The other day I was asked the to run a report by security team on which AD users had dial-in configured for a static IP address and what IP address was assigned, if any.
I did a quick Get-Aduser on the supplied test account and here are the results:
GivenName : Chris
msRADIUSFramedIPAddress : 1869573999
Name : Chris
ObjectClass : user
Well that’s odd “1869573999″ does not look like an IP address to me. A quick MSDN for more information. Not much there UGH. I was able to find several scripts to converts IPv4 address to binary or decimal. After much trial and error I was able to come up with the following:
1 2 3 4 5 6 7 8 |
Function ConvertRADIUSIPAddress($RADIUSIPAddress) { $bin=[convert]::ToString([int32]$RADIUSIPAddress,2).PadLeft(32,'0').ToCharArray() $A=[convert]::ToByte($bin[0..7] -join "",2) $B=[convert]::ToByte($bin[8..15] -join "",2) $C=[convert]::ToByte($bin[16..23] -join "",2) $D=[convert]::ToByte($bin[24..31] -join "",2) return $($A,$B,$C,$D -join ".") } |
To use the function you only need to supply the uses “msRADIUSFramedIPAddress” value. To make it more useful added some PSObject and ran it through a for loop using GET-Aduser.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
$users = get-aduser -f * -Properties GivenName,surname,name,msRADIUSFramedIPAddress,DistinguishedName,LastLogonDate,whenCreated,whenChanged,enabled,manager |select GivenName,surname,name,msRADIUSFramedIPAddress,DistinguishedName,LastLogonDate,whenCreated,whenChanged,enabled,manager foreach ($un in $users){ New-Object PSObject -Property @{ Name = $un.Name DN = $un.DistinguishedName Enabled = $un.Enabled Manager = $un.manager LastLogin = $un.LastLogonDate Created = $un.whenCreated IP = <strong>ConvertRADIUSIPAddresss</strong> $un.msRADIUSFramedIPAddress fullname = $un.GivenName + " " + $un.Surname } } |
Now when I run the script it pulls back a list of users with a human readable IPV4 address.
That is it for now.