Alert on Unknown Subnets with SCOM

I have an issue I am sure many have were network team adds a subnet but forgets to tell the AD or SCCM team so I would like to alert when AD detects an unknown subnet. Does anyone know of a way to do this?

2 Likes

That sounds a bit tricky. Do you have reverse lookupzones in your AD? In that case you could create a list of all networks there and compare them to the list under sites.

Get subnets:

http://powershellblogger.com/2015/10/export-subnets-from-active-directory-sites-and-services/

And then you have to modifiy this a bit to get out the reverse zones from the AD.

https://social.technet.microsoft.com/Forums/azure/en-US/775a24a8-68c7-4762-94c5-57bbc4c7919e/dns-reverse-lookup-zones?forum=winserverpowershell

Could you alert on NETLOGON 5807 events in the system log on DC’s?

http://www.anexinet.com/blog/missing-subnets-in-ad-sites-and-services-and-the-netlogon-5807-error/

2 Likes
Missing Subnets in AD Sites and Services and the Netlogon 5807 Error