I was working on a project recently and needed to find all of the undefined clients in an Active Directory domain. �Undefined clients are those domain members that are in an IP subnet that is not yet defined to a site. �Unfortunately, there's no central place to find this information so you must turn to some log parsing.

Each domain controller has a netlogon.log file, by default, in the C:\Windows\Debug folder.

In order to find all of these pesky clients you're forced to read all of these netlogon.log files on all domain controllers to get a thorough list. �When looking into this I found a lot of different articles but they seemed WAY too over-complicated in order to get this done so I greatly simplified it. �Here's my solution:

#requires -Module ActiveDirectory
$DomainControllers = (Get-AdDomainController).Hostname
[Collections.ArrayList]$UndefinedClients = @()
foreach ($Dc in $DomainControllers ) {
    $LogPath = "\\$Dc\c$\windows\debug\netlogon.log"
    $GroupedClients = Select-String -Pattern 'NO_CLIENT_SITE' -Path $LogPath | foreach {
        if ($_.Line -match 'NO_CLIENT_SITE: (.*)') {
            $UndefinedClients.Add($matches[1].Trim().Split(' ')[0]) | Out-Null
        }
    }
}
$UndefinedClients = $UndefinedClients | Select -Unique $UndefinedClients

Join the Jar Tippers on Patreon

It takes a lot of time to write detailed blog posts like this one. In a single-income family, this blog is one way I depend on to keep the lights on. I'd be eternally grateful if you could become a Patreon patron today!

Become a Patron!