Re: Scripting IP Changes on remote devices
Ok good. - Sean On Wed, May 19, 2010 at 4:05 PM, Michael B. Smith mich...@smithcons.comwrote: Yes, it did. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Sean Martin [mailto:seanmarti...@gmail.com] *Sent:* Wednesday, May 19, 2010 7:58 PM *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices So did the script I posted make it to the list? I'm starting to wonder if some filter may have blocked the e-mail since I just pasted the code in the body... - Sean On Wed, May 19, 2010 at 10:35 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: hic! thso fwaht?! -- ME2 On Tue, May 18, 2010 at 5:03 PM, Jonathan Link jonathan.l...@gmail.com wrote: Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.com wrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
Sean, I would appreciate a copy of that, please. TIA! Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Tuesday, May 18, 2010 6:30 PM To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
hic! thso fwaht?! -- ME2 On Tue, May 18, 2010 at 5:03 PM, Jonathan Link jonathan.l...@gmail.comwrote: Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.comwrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.comwrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
As promised. IP addresses have been changed to protect the innocent. The script relies on a text file with server names. I'm sure there will be questions as to why it was written the way it was so I'll do my best to answer those as they come up. Option Explicit 'On Error Resume Next 'Variable Declarations Dim arrNewDNSServers,objWMIService,colNetCards,objNetCard,arrCurrentDNS,strWINSOne,strWINSTwo,strMACAdd Dim objFSO,objFileList,strLine,i,strWINSPrime,strWINSSec,strDNSPrime,strDNSSec strWINSPrime=10.10.10.10 strWINSSec=10.10.10.11 strDNSPrime=10.10.10.12 strDNSSec=10.10.10.13 Set objFSO=CreateObject(Scripting.FileSystemObject) 'Create the FileSystemObject for accessing the filesystem on the local pc Set objFileList=objFSO.OpenTextFile(c:\Scripts\NICSettings\ServerList.txt,1) 'Open the list file ErrorTrap NULL,NULL,err.Number,err.Description,Opening List File arrNewDNSServers = Array(strDNSPrime,strDNSSec) 'Array containing new DNS information 'Loop through the list file. Do Until objFileList.AtEndOfStream strLine = objFileList.ReadLine 'Read a line from the list file ErrorTrap strLine,NULL,err.Number,err.Description,Reading List File Set objWMIService = GetObject(winmgmts:\\strLine\root\CIMV2)'Connect to the remote WMI ErrorTrap strLine,NULL,err.Number,err.Description,Setting objWMIService Set colNetCards=objWMIService.ExecQuery(Select * From Win32_NetworkAdapterConfiguration)'Query the remote network adapters ErrorTrap strLine,NULL,err.Number,err.Description,Loading Network Cards For Each objNetCard in colNetCards 'Loop through each network adapter strMACAdd=objNetCard.MACAddress 'Load the remote MAC to a variable ErrorTrap strLine,NULL,err.Number,err.Description,Loading MAC Address into variable arrCurrentDNS=objNetCard.DNSServerSearchOrder 'Load current DNS into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading DNS settings into an array strWINSOne=objNetCard.WINSPrimaryServer 'Load primary WINS server into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading primary WINS server into variable strWINSTwo=objNetCard.WINSSecondaryServer 'Load secondary WINS server into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading secondary WINS server into variable If objNetCard.DHCPEnabled=False Then 'Check if DHCP is enabled. If not, proceed. If Not IsNull(arrCurrentDNS) Then 'Check if there are currently any DNS settings For i = 0 to UBound(arrCurrentDNS) 'Cycle through DNS servers If (arrCurrentDNS(i)=20.20.20.20) Then 'Look for old DNS info, if found, proceed. objNetCard.SetDNSServerSearchOrder(arrNewDNSServers)'Set new DNS info ErrorTrap strLine,strMACAdd,err.Number,err.Description,Setting New DNS Settings 'Exit For End If Next End If If strWINSONE=20.20.20.20 or strWINSOne = 20.20.20.21 Then 'Check for old WINS info. If found, proceed. objNetCard.SetWINSServer strWINSPrime,strWINSSec ' Set new WINS info ErrorTrap strLine,strMACAdd,err.Number,err.Description,Setting new WINS settings End If End If 'MsgBox(strMACAdd,strWINSOne,strWINSTwo,strDNSSettings) Next Loop MsgBox(done) ' This is the error trapping subroutine. It is called after any code is executed with the exception of setting variables Sub ErrorTrap(strWSName,strMACInfo,errNum,errDesc,strComments) Dim objLogFile If Not objFSO.FileExists(C:\scripts\NICSettings\LogFile.txt) Then 'Check for the existence of a log file objFSO.CreateTextFile(C:\scripts\NICSettings\LogFile.txt) 'Create one if there is none End If Set objLogFile = objFSO.OpenTextFile(C:\scripts\NICSettings\LogFile.txt,8) 'Open the logfile for appending objLogFile.WriteLine(Date Time: strWSName:strMACInfo - strComments, Error Number:errNum, Error Description: errDesc) 'Write error info err.Clear 'Clear the error number and allow script to continue objLogFile.Close 'Close the logfile End Sub On Wed, May 19, 2010 at 10:35 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: hic! thso fwaht?! -- ME2 On Tue, May 18, 2010 at 5:03 PM, Jonathan Link jonathan.l...@gmail.comwrote: Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.comwrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services
Re: Scripting IP Changes on remote devices
By the way, I can't take any credit for this one. My co-worker put it together. - Sean On Wed, May 19, 2010 at 12:11 PM, Sean Martin seanmarti...@gmail.comwrote: As promised. IP addresses have been changed to protect the innocent. The script relies on a text file with server names. I'm sure there will be questions as to why it was written the way it was so I'll do my best to answer those as they come up. Option Explicit 'On Error Resume Next 'Variable Declarations Dim arrNewDNSServers,objWMIService,colNetCards,objNetCard,arrCurrentDNS,strWINSOne,strWINSTwo,strMACAdd Dim objFSO,objFileList,strLine,i,strWINSPrime,strWINSSec,strDNSPrime,strDNSSec strWINSPrime=10.10.10.10 strWINSSec=10.10.10.11 strDNSPrime=10.10.10.12 strDNSSec=10.10.10.13 Set objFSO=CreateObject(Scripting.FileSystemObject) 'Create the FileSystemObject for accessing the filesystem on the local pc Set objFileList=objFSO.OpenTextFile(c:\Scripts\NICSettings\ServerList.txt,1) 'Open the list file ErrorTrap NULL,NULL,err.Number,err.Description,Opening List File arrNewDNSServers = Array(strDNSPrime,strDNSSec) 'Array containing new DNS information 'Loop through the list file. Do Until objFileList.AtEndOfStream strLine = objFileList.ReadLine 'Read a line from the list file ErrorTrap strLine,NULL,err.Number,err.Description,Reading List File Set objWMIService = GetObject(winmgmts:\\strLine\root\CIMV2)'Connect to the remote WMI ErrorTrap strLine,NULL,err.Number,err.Description,Setting objWMIService Set colNetCards=objWMIService.ExecQuery(Select * From Win32_NetworkAdapterConfiguration)'Query the remote network adapters ErrorTrap strLine,NULL,err.Number,err.Description,Loading Network Cards For Each objNetCard in colNetCards 'Loop through each network adapter strMACAdd=objNetCard.MACAddress 'Load the remote MAC to a variable ErrorTrap strLine,NULL,err.Number,err.Description,Loading MAC Address into variable arrCurrentDNS=objNetCard.DNSServerSearchOrder 'Load current DNS into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading DNS settings into an array strWINSOne=objNetCard.WINSPrimaryServer 'Load primary WINS server into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading primary WINS server into variable strWINSTwo=objNetCard.WINSSecondaryServer 'Load secondary WINS server into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading secondary WINS server into variable If objNetCard.DHCPEnabled=False Then 'Check if DHCP is enabled. If not, proceed. If Not IsNull(arrCurrentDNS) Then 'Check if there are currently any DNS settings For i = 0 to UBound(arrCurrentDNS) 'Cycle through DNS servers If (arrCurrentDNS(i)=20.20.20.20) Then 'Look for old DNS info, if found, proceed. objNetCard.SetDNSServerSearchOrder(arrNewDNSServers)'Set new DNS info ErrorTrap strLine,strMACAdd,err.Number,err.Description,Setting New DNS Settings 'Exit For End If Next End If If strWINSONE=20.20.20.20 or strWINSOne = 20.20.20.21 Then 'Check for old WINS info. If found, proceed. objNetCard.SetWINSServer strWINSPrime,strWINSSec ' Set new WINS info ErrorTrap strLine,strMACAdd,err.Number,err.Description,Setting new WINS settings End If End If 'MsgBox(strMACAdd,strWINSOne,strWINSTwo,strDNSSettings) Next Loop MsgBox(done) ' This is the error trapping subroutine. It is called after any code is executed with the exception of setting variables Sub ErrorTrap(strWSName,strMACInfo,errNum,errDesc,strComments) Dim objLogFile If Not objFSO.FileExists(C:\scripts\NICSettings\LogFile.txt) Then 'Check for the existence of a log file objFSO.CreateTextFile(C:\scripts\NICSettings\LogFile.txt) 'Create one if there is none End If Set objLogFile = objFSO.OpenTextFile(C:\scripts\NICSettings\LogFile.txt,8) 'Open the logfile for appending objLogFile.WriteLine(Date Time: strWSName:strMACInfo - strComments, Error Number:errNum, Error Description: errDesc) 'Write error info err.Clear 'Clear the error number and allow script to continue objLogFile.Close 'Close the logfile End Sub On Wed, May 19, 2010 at 10:35 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: hic! thso fwaht?! -- ME2 On Tue, May 18, 2010 at 5:03 PM, Jonathan Link jonathan.l...@gmail.comwrote: Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.comwrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be
