Create AD sites through PowerShell

I recently needed to create an AD site for each MTC (an office), add the IP range assigned to that MTC (which was in a CSV file) and then associate the site with a site link for its region. This is so the Active Directory automatic site coverage feature will enable DCs to populate per-site DNS records for the MTCs ensuring authentication traffic uses the most optimal DC. The DCs are spread over four regional locations.

The CSV file simply had one or two second octet numbers for the /16 IP range associated with the MTC. The code therefore enumerates through each OU, checks to see if the MTC can be found in the CSV data for the IP ranges. Next if the site does not already exist it is created, added to its regional site link (based on the parent OU name and for NA if its East or West) and then the IP ranges for the MTC assigned.

$MTCIPConfigFile = "F:PowerShellbasicmtcips.csv"
$MTCIPInfo = Import-Csv -Path $MTCIPConfigFile 

$RootDomain = "DC=onemtc,DC=net"
$TopLevelRegions = "APAC","EMEA","NA"

foreach($TopLevelRegion in $TopLevelRegions)
{
    $MTCOUs = Get-ADOrganizationalUnit -filter * -searchbase "OU=$TopLevelRegion,$RootDomain" -SearchScope OneLevel -Properties Name, Description  
    foreach($MTCOU in $MTCOUs)
    {
        $MTCCode = $MTCOU.Name
        $MTCCodeShort = $MTCOU.Name.Substring(3)
        #Find the MTC in the IP list
        $MTCIPrange = $null
        $MTCLocation = $null
        foreach($MTCInfo in $MTCIPInfo)
        {
            if($MTCInfo.Code -eq $MTCCode)
            {
                if($MTCInfo.LocalOctet -eq $MTCInfo.SharedOctet)
                {
                    $MTCIPrange = $MTCInfo.LocalOctet
                }
                else
                {
                    $MTCIPrange = $MTCInfo.LocalOctet,$MTCInfo.SharedOctet
                }
                $MTCLocation = $MTCInfo.Location
            }
        }
        Write-Output "MTC $MTCCodeShort processing in region $TopLevelRegion"
        if($MTCIPrange -ne $null)
        {
            $MTCADSiteName = "$TopLevelRegion$MTCCodeShort"
            $MTCADSiteSearch = $null
            try
            {
                $MTCADSiteSearch = Get-ADReplicationSite -Filter {Name -eq $MTCADSiteName}
            }
            catch {}

            if($MTCADSiteSearch -eq $null)
            {
                Write-Output "Site not found, creating"
                New-ADReplicationSite $MTCADSiteName

                #Add to site link
                switch ($TopLevelRegion)
                {
                    'NA' {if($MTCLocation -eq "W") {$siteLinkName = "NAMTCs-AzureWestUS"} else {$siteLinkName = "NAMTCs-AzureEastUS"}}
                    'APAC' {$siteLinkName = "APACMTCs-AzureSoutheastAsia"}
                    'EMEA' {$siteLinkName = "EMEAMTCs-AzureWestEurope"}
                    Default {$siteLinkName = "NAMTCs-AzureEastUS"}
                }
                Write-Output "Adding to site link $siteLinkName"
                Set-ADReplicationSiteLink $siteLinkName -SitesIncluded @{Add="$MTCADSiteName"}

                foreach($IPrange in $MTCIPrange)
                {
                    $IPCIDR = "10.$IPrange.0.0/16"
                    Write-Output "Assigning $IPCIDR to new site $MTCADSiteName"
                    New-ADReplicationSubnet -Name $IPCIDR -Site $MTCADSiteName -Location $TopLevelRegion
                }
            }
            else
            {
                Write-Output "Site exists"
            }
        }
        else
        {
            Write-Output "No IP configuration found, skipping"
        }
        Write-Output ""
    }
}

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: