Convert ConfigMgr 2012 R2 Active Directory Site Boundaries to IP Subnet Boundaries

My colleague and I (Nathan Olmstead) are in the process of migrating a ConfigMgr 2012 SP1 environment to a newly built ConfigMgr 2012 R2 environment. The SP1 environment is in pretty rough shape and more complex than it needed to be, so, it was decided to start over fresh. We just stood up our new site and we're in the process of bringing boundaries over to the new environment so we can start testing everything out. What we ran into was that the boundaries are set using AD sites in the legacy site. This isn't a bad thing by any means, but we need to exclude a small set of IP addresses which are included with the AD sites. And once we are ready to start migrating, we'll need to migrate by subnets rather than AD site boundaries, due to the complexity and size of the network here.

We had over 200 subnets in our AD site (HQ) and there's no way we were going to manually hand jam those into the CM environment and as I pointed out before, we can't bring over all the boundaries at once. We wrote a short PowerShell script to do the work for us. Below is the final outcome which did the trick for us.

You'll need to have at least PowerShell 3.0, the Active Directory PowerShell modules and the ConfigMgr 2012 R2 PowerShell modules on the system running the script.

The script below was ran on the legacy environment so we could get to the point where we could exclude the small IP range we needed to test with on the new site.

 

Import-Module ActiveDirectory

# Change the following to match your CM install directory
Import-Module 'F:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'
CD 'F:\Program Files\Microsoft Configuration Manager\AdminConsole\bin'
# Change this to your site code
CD HQC:

# This creates a new boundary group to add the newly created boundaries in. This is not required and can be commented out.
# If it is used, be sure you update the Boundary Group name, description and default site code.
New-CMBoundaryGroup -Name 'New Boundary Group' -Description 'Headquarters' -DefaultSiteCode 'HQC'

# '$site' will search all AD boundaries and only run against the one named 'HQ'.
# You can exclude the pipe and beyond to target all sites or update it if you only want to target a specific site.
$Site = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites | ? { $_.Name -eq 'HQ' }
$Subnets = $site.Subnets.Name

foreach ( $Subnet in $Subnets )
{
   #Looks for a period in the address to ID as IPv4 address
if ($subnet -like '*.*') {
$subnetaddress = $Subnet.Split('/')
New-CMBoundary -Name $Subnet -Type IPSubnet -Value $subnetaddress[0]
Add-CMBoundaryToGroup -BoundaryName $Subnet -BoundaryGroupName 'New Boundary Group'
}

   #Looks for a colon in the address to ID as IPv6 address
elseif ($subnet -like '*:*') {
$subnetaddress = $Subnet.Split('/')
New-CMBoundary -Name $Subnet -Type IPV6Prefix -Value $subnetaddress[0]
Add-CMBoundaryToGroup -BoundaryName $Subnet -BoundaryGroupName 'New Boundary Group'
}
}

 

This was ran against the following environments:

Windows Server 2012 R2 (New - ConfigMgr 2012 R2)
Windows Server 2008 R2 (Old - ConfigMgr 2012 SP1)

Be sure to test this in a lab environment and use at your own risk!

Comments

  • Anonymous
    January 21, 2015
    The comment has been removed
  • Anonymous
    January 21, 2015
    thanks