Re: Scripting IP Changes on remote devices
Nice little script... On Wed, May 19, 2010 at 13:11, Sean Martin seanmarti...@gmail.com wrote: As promised. IP addresses have been changed to protect the innocent. The script relies on a text file with server names. I'm sure there will be questions as to why it was written the way it was so I'll do my best to answer those as they come up. Option Explicit 'On Error Resume Next 'Variable Declarations Dim arrNewDNSServers,objWMIService,colNetCards,objNetCard,arrCurrentDNS,strWINSOne,strWINSTwo,strMACAdd Dim objFSO,objFileList,strLine,i,strWINSPrime,strWINSSec,strDNSPrime,strDNSSec strWINSPrime=10.10.10.10 strWINSSec=10.10.10.11 strDNSPrime=10.10.10.12 strDNSSec=10.10.10.13 Set objFSO=CreateObject(Scripting.FileSystemObject) 'Create the FileSystemObject for accessing the filesystem on the local pc Set objFileList=objFSO.OpenTextFile(c:\Scripts\NICSettings\ServerList.txt,1) 'Open the list file ErrorTrap NULL,NULL,err.Number,err.Description,Opening List File arrNewDNSServers = Array(strDNSPrime,strDNSSec) 'Array containing new DNS information 'Loop through the list file. Do Until objFileList.AtEndOfStream strLine = objFileList.ReadLine 'Read a line from the list file ErrorTrap strLine,NULL,err.Number,err.Description,Reading List File Set objWMIService = GetObject(winmgmts:\\strLine\root\CIMV2)'Connect to the remote WMI ErrorTrap strLine,NULL,err.Number,err.Description,Setting objWMIService Set colNetCards=objWMIService.ExecQuery(Select * From Win32_NetworkAdapterConfiguration)'Query the remote network adapters ErrorTrap strLine,NULL,err.Number,err.Description,Loading Network Cards For Each objNetCard in colNetCards 'Loop through each network adapter strMACAdd=objNetCard.MACAddress 'Load the remote MAC to a variable ErrorTrap strLine,NULL,err.Number,err.Description,Loading MAC Address into variable arrCurrentDNS=objNetCard.DNSServerSearchOrder 'Load current DNS into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading DNS settings into an array strWINSOne=objNetCard.WINSPrimaryServer 'Load primary WINS server into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading primary WINS server into variable strWINSTwo=objNetCard.WINSSecondaryServer 'Load secondary WINS server into a variable ErrorTrap strLine,strMACAdd,err.Number,err.Description,Loading secondary WINS server into variable If objNetCard.DHCPEnabled=False Then 'Check if DHCP is enabled. If not, proceed. If Not IsNull(arrCurrentDNS) Then 'Check if there are currently any DNS settings For i = 0 to UBound(arrCurrentDNS) 'Cycle through DNS servers If (arrCurrentDNS(i)=20.20.20.20) Then 'Look for old DNS info, if found, proceed. objNetCard.SetDNSServerSearchOrder(arrNewDNSServers)'Set new DNS info ErrorTrap strLine,strMACAdd,err.Number,err.Description,Setting New DNS Settings 'Exit For End If Next End If If strWINSONE=20.20.20.20 or strWINSOne = 20.20.20.21 Then 'Check for old WINS info. If found, proceed. objNetCard.SetWINSServer strWINSPrime,strWINSSec ' Set new WINS info ErrorTrap strLine,strMACAdd,err.Number,err.Description,Setting new WINS settings End If End If 'MsgBox(strMACAdd,strWINSOne,strWINSTwo,strDNSSettings) Next Loop MsgBox(done) ' This is the error trapping subroutine. It is called after any code is executed with the exception of setting variables Sub ErrorTrap(strWSName,strMACInfo,errNum,errDesc,strComments) Dim objLogFile If Not objFSO.FileExists(C:\scripts\NICSettings\LogFile.txt) Then 'Check for the existence of a log file objFSO.CreateTextFile(C:\scripts\NICSettings\LogFile.txt) 'Create one if there is none End If Set objLogFile = objFSO.OpenTextFile(C:\scripts\NICSettings\LogFile.txt,8) 'Open the logfile for appending objLogFile.WriteLine(Date Time: strWSName:strMACInfo - strComments, Error Number:errNum, Error Description: errDesc) 'Write error info err.Clear 'Clear the error number and allow script to continue objLogFile.Close 'Close the logfile End Sub On Wed, May 19, 2010 at 10:35 AM, Micheal Espinola Jr michealespin...@gmail.com wrote: hic! thso fwaht?! -- ME2 On Tue, May 18, 2010 at 5:03 PM, Jonathan Link jonathan.l...@gmail.com wrote: Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.com wrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure
RE: Scripting IP Changes on remote devices
Yes, it did. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Wednesday, May 19, 2010 7:58 PM To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So did the script I posted make it to the list? I'm starting to wonder if some filter may have blocked the e-mail since I just pasted the code in the body... - Sean On Wed, May 19, 2010 at 10:35 AM, Micheal Espinola Jr michealespin...@gmail.commailto:michealespin...@gmail.com wrote: hic! thso fwaht?! -- ME2 On Tue, May 18, 2010 at 5:03 PM, Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote: Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.commailto:michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.commailto:mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Thanks for the input Ben/Jon. I'll take a look at the Microsoft Script Center and then maybe I'll have a better idea what Ben was talking about. Jonathan, I'd say that's definitely food for thought. I'd have to discuss with my peers if there's any specific reason all servers are configured statically or if it's just carry over from old school thinking. - Sean On Fri, May 14, 2010 at 2:13 PM, Jonathan Link jonathan.l...@gmail.comwrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
+1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.comwrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
Other than a DoS from a rouge DHCP server, I'm not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 13:35 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Not often at all. There is definitely a case for either way - especially when you take into account the environment and staff into consideration. Certainly it may be the case that managing DHCP for servers might over-complicate your environment. But, I always lean toward centralized manageability. -- ME2 On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz malcolm.re...@live.comwrote: Other than a DoS from a rouge DHCP server, I’m not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 13:35 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
You could also statically assign an IP address to a server in DHCP. Best of both worlds? J John-AldrichTile-Tools From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 3:53 PM To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices Not often at all. There is definitely a case for either way - especially when you take into account the environment and staff into consideration. Certainly it may be the case that managing DHCP for servers might over-complicate your environment. But, I always lean toward centralized manageability. -- ME2 On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz malcolm.re...@live.com wrote: Other than a DoS from a rouge DHCP server, I'm not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 13:35 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~image001.jpgimage002.jpg
RE: Scripting IP Changes on remote devices
Centralized = good; I'm with you on that! -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 14:53 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices Not often at all. There is definitely a case for either way - especially when you take into account the environment and staff into consideration. Certainly it may be the case that managing DHCP for servers might over-complicate your environment. But, I always lean toward centralized manageability. -- ME2 On Tue, May 18, 2010 at 12:01 PM, Malcolm Reitz malcolm.re...@live.com wrote: Other than a DoS from a rouge DHCP server, I'm not sure I see too many issues with DHCP either. That said, how often do you actually change IP addresses for a server? -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 13:35 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern. It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
I don't like DHCP for servers, because in an emergency, there is the potential for the wrong thing to happen and servers not come up in a timely fashion. Given the infrequency of IP changes on servers, I'm fine with a manual configuration. Having a rogue DHCP device wreak havoc with workstations is never as problematic as with servers. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Which leads back to what your environment is like, how it is segmented, how it is controlled, etc, etc. I wouldnt suggest to DHCP-enable all servers. But seeing as most server services are accessed by name, and given that most modern servers can self-register in DNS, yadda yadda yadda. But, yes, with greater complexity comes greater chance of issues. No question. -- ME2 On Tue, May 18, 2010 at 1:47 PM, Andrew S. Baker asbz...@gmail.com wrote: I don't like DHCP for servers, because in an emergency, there is the potential for the wrong thing to happen and servers not come up in a timely fashion. Given the infrequency of IP changes on servers, I'm fine with a manual configuration. Having a rogue DHCP device wreak havoc with workstations is never as problematic as with servers. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.comwrote: This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.comwrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] *Sent:* Tuesday, May 18, 2010 11:52 *To:* NT System Admin Issues *Subject:* Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
For me it depends on the server if it's static at the server or DHCP assigned. In general the more things I have on DHCP the better, but it depends on the server role and how it's being accessed and by what. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 2:03 PM To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices Which leads back to what your environment is like, how it is segmented, how it is controlled, etc, etc. I wouldnt suggest to DHCP-enable all servers. But seeing as most server services are accessed by name, and given that most modern servers can self-register in DNS, yadda yadda yadda. But, yes, with greater complexity comes greater chance of issues. No question. -- ME2 On Tue, May 18, 2010 at 1:47 PM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: I don't like DHCP for servers, because in an emergency, there is the potential for the wrong thing to happen and servers not come up in a timely fashion. Given the infrequency of IP changes on servers, I'm fine with a manual configuration. Having a rogue DHCP device wreak havoc with workstations is never as problematic as with servers. -ASB: http://XeeSM.com/AndrewBaker On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: This brings up an interesting discussion topic, for which I haven't found much information. What are some of the pros/cons of using DHCP for servers (other than what has already been stated)? We currently maintain reserved addresses in DHCP for all of our clients/printers etc (and would definiltey do so for servers). Extending that same management methodology wouldn't be much of a learning curve for most of our folks. As I said before, I think the idea behind using static addresses is simply because that's how we've always done it. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks - Sean On Tue, May 18, 2010 at 9:54 AM, Malcolm Reitz malcolm.re...@live.commailto:malcolm.re...@live.com wrote: There are places that prefer not to enable DHCP on server subnets for security reasons. Also, managing DHCP reservations will be a non-trivial operational workload in a dynamic data center. -Malcolm From: Micheal Espinola Jr [mailto:michealespin...@gmail.commailto:michealespin...@gmail.com] Sent: Tuesday, May 18, 2010 11:52 To: NT System Admin Issues Subject: Re: Scripting IP Changes on remote devices +1 If you are going to do the work of manually configuring specific IP addresses, why not do it in a way that is centrally manageable? Although you did say servers... I would still go with DHCP possible. -- ME2 On Fri, May 14, 2010 at 3:13 PM, Jonathan Link jonathan.l...@gmail.commailto:jonathan.l...@gmail.com wrote: Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.commailto:desmondbr...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.commailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify
Re: Scripting IP Changes on remote devices
On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.com wrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Script lush! On Tue, May 18, 2010 at 7:21 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: Its always welcomed to share useful scripts! -- ME2 On Tue, May 18, 2010 at 3:29 PM, Sean Martin seanmarti...