EvotecIT / Testimo

Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests
547 stars 58 forks source link

DNS: Ethernet should have static IPv4 settings #56

Closed PrzemyslawKlys closed 4 years ago

PrzemyslawKlys commented 5 years ago

Title: DNS: Ethernet should have static IPv4 settings

Severity Warning

Date: 31.05.2018 22:33:13

Category: Configuration

Problem: Ethernet has dynamically assigned Internet Protocol version 4 (IPv4) addresses.

Impact: Dynamic IP addresses can change, preventing clients from locating server resources.

Resolution Click Start, click Network, click Network and Sharing Center, and then click Change adapter settings to configure a static IP address on the interface.

http://go.microsoft.com/fwlink/?LinkId=121986

itpro-tips commented 4 years ago

We can get this information with, for example, this script.

It can also be used to answer to DNS servers on Ethernet should include the loopback address, but not as the first entry

Another interesting test is to identify if DC has more than one IP, because multihomed DC is often used (sometimes without issue, sometimes with a lot of issues...)

PrzemyslawKlys commented 4 years ago

I believe this is doable as part of this one:

https://github.com/EvotecIT/Testimo/blob/2790438f30ab91bcc0fb3d453cc5d47a4597bb6e/Private/SourcesDomainControllers/NetworkCardSettings.ps1#L6-L6

PS C:\Support\GitHub\Testimo> Get-ComputerNetwork -ComputerName AD1                                                                                                                                                                                                                                                                                  367,67ms

Name                            : Network  2
NetworkCardName                 : Ethernet 2
NetworkCardIndex                : 5
FirewallProfile                 : Private
FirewallStatus                  : True
IPAddress                       : {192.168.240.189}
IPGateway                       : {192.168.240.1}
IPSubnet                        : {255.255.255.0}
IPv4Connectivity                : Internet
IPv6Connectivity                : NoTraffic
DNSServerSearchOrder            : {192.168.240.192, 192.168.240.236, 192.168.240.189, 127.0.0.1}
DNSDomainSuffixSearchOrder      : {ad.evotec.xyz}
FullDNSRegistrationEnabled      : True
DHCPEnabled                     : False
DHCPServer                      :
DHCPLeaseObtained               :
NetBIOSOverTCPIP                : Disabled
Caption                         :
Description                     : 
ElementName                     :
DefaultInboundAction            : Block
DefaultOutboundAction           : Allow
AllowInboundRules               : NotConfigured
AllowLocalFirewallRules         : NotConfigured
AllowLocalIPsecRules            : NotConfigured
AllowUserApps                   : NotConfigured
AllowUserPorts                  : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen                  : False
EnableStealthModeForIPsec       : NotConfigured
LogFileName                     : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes             : 4096
LogAllowed                      : False
LogBlocked                      : False
LogIgnored                      : NotConfigured
ComputerName                    : AD1

It's just matter of updating the tests to cover this.

PrzemyslawKlys commented 4 years ago

Want to try and add this?