Script or utility to export/import AD subnets?

Hi all,

I'm after a script or utility that will allow me to export all the subnet
objects in an AD domain, and subsequently import them into another AD
domain.

So far I've had little success.

Has anyone come across such a thing? Several hundred subnets are involved so
I'd hate to have to type them all in! :)

--
Peter <X-Files fan>

Herb
Fri Apr 18 10:05:57 PDT 2008


"Trust No One®" <dana.scully@usa.xnet> wrote in message
news:66rupnF2kvdc3U1@mid.individual.net...
> Hi all,
>
> I'm after a script or utility that will allow me to export all the subnet
> objects in an AD domain, and subsequently import them into another AD
> domain.

You can off course do this with an ADSI (custom?) script but the question
implies a need to import a LARGE number of IP Subnets which should almost
never be required.

> So far I've had little success.
>
> Has anyone come across such a thing? Several hundred subnets are involved
> so I'd hate to have to type them all in! :)

You can SUMMARIZE adjacent subnets by decreasing the subnet mask (1-bit
summarizes 2, 2 bits summarize 4, 3-8, 4-16, in powers of two.)

I use the term "Step Size" when discussing and teaching either such
summaries
or subnet "sizes". So subnets come in step sizes of 4, 8, 16 etc -- and
subnets
can be summarized in step sizes of 2, 4, 8, 16 etc.

When ISPs combine subnets like this it is usually referred to as
"Supernetting"
-- i.e., creating one larger 'supernetwork' from multiple smaller
subnetworks.

The rule is actually that the LOWEST subnet summarized must be on a multiple
of the "Step Size", and the entire step size MUST be included, i.e., they
must
be adjacent, contiguous, begin at a multiple of the step size, and continue
to
JUST below the NEXT multiple (which would be the next network or supernet.)

Example:

Actual current (sub)networks in Chicago office:
192.168.200.0/24 --- 192.168.207.0/24

Effective summary of these subnets by reducing the mask:
192.168.200.0/21

21 bits is 3 LESS than 24 so it will summarize those 8 subnets, starting at
200, and going up to 207 which is just before the NEXT multiple of 8, 208.

One might wonder, "But what if my subnets are not contiguous? What are
the chances of that happening?"

Actually the chances should be excellent since good (sub)network design
attempts to do this sort of thing whenver possible in a location that uses
multiple subnets, and AGAIN at "district" and "regional" network locations.

The idea is to be able to write the FEWEST number of Routes (then it
is called "route summarization") either by a human or even by smart
router.

This leads to both human and computer/network efficiencies, since the
routing tables and route updates between routers are smaller.

Trust
Fri Apr 18 18:32:43 PDT 2008

Herb Martin wrote:
> "Trust No One®" <dana.scully@usa.xnet> wrote in message
> news:66rupnF2kvdc3U1@mid.individual.net...
>> Hi all,
>>
>> I'm after a script or utility that will allow me to export all the
>> subnet objects in an AD domain, and subsequently import them into
>> another AD domain.
>
> You can off course do this with an ADSI (custom?) script but the
> question implies a need to import a LARGE number of IP Subnets which
> should almost never be required.
>
Hi Herb, thanks your reply wrt to summarizing subnets

Unfortunately we do have a large number of sites, ranging from small
overseas sites to very large locations in our hub locations.

That in itself is no justification for having hundreds of subnets defined in
AD, and in some cases I have been able to get away with summarizing subnets
exactly as you described.

However we use Active Directory printer location tracking, and while it is a
brilliant feature (and the users love it), it does have the side-effect that
we have to define a whole lot more subnet objects in AD :(

--
Peter <X-Files fan>

Herb
Fri Apr 18 19:56:33 PDT 2008


"Trust No One®" <dana.scully@usa.xnet> wrote in message
news:66t0fuF2lm40cU1@mid.individual.net...
> Herb Martin wrote:
>> "Trust No One®" <dana.scully@usa.xnet> wrote in message
>> news:66rupnF2kvdc3U1@mid.individual.net...
>>> Hi all,
>>>
>>> I'm after a script or utility that will allow me to export all the
>>> subnet objects in an AD domain, and subsequently import them into
>>> another AD domain.
>>
>> You can off course do this with an ADSI (custom?) script but the
>> question implies a need to import a LARGE number of IP Subnets which
>> should almost never be required.
>>
> Hi Herb, thanks your reply wrt to summarizing subnets
>
> Unfortunately we do have a large number of sites, ranging from small
> overseas sites to very large locations in our hub locations.
>
> That in itself is no justification for having hundreds of subnets defined
> in AD, and in some cases I have been able to get away with summarizing
> subnets exactly as you described.
>
> However we use Active Directory printer location tracking, and while it is
> a brilliant feature (and the users love it), it does have the side-effect
> that we have to define a whole lot more subnet objects in AD :(

In that case, try to Scripting Resource Center or even the Script-o-Matic
at Microsoft to see if there is something built or close to what you
need....

Googling: [ site:microsoft.com "script-o-matic" adsi ]

Paul
Mon Apr 21 05:49:08 PDT 2008

See if the scripts here are of value to you

http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Trust No One®" <dana.scully@usa.xnet> wrote in message
news:66rupnF2kvdc3U1@mid.individual.net...
> Hi all,
>
> I'm after a script or utility that will allow me to export all the subnet
> objects in an AD domain, and subsequently import them into another AD
> domain.
>
> So far I've had little success.
>
> Has anyone come across such a thing? Several hundred subnets are involved
> so I'd hate to have to type them all in! :)
>
> --
> Peter <X-Files fan>
>

Jorge
Thu May 08 06:45:21 PDT 2008

ADFIND and ADMOD could do the job for you by using CSV files

EXPORT:
ADFIND -config -rb "CN=Subnets,CN=Sites" -f "(objectCategory=subnet)"
objectClass siteObject description -adcsv > SUBNETS.TXT

IMPORT
admod -csv -add -import < SUBNETS.TXT

of course you add your own list of attributes to export

have fun


Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
news:OEFIY46oIHA.5096@TK2MSFTNGP02.phx.gbl...
> See if the scripts here are of value to you
>
> http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "Trust No One®" <dana.scully@usa.xnet> wrote in message
> news:66rupnF2kvdc3U1@mid.individual.net...
>> Hi all,
>>
>> I'm after a script or utility that will allow me to export all the subnet
>> objects in an AD domain, and subsequently import them into another AD
>> domain.
>>
>> So far I've had little success.
>>
>> Has anyone come across such a thing? Several hundred subnets are involved
>> so I'd hate to have to type them all in! :)
>>
>> --
>> Peter <X-Files fan>
>>
>
>