@gmail.comwrote: First, thanks for all of the feedback. Some interesting opinions out there. I've always been open to change so it's good to hear all of the positives/negatives regarding which route to take. It sounds like DHCP would be the way to go with the majority of our servers, excluding the infrastructure servers. With that said, it's probably a change that will occur through attrition rather than changing our current method all at once. The main reason for that is our network services department wants us to change the subnets our servers currently reside on to further segment stuff. We've got way too much work on our plates to investigate changing the addresses on all of our servers so that will already be a slow transition. In the meantime, a co-worker and I put together what we hope is a functional VB script that will make the necessary changes to the existing WINs and DNS settings. If anyone's interested in seeing it (and maybe reviewing it for validity), I'd be happy to pass it along. - Sean On Tue, May 18, 2010 at 1:41 PM, Ben Scott mailvor...@gmail.comwrote: On Tue, May 18, 2010 at 4:24 PM, Sean Martin seanmarti...@gmail.com wrote: What are some of the pros/cons of using DHCP for servers...? For an environment like you describe, with hundreds of servers, I would recommend DHCP for all but critical network infrastructure servers. I'd use manual configuration for anything serving DHCP, DNS, WINS, or Active Directory. Everything else, DHCP, with reservations. Just to be clear: DHCP does not have to mean a dynamic IP address. You can statically assign an IP address via a DHCP reservation. And there are tools to help you do things like automatically provision the reservations, based on name or MAC address or whatever. I've heard mention of not using DHCP to prevent DHCP broadcasts but with a properly designed lease interval, I can't imagine the DHCP traffic being that much of burden on today's networks As ME2 says, it really depends on the environment, but I would generally agree. You'll already be needing infrastructure to support DNS, prolly Active Directory, possibly WINS, Window Updates, etc., etc. If DHCP is going to push you over the edge you're already way too close to the edge. :) The one thing you *may* notice is a surge in broadcast traffic after rebooting or starting a large group of servers -- say, after a software update, or a long power outage. In general, though, you're already going to be seeing that due to ARP and maybe NetBIOS registration. So again, if this is a problem you're likely already experiencing it. The usual solution is to stagger reboot/startup. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Have you looked on the Microsoft Scripting Guys site yet? I seem to remember seeing some mention of one there at one point in time. Jon On Fri, May 14, 2010 at 3:42 PM, Sean Martin seanmarti...@gmail.com wrote: Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Scripting IP Changes on remote devices
This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I'd suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Scripting IP Changes on remote devices
Any reason to have static? Consider DHCP with reservations so this kind of transition could be managed centrally in the future? As long as your rolling out the script you could have it switch from static to dynic and be done. Of course all this is predicated on not having a major reasons to be static. On Friday, May 14, 2010, Brian Desmond br...@briandesmond.com wrote: This is fairly easy to do with WMI. You just want to iterate through the IPEnabled adapters collection and there are methods to stamp WINS and DNS servers. I’d suggest inspecting the current settings and using that data to decide whether you stamp or not. WINS is a simple primary/secondary stamp, DNS is a collection you need to clear and populate. Thanks,Brian desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Friday, May 14, 2010 2:43 PM To: NT System Admin Issues Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, I'm looking for a little assistance with automating IP changes on several hundred servers. The vast majority will be Windows 2003 but there may be some Windows 2000 boxes mixed in there. I'm going to need to change the DNS and WINS IP addresses on our servers with static assignments. I'm thinking VB would be the best language to use, unfortunately I'm not real strong with VB so I was hoping someone might have some already written code I could manipulate (certainly not asking anyone to write anything for me!). The main problem is that I can't rely on any continuity amongst the servers. Meaning, the interface names may not be the same (LAN Connection X), and some servers may have multiple NICs for which I only need to modify one. I was hoping it would be possible to query the current configuration of the NICs and identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd like to do this for the primary and secondary DNS and WINs references. Any pointers at all would be much appreciated. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~