<# .SYNOPSIS Phase 3.0: Pre-join verification from an INTERNAL VLAN machine. .DESCRIPTION Tests DNS resolution, network connectivity, and SMB access to CS-SERVER. Run from any machine on INTERNAL VLAN (10.0.20.0/24) before domain joining. ALL tests must pass before proceeding with domain join. #> Write-Host "=== Phase 3.0: Pre-Join Verification ===" -ForegroundColor Cyan Write-Host "Running from: $env:COMPUTERNAME ($((Get-NetIPAddress -AddressFamily IPv4 | Where-Object {$_.IPAddress -notlike '127.*'}).IPAddress -join ', '))" Write-Host "" $allPassed = $true # --- DNS Resolution --- Write-Host "--- DNS Tests ---" -ForegroundColor Yellow $dnsTests = @( @{ Name = "cs-server.cascades.local"; Expected = "192.168.2.254" } @{ Name = "_ldap._tcp.cascades.local"; Expected = "" } ) foreach ($test in $dnsTests) { try { $result = Resolve-DnsName $test.Name -ErrorAction Stop if ($test.Expected -and $result.IPAddress -notcontains $test.Expected) { Write-Host " [WARN] $($test.Name) resolved but not to $($test.Expected): $($result.IPAddress -join ', ')" -ForegroundColor Yellow } else { Write-Host " [OK] $($test.Name) resolved: $($result.IPAddress -join ', ')" -ForegroundColor Green } } catch { Write-Host " [FAIL] $($test.Name) - DNS resolution failed" -ForegroundColor Red $allPassed = $false } } # --- Network Connectivity --- Write-Host "`n--- Network Connectivity ---" -ForegroundColor Yellow $pingTargets = @( @{ Name = "CS-SERVER"; IP = "192.168.2.254" } @{ Name = "pfSense"; IP = "192.168.0.1" } ) foreach ($target in $pingTargets) { $result = Test-Connection -ComputerName $target.IP -Count 2 -Quiet -ErrorAction SilentlyContinue if ($result) { Write-Host " [OK] $($target.Name) ($($target.IP)) - reachable" -ForegroundColor Green } else { Write-Host " [FAIL] $($target.Name) ($($target.IP)) - NOT reachable" -ForegroundColor Red $allPassed = $false } } # --- Port Connectivity --- Write-Host "`n--- Port Connectivity to CS-SERVER ---" -ForegroundColor Yellow $ports = @( @{ Port = 53