ISA Server & Powershell

I’ve recently been trying to find a way to work with ISA 2006 using powershell; it’s not as straightforward as I would have hoped as all the docs are for C and Vbscript and they’re not exactly full of information anyway. That said, a few people seem to have been managing so I dived in and came up with this; it’s a Powershell script to add IP address ranges (In my case, just single addresses) from a text file to an ISA Network object (for the purposes of blacklisting). Requires Powershell v2 and needs to be run on an ISA server. For the record, the ISA API is horrible.

<#
.SYNOPSIS
Adds specified IP address ranges to a given Network in ISA
.PARAMETER network
Network Name to edit
.PARAMETER path
Path to file containing list of IPs to add
#>
 
param
(
	[Parameter(Mandatory=$true,ParameterSetName="path",ValueFromPipelineByPropertyName=$true,Position=1,Helpmessage="Path to file containing list of IPs to add")]$path
	[Parameter(Mandatory=$true,ParameterSetName="network",ValueFromPipelineByPropertyName=$true,Position=0,Helpmessage="Network Name to edit")]$network
)
 
#Create ISA COM Objects
$root = new-object -comObject "FPC.Root" -strict
#Get our array (well, there is only one in this case)
$server = $root.Arrays | Select-Object -first 1
#Get IPRangeSet for the required network
$ipranges = $server.NetworkConfiguration.Networks.item($network).IpRangeSet
 
$file = gc $path
 
foreach($ip in $file){
 
	$flag = 0
 
	foreach($iprange in $ipranges){
		if($iprange.ip_from -match $ip){$flag = 1}
	}
 
	if($flag -ne 1){$ipranges.add($ip,$ip)}
}
 
$ipranges.save()

Published by

Adam

I am the person responsible for all this, that's all you need to know.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.