Parse Domain Controller Netlogon.log to Generate a List of Unique Unknown Subnets

Posted: July 30, 2013 in Active Directory, Networking, Scripts, Windows

Nearly every environment I work in has the annoying warnings on their domain controllers stating that the Netlogon.log is filling up and almost always with the NO_CLIENT_SITE warnings. It’s a simple fix, just add in all the relevant subnets into AD Sites and Services. One of those things that just should be done when new networks are brought online, but nearly always get’s left out. Well, below is a bit of PowerShell to parse the domain controller’s Netlogon.log and spit back a list of unique /24 subnets that are generating the warnings. Next step would be to identify which AD site they should belong to and add them in.

This can take quite a while to run, depending on the current of the netlogon.log. Anything over a few MB, it’s worth cutting the file down in size first, as the majority of it will just be duplicate entries anyway. Once you correc the first lot, rerun in a few days again, using the last few thousand lines of the log. Rinse and repeate until all the warnings are gone.

$NetLogon = "C:\Windows\Debug\Netlogon.log"
$OutputFile = "D:\Scripts\MissingSubnets.txt"
$LogFile = Get-Content $NetLogon | Select-String "NO_CLIENT_SITE:"

$Subnets = @()

ForEach ($Line in $LogFile){
[String]$strLine = $Line
$IP = $strLine.Split(" ")[5]
$Subnet = $ip.Split(".")[0] + "." + $ip.Split(".")[1] + "." + $ip.Split(".")[2] + ".0"
$Subnets += $Subnet

$Subnets | Sort-Object -Unique | Out-File $OutputFile


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s