Check if an IP address is within an IP Range Boundary in ConfigMgr 2012

A customer of mine needed to check if a specific IP address was within any of the IP range boundaries that was present in ConfigMgr. I did some research on how this could be scripted, and found out that there’s a System.Net.IPAddress class that could be leveraged. The final script that I came up with is able to check if an IP address fall within any boundary, and if it does it returns the boundary description or range value. If the IP address would be within several boundaries, all results will be shown. By designing the script this way, it could also be used to check for overlapping boundaries (thanks to David O’brien for pointing that out to me!)

How to use the script

This script is looking for IP addresses that fall within any of the configured IP range boundaries. At the moment it doesn’t work with Subnet or AD Site boundaries. Save the script from below and call it e.g. Get-IPAddressBoundary.ps1. I’ve saved it to C:\Scripts on my Primary Site server.
1. Open an elevated PowerShell console.
2. Browse to the folder where you saved the script, and run the following command:

.\Get-IPAddressBoundary.ps1 -SiteServer CM01 -IPAddress

Note: Change CM01 and to values that works in your environment.
3. When the above command has been executed, if the script will match an IP range boundary to the entered IP address, it will output either the Description of the boundary or the value of the range.
If no matches was found, the script will output that it didn’t find the IP address to be within any of the configured IP range boundaries.

The script





$IPAddress ) function Get-CMSiteCode { $CMSiteCode = Get-WmiObject -Namespace “root\SMS” -Class SMS_ProviderLocation -ComputerName $SiteServer | Select-Object -ExpandProperty SiteCode return $CMSiteCode } $Results = 0 $Boundary = Get-WmiObject -Namespace “root\SMS\site_$(Get-CMSiteCode)” -Class SMS_Boundary -Filter “BoundaryType = 3” $BoundaryCount = ($Boundary | Measure-Object).Count if ($BoundaryCount -ge 1) { $Boundary | ForEach-Object { $BoundaryName = $_.DisplayName $BoundaryNameLength = $_.DisplayName.Length $BoundaryValue = $_.Value.Split(“-“) $IPStartRange = $BoundaryValue[0] $IPEndRange = $BoundaryValue[1] $ParseIP = [System.Net.IPAddress]::Parse($IPAddress).GetAddressBytes() [Array]::Reverse($ParseIP) $ParseIP = [System.BitConverter]::ToUInt32($ParseIP, 0) $ParseStartIP = [System.Net.IPAddress]::Parse($IPStartRange).GetAddressBytes() [Array]::Reverse($ParseStartIP) $ParseStartIP = [System.BitConverter]::ToUInt32($ParseStartIP, 0) $ParseEndIP = [System.Net.IPAddress]::Parse($IPEndRange).GetAddressBytes() [Array]::Reverse($ParseEndIP) $ParseEndIP = [System.BitConverter]::ToUInt32($ParseEndIP, 0) if (($ParseStartIP -le $ParseIP) -and ($ParseIP -le $ParseEndIP)) { if ($BoundaryName.Length -ge 1) { $Results = 1 Write-Output “`nIP address ‘$($IPAddress)’ is within the following boundary:” Write-Output “Description: $($BoundaryName)`n” } else { $Results = 1 Write-Output “`nIP address ‘$($IPAddress)’ is within the following boundary:” Write-Output “Range: $($_.Value)`n” } } } if ($Results -eq 0) { Write-Output “`nIP address ‘$($IPAddress)’ was not found in any boundary`n” } } else { Write-Output “`nNo IP range boundaries was found`n” }


Nickolaj Andersen

Chief Technical Architect and Enterprise Mobility MVP since 2016. Nickolaj has been in the IT industry for the past 10 years specializing in Enterprise Mobility and Security, Windows devices and deployments including automation. Awarded as PowerShell Hero in 2015 by the community for his script and tools contributions. Creator of ConfigMgr Prerequisites Tool, ConfigMgr OSD FrontEnd, ConfigMgr WebService to name a few. Frequent speaker at conferences such as Microsoft Ignite, NIC Conference and IT/Dev Connections including nordic user groups.