Convert ConfigMgr 2012 R2 Active Directory Site Boundaries to IP Subnet Boundaries

My colleague and I (Nathan Olmstead) are in the process of migrating a ConfigMgr 2012 SP1 environment to a newly built ConfigMgr 2012 R2 environment. The SP1 environment is in pretty rough shape and more complex than it needed to be, so, it was decided to start over fresh. We just stood up our new site and we're in the process of bringing boundaries over to the new environment so we can start testing everything out. What we ran into was that the boundaries are set using AD sites in the legacy site. This isn't a bad thing by any means, but we need to exclude a small set of IP addresses which are included with the AD sites. And once we are ready to start migrating, we'll need to migrate by subnets rather than AD site boundaries, due to the complexity and size of the network here.

We had over 200 subnets in our AD site (HQ) and there's no way we were going to manually hand jam those into the CM environment and as I pointed out before, we can't bring over all the boundaries at once. We wrote a short PowerShell script to do the work for us. Below is the final outcome which did the trick for us.

You'll need to have at least PowerShell 3.0, the Active Directory PowerShell modules and the ConfigMgr 2012 R2 PowerShell modules on the system running the script.

The script below was ran on the legacy environment so we could get to the point where we could exclude the small IP range we needed to test with on the new site.


Import-Module ActiveDirectory

# Change the following to match your CM install directory
'F:\Program Files\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'
CD 'F:\Program Files\Microsoft Configuration Manager\AdminConsole\bin'
# Change this to your site code

# This creates a new boundary group to add the newly created boundaries in. This is not required and can be commented out.
# If it is used, be sure you update the Boundary Group name, description and default site code.

-Name 'New Boundary Group' -Description 'Headquarters' -DefaultSiteCode 'HQC'

# '$site' will search all AD boundaries and only run against the one named 'HQ'.
# You can exclude the pipe and beyond to target all sites or update it if you only want to target a specific site.
$Site = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites | ? { $_.Name -eq 'HQ' }
$Subnets = $site.Subnets.Name

foreach ( $Subnet in $Subnets )

   #Looks for a period in the address to ID as IPv4 address
   if ($subnet -like '*.*') {
      $subnetaddress = $Subnet.Split('/')
      New-CMBoundary -Name $Subnet -Type IPSubnet -Value $subnetaddress[0]
      Add-CMBoundaryToGroup -BoundaryName $Subnet -BoundaryGroupName 'New Boundary Group'

   #Looks for a colon in the address to ID as IPv6 address  
   elseif ($subnet -like '*:*') {
      $subnetaddress = $Subnet.Split('/')
      New-CMBoundary -Name $Subnet -Type IPV6Prefix -Value $subnetaddress[0]
      Add-CMBoundaryToGroup -BoundaryName $Subnet -BoundaryGroupName 'New Boundary Group'


This was ran against the following environments:

Windows Server 2012 R2 (New – ConfigMgr 2012 R2)
Windows Server 2008 R2 (Old  – ConfigMgr 2012 SP1)

Be sure to test this in a lab environment and use at your own risk!

Comments (2)

  1. Jason says:

    Why? ConfigMgr will automatically create IP Address Range boundaries for you in forest discovery. Also, the subnets in AD are *not* equivalent to IP Subnets/Subnet IDs that ConfigMgr IP Subnet boundaries use so the above is potentially invalid anyway —
    this is exactly why ConfigMgr does not automatically create IP Subnet boundaries for you based on subnet definitions in AD. Just use IP Addresses Ranges and move on, they will make your life easier.

Skip to main content