Monitoring with PowerShell Chapter 2: DHCP Pool status

Hi All,

As I’ve explained in my previous the series is taking a bit of a turn here and we’re going to start some blogs about remediation instead of just monitoring. I’ll link back to a previous blog and will explain how we automatically react to these issues within our RMM, if you do not have an RMM – Don’t worry! We’ll include the monitoring + remediation script so you can combine the scripts any way you’d like.

The second monitoring and remediation we’re getting on is a full DHCP-scope and auto-remediate when the scope is completely full. We’ll monitoring several aspects such as the amount of free IP’s, the scope status and lease-time, we’ll also try to clean the scope if it reaches a full state for very old leases or BAD_ADDR’s. Remember that if you bump into this issue a lot it’s better to increase scope size or manage your devices and network 🙂

To start we’re quickly building a monitoring set to check how full the DHCP scope currently is:


$ExpectedFree = "10"
$Stats = Get-DhcpServerv4ScopeStatistics

foreach($pool in $stats){
if($pool.Free -lt $ExpectedFree){
$ScopeStatus += "$($Pool.ScopeId) has $($Pool.free) left"
}
}

if(!$ScopeStatus ){ $ScopeStatus  = "Healthy"}

if we check $ScopeStatus we’ll see that it has a health state of “healthy” if there are enough addresses, if it only has a couple we will see exactly how much addresses are left and we can respond on that.

Next to checking the scope Free Addresses status we’ll also want to see exactly what the status is of these leases – Every non-active lease could be an issue as it might be a BAD_ADDR or a reservation that is no longer required:


$Leases = Get-DhcpServerv4Scope | Get-DhcpServerv4Lease
foreach($lease in $leases | where-object { $_.AddressState -ne "Active" }){
$LeaseStatus += "$($lease.IPAddress) has a state of $($lease.AddressState)"
}
if(!$LeaseStatus ){ $LeaseStatus  = "Healthy"}

Now that we have the list of addresses, lets try to resolve the issue of a full scope. To do this we’re going to compare the age of old addresses, try to ping them and clear the lease if they do not respond.
DISCLAIMER:
Remember that a device does not lose its connection when you clear the scope of old addresses, but you could get duplicate IP’s if the device is still online. The check’s we do are not very extensive, and you need to evaluate if you want to use this in your network, or look at a better solution such as increasing scope size. Do NOT use this if you have devices that do not reply to ping, we will only kick off addresses that are older than your own set thresholds, Customize these to your environment.


$Time = (get-date).addhours(+6)
$Leases = Get-DhcpServerv4Scope | Get-DhcpServerv4Lease
Get-DhcpServerv4Scope | Remove-DhcpServerv4Lease -BadLeases
foreach($lease in $leases | where-object { $_.LeaseExpiryTime -gt $days }){
Remove-DhcpServerv4Lease -ScopeID $lease.ScopeId -ClientId $lease.ClientId
}

So that’s it – We’re deleting all leases that have a expire of right now, +6 hours, and the addresses that the DHCP server has registered as “bad”. You can change these to your own preference of course.

Happy scripting!

Recent Articles

The return of CyberDrain CTF

CyberDrain CTF returns! (and so do I!)

It’s been since september that I actually picked up a digital pen equivalent and wrote anything down. This was due to me being busy with life but also my side projects like CIPP. I’m trying to get back into the game of scripting and blogging about these scripts. There’s still so much to automate and so little time, right? ;)

Monitoring with PowerShell: Monitoring Acronis Backups

Intro

This is a monitoring script requested via Reddit, One of the reddit r/msp users wondered how they can monitor Acronis a little bit easier. I jumped on this because it happened pretty much at the same time that I was asked to speak at the Acronis CyberSummit so it kinda made sense to script this so I have something to demonstrate at my session there.

Monitoring with PowerShell: Monitoring VSS Snapshots

Intro

Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.