Using Powershell to prep for a DHCP cutover

 Alright, here is the background. 

Recently I was working on migrating a few locations off of bog standard Microsoft Windows DHCP server to Infoblox.

I'm no stranger to windows DHCP, but I've spent much more time with Infoblox over the past 6 years. And the majority of my time administrating windows DHCP was with the GUI. 

Seeing as I was looking at a ton of scopes, I hate repetitive work, and I had a few locations that would need to be cut over. I figured this was a good of a time as any to work on my powershell skills. 

In my case, all commands are displayed and used as if you are running them directly on the DHCP server itself. There are ways to run these commands on a remote system but I wont get into that here. Its trivial to update these examples for that use case.

First task, I want an easily readable export of the current scopes. Now there are two ways of doing this. What I did, was simply run 

    Get-DhcpServerv4Scope | Export-Csv DhcpExport.csv

Basically grabbing all of the v4 scopes on the server and throwing it into a CSV. 

Recently I've learned that you can also do the following

    Export-DhcpServer -File DhcpExport.csv

 Okay cool, now no matter what method used for the above step the end result should be that we have a backup of the DHCP state before any changes are made. 

In my personal example, I created a separate copy of this data, just labeled backup and exported to a "safe" location. After which I followed the sames steps but just used a different file name to create a working data set. Just really wanted to reduce the chance of accidentally modifying my "before" state data an having inaccurate data should I need to go back and troubleshoot an issue.

Next steps, Pre-cutover I want to reduce lease times for anything greater than one hour. The half life of your longest configured lease time will inform exactly when you want to make this change.  

 See section 4.4.5 of https://datatracker.ietf.org/doc/html/rfc2131

First, I need to find all the scopes where the current lease time is greater than one hour. No point in changing anything equal to or less than that. 

Get-DhcpServerv4Scope | Where-Object {$_.LeaseDuration -gt (New-TimeSpan -Hours 1)} | Export-Csv -path Filename.csv 

This one liner will grab all the IPv4 DHCP scopes on your server, filter for any scopes that meet our 1 hour criteria, then spit it all out into a CSV in this example just called Filename.csv

Now, you could manually review the csv, and for each scope reduce the lease time with the following command

    Set-DhcpServerv4Scope -ScopeId x -LeaseDuration 1:00:00

    Where x = scope ID 

And if you find you only have a few scopes that need to be modified, this could totally be a good game plan, but in my case, and I think it would be safe to assume the majority of cases, lease times are typically 1 day or longer. So depending on the size of your environment you may be looking at a lot of copy/pasting

Besides, were already leveraging powershell, so lets make it do the boring work for us. 

Get-DhcpServerv4Scope -ScopeId x

Leveraging WSL (or Linux), and fping to ping multiple hosts

 

Have a pending cutover or maintenance window and need a quick and easy way to monitor assets?

The "correct" answer should be to leverage your monitoring software*, but if your like me and you want to save on some screen real estate and know a bit sooner SHTF than it takes for an app to update a GUI or a page in your browser, you can use a combo of linux (or WSL) and fping to track the status of a handfull of hosts

You'll need to make sure you have fping installed. Its easy enough, just use whatever package manager you use to apt-get or yum or whatever to install fping 

Second step is to create a text file containing the hosts you would like to ping. Both IP addresses and hostnames are valid options. Each host should be on its own line like the example below. My example is a file named testhosts.txt

 

 Now the actual command were going to use looks like

watch -n 0.5 fping --stats --file testhosts.txt

Quick break down, This is the combo of a few basic linux commands. Watch is bog standard linux. Here I've combined it with fping's ability to print a summary status and ping hosts from a file. You can use the -l (--loop) flag with fping to loop through hosts in a text file, but the output will be atleast what is in my opinion a bit messy. But by using watch and just the stats flag I have a smaller footprint that will update in 0.5 seconds. 

I'm confident that this:

Is much neater than this constantly filling a terminal

It would be way to easy to miss a change in status. 

Next Steps and Future Improvements

Now that I've used this in production a few times, I have some improvements I'd like to tackle eventually.

To stop the pings, you need to Ctrl+C out of the loop, but in doing so you also loose all the summary data. It would be nice to retain this info 

Another nice feature would be color coding.  Maybe Red when a host is unreachable. Just may increase the likely hood a down host will catch you eye. 

*for gods sake, if you don't have a monitoring platform get one!