationSite -Filter * -Properties subnets

DistinguishedName      : CN=Chicago,CN=Sites,CN=Configuration,DC=contoso,DC=com
Name                   : Chicago
ObjectClass            : site
ReplicationSchedule    : 
Subnets                : {}


DistinguishedName      : CN=Detroit,CN=Sites,CN=Configuration,DC=contoso,DC=com
Name                   : Detroit
ObjectClass            : site
ReplicationSchedule    : 
Subnets                : {CN=10.20.30.0/25,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=com, 
                          CN=10.40.50.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=com...}

Ok, Detroit has subnets assigned to it, while Chicago doesn't. Let's list only those without.

But here's where it gets weird. None of the following return a single result:

PS H:\> Get-ADReplicationSite -Filter * -Properties subnets | where-object {$_.subnets -eq $null}
PS H:\> Get-ADReplicationSite -Filter * -Properties subnets | where-object {$_.subnets -eq "{}"}
PS H:\> Get-ADReplicationSite -Filter * -Properties subnets | where-object {$_.subnets -like "*{}*"}
PS H:\> Get-ADReplicationSite -Filter * -Properties subnets | where-object {$_.subnets -notlike "*CN*"}
----------------
PS H:\> Get-ADReplicationSite -Filter * -Properties subnets | where-object {$_.subnets -like "*CN*"} < -- THIS RETURNS RESULTS FOR SITES WITH SUBNETS

I'm guessing the subnet list is built at the time the command is run, as "Get-ADReplicationSite | Get-Member" does not list a property called "subnets," and in ADSIEdit the property is called "siteobjectBL." If one substitutes "siteobjectBL" for "subnets" in the above examples, all results are the same: the Get command shows {} or {CN=10...} accurately, but the Where-Object doesn't match on $null OR the literal string displayed on STDOUT.

I'm vexed by this. =/ I've been up and down Goog... er, Bing and have found nothing, and on this forum I couldn't find a single hit for any ADReplicationSite cmdlet.

I appreciate any ideas.

J

September 13, 2016 at 4:37 pm

It's most likely an array containing subnet information, which is what the curly brackets indicate that it's a collection. If we create a mock object like so:

$adSites = @()

$adSites += [pscustomobject]@{
    Name="Site1";
    Subnets = @("CN=10.20.30.0/25,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=com", "CN=10.40.50.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=com")
}

$adSites += [pscustomobject]@{
    Name="Site2";
    Subnets = @()
}

it will look similar:

PS C:\Users\Rob> $adSites

Name  Subnets                                                                                                                                           
----  -------                                                                                                                                           
Site1 {CN=10.20.30.0/25,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=com, CN=10.40.50.0/24,CN=Subnets,CN=Sites,CN=Configuration,DC=contoso,DC=com}
Site2 {}       

You should be able to do something like this:

$adSites | Where{!($_.Subnets)}

#or

$adSites | Where{$_.Subnets.Count -eq 0}
  • This reply was modified 1 year, 11 months ago by  Rob Simmers.

September 13, 2016 at 4:41 pm

You have to expand it.

Get-ADReplicationSite -Filter * -Properties subnets | ? {($_ |select -ExpandProperty subnets).count -lt 1}

or equals 0, or notmatch CN

September 13, 2016 at 4:56 pm

This one works in my environment

Get-ADReplicationSite -Filter * -Property subnets | Where-Object -FilterScript { -not ($_.Subnets)}

September 14, 2016 at 3:18 pm

Dan,

The thing that's twisting my noodle is the "where-object {$_.subnets -like "*CN*"}" does match on the contents of the Subnets property without expanding.

Olaf, Rob,

Ah, FilterScript. I'd forgotten about that. The "not" method you both suggested is what I'm going with.

Thank you all for your help! =)

Jason