There are many different ways of managing Active Directory sites and so this article will explore the various methods that can be used.
The “get-adreplicationsubnet” is a command in PowerShell that will display the replication status of Active Directory sites. It can be used to manage Active Directory sites with PowerShell.
The majority of your time as an Active Directory (AD) administrator will be spent managing users, computers, and organizational units (OUs). Sites in Active Directory will be managed less often. However, PowerShell is required when using the command line or automating AD site creation.
You’ll learn how to administer AD sites using PowerShell in this video, so you’ll never have to open a Windows MMC again!
Prerequisites
There will be many demonstrations in this session. Make sure you have the following items to follow along:
- Version 5.1 or higher of Windows PowerShell — This is a PowerShell 5.1 tutorial.
Upgrade to PowerShell 7: A Guide
- The instructions will work for any version of Windows Server, although the examples will utilize a Windows Server 2019 domain controller (DC).
- A domain-joined Windows 10 PC with an Enterprise Admins group AD user signed in.
- The AD-joined machine has Remote Server Administration Tools (RSAT) installed.
PowerShell Inspection of Sites in Active Directory, Links, and Subnets
Let’s start by obtaining a sense of where we’re going and seeing what AD sites your environment has to work with.
Do you have any passwords in your Active Directory that have been compromised? Use Specops Password Auditor Free to find out.
To get started, launch PowerShell on a domain-joined Windows PC with the ActiveDirectory PowerShell module installed.
Sites in Active Directory
1. Without any arguments, run the Get-AdReplicationSite cmdlet. The Active Directory site that the machine you’re performing the command from is returned by PowerShell. The PC executing Get-ADReplicationSite in the screenshot below is in the Washington site.
Run Get-Command “*ADReplication*” to get a list of all the PowerShell commands for working with AD sites.
With no options, Get-ADReplicationSite returns simply the current site.
2. To find all Sites in Active Directory for the entire domain, run Get-AdReplicationSite using the Filter parameter and an asterisk (*).
You may use the Filter option to filter sites in a variety of ways. Run Get-Help about ActiveDirectory Filter for further information on how to write queries for the Filter parameter.
Learning PowerShell Filters for Active Directory and LDAP
With the “-Filter *” argument, all sites are shown.
Site Links in Active Directory
The procedure for discovering AD site connections is almost similar to that for locating sites; just use the Get-ADReplicationSiteLink command instead. However, unlike Get-ADReplicationSite, Get-ADReplicationSiteLink needs the Filter argument to be specified.
The instructional environment features a single connection named Washington-MarylandLink that connects the Maryland and Washington sites, as seen below.
Get the information about the Inter-Site connection.
Subnets in Active Directory
Finally, you can find the subnets with the Get-ADReplicationSubnet command, the same as inspecting Sites in Active Directory and links.
Subnet information is obtained.
Creating Sites in Active Directory
Let’s get started building new AD sites using PowerShell now that you know how to inspect existing AD sites. An AD site is made up of three parts, all of which may be created using PowerShell:
- The site
- The site has one or more subnets.
- A connection for replication
If you still have PowerShell open, follow these steps to create a new AD site:
1. Using the New-ADReplicationSite command and the Name parameter, create a new AD site. The following command builds a site called Hawaii.
-Name “Hawaii” New-ADReplicationSite
2. Run Get-ADReplicationSite with the Filter option to discover all sites to confirm you’ve established the site.
To restrict the output, the sample below pipes Get-AdReplicationSite output to the Select-Object cmdlet, which only displays the Name property.
Select Name | Get-AdReplicationSite Filter *
The instructional environment has three locations accessible, as shown below: Washington, Maryland, and Hawaii.
In PowerShell, create a new Site.
3. Next, use the New-ADReplicationSubnet command to build a subnet and assign it to the site, passing in the Name/network in CIDR notation followed by the Site name. The command below will create a subnet for the Hawaii site’s 10.3.22.0/24 network.
-Name “10.3.22.0/24” -Site Hawaii New-ADReplicationSubnet
Run Get-ADReplicationSubnet after you’ve constructed the site to ensure you’ve configured the subnet correctly. It’s worth noting that the location is listed as Hawaii.
In AD Sites, create a new Subnet.
4. Finally, use the New-ADReplicationSiteLink command to build a new site connection, giving the link’s name and the sites to connect. The example below shows how to create a site connection named Washington-Hawaii that connects the Washington and Hawaii sites.
The name of the site link is fully customisable, however it’s typical to add the names of the sites that are included in the site link.
-Name “Washington-Hawaii” -SitesIncluded New-ADReplicationSiteLink Washington,Hawaii
Run Get-ADReplicationSiteLink once you’ve generated the link to ensure it’s working properly.
The replication connection between locations is being added.
Use the Set-ADReplicationSiteLink command with a PowerShell hashtable and an Add key like Set-ADReplicationSiteLink -Identity “Washington-MarylandLink” -SitesIncluded @Add=”Hawaii” to add sites to an existing Active Directory site link.
Inspecting Sites in Active Directory, Links, and Subnets with Sites in Active Directory and Services
Even though this course is about PowerShell, knowing how to examine and administer AD sites using the GUI is still necessary. You won’t be using PowerShell to administer AD sites all of the time.
Click on Start and type Sites in Active Directory. The Sites in Active Directory and Services open should appear in the Windows Administrative Tools program group.
Opening Sites in Active Directory and Services.
When you open Sites in Active Directory and Services, you will see a screen like the one shown below. The AD Sites and Services tool has a few interesting areas:
- The current DC to which the tool is attached. Knowing the DC is useful since replication across sites may take several hours when you make a change.
- Inter-Site Transports — The replication mechanisms used by the sites.
- Subnets – Each site has its own set of subnets.
- The website list – You’ll only see Default-First-Site-Name under a default domain, but the instructional environment has Maryland and Washington sites set up.
Sites in Active Directory and Services
Expanding the objects in AD Sites and Services reveals:
- Washington-MaryandLink is the name of the tutorial transit or site connection.
- Subnets – The Washington location has a subnet of 10.1.22.0/24 while the Maryland site has a subnet of 10.2.22.0/24.
- The domain controller for the Maryland location.
- The domain controller for the Washington location.
For the examples in the paper, the Sites and Services tool has been fully enlarged.
Removing Sites in Active Directory
So you’ve set up several websites, but now it’s time to take them down. No worries. This procedure is reversed when removing an Active Directory site.
Make sure that no client computers are utilizing the site’s subnets before you delete it. For information on how to find clients in sites, look at the netlogon.log file.
Using PowerShell, you may uninstall an AD site:
1. Using the Delete key in the hashtable supplied to the SitesIncluded argument, remove the site link using the Set-ADReplicationSiteLink command and validate the removal. The Maryland site is removed from the Washington-MarylandLink webpage using the example below.
@Remove=”MaryLand” Set-ADReplicationSiteLink -Identity “Washington-MarylandLink” -SitesIncluded -Filter * Get-ADReplicationSiteLink
Both site URLs now go to the same two websites (the SitesIncluded property).
To remove a site from a link, use Set-ADReplicationSiteLink.
2. Using the Delete-ADReplicationSiteLink command, completely remove the Washington-Maryland connection and verify that it is gone.
-Identity Remove-ADReplicationSiteLink The prompt for “Washington-MarylandLink” was y. Get-ADReplicationSiteLink
The Active Directory site link has been removed.
3. Using the Delete-ADReplicationSubnet command, remove the links that were part of the site and validate the removal.
Get-ADReplicationSubnet -Filter * Remove-ADReplicationSubnet -Identity “10.2.22.0/24”
The Active Directory Subnet connected with the Maryland site has been removed.
Finally, use the Delete-ADReplicationSite command to remove the site and make sure it’s gone.
Get-ADReplicationSite -Filter * -Identity “Maryland” Remove-ADReplicationSite -Identity “Maryland”
The Active Directory site is being removed.
Do you have any passwords in your Active Directory that have been compromised? Use Specops Password Auditor Free to find out.
Conclusion
In this tutorial, you’ve learned the basics of manage Sites in Active Directory with PowerShell. But, there’s still a lot you can do with AD sites and PowerShell.
Now that you have created your first Sites in Active Directory, why not extend this in your home lab? Create some sites on different subnets and see how the replication time impacts Active Directory changes such as password resets and group policy updates.
Active Directory Sites are a way to organize and manage your Active Directory. PowerShell can be used to list the sites and also manage them. Reference: powershell list ad sites.
Related Tags
- powershell get ad site from ip address
- get ad sites powershell
- get ad site command line
- powershell get sites
- powershell get ad site of remote computer
