Windows DHCP Server - get notification when a non-AD joined device gets an IP address

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by TheCleaner on Server Fault See other posts from Server Fault or by TheCleaner
Published on 2013-11-04T19:50:53Z Indexed on 2013/11/04 21:57 UTC
Read the original article Hit count: 286

Filed under:
|
|
|
|

SCENARIO

To simplify this down to it's easiest example:

I have a Windows 2008 R2 standard DC with the DHCP server role. It hands out IPs via various IPv4 scopes, no problem there.

WHAT I'D LIKE

I would like a way to create a notification/eventlog entry/similar whenever a device gets a DHCP address lease and that device IS NOT a domain joined computer in Active Directory. It doesn't matter to me whether it is custom Powershell, etc.

Bottom line = I'd like a way to know when non-domain devices are on the network without using 802.1X at the moment. I know this won't account for static IP devices. I do have monitoring software that will scan the network and find devices, but it isn't quite this granular in detail.

RESEARCH DONE/OPTIONS CONSIDERED

I don't see any such possibilities with the built in logging.

Yes, I'm aware of 802.1X and have the ability to implement it long-term at this location but we are some time away from a project like that, and while that would solve network authentication issues, this is still helpful to me outside of 802.1X goals.

I've looked around for some script bits, etc. that might prove useful but the things I'm finding lead me to believe that my google-fu is failing me at the moment.

I believe the below logic is sound (assuming there isn't some existing solution):

  1. Device receives DHCP address
  2. Event log entry is recorded (event ID 10 in the DHCP audit log should work (since a new lease is what I'd be most interested in, not renewals): http://technet.microsoft.com/en-us/library/dd759178.aspx)
  3. At this point a script of some kind would probably have to take over for the remaining "STEPS" below.
  4. Somehow query this DHCP log for these event ID 10's (I would love push, but I'm guessing pull is the only recourse here)
  5. Parse the query for the name of the device being assigned the new lease
  6. Query AD for the device's name
  7. IF not found in AD, send a notification email

If anyone has any ideas on how to properly do this, I'd really appreciate it. I'm not looking for a "gimme the codez" but would love to know if there are alternatives to the above list or if I'm not thinking clear and another method exists for gathering this information. If you have code snippets/PS commands you'd like to share to help accomplish this, all the better.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about active-directory

Related posts about windows-server-2008-r2

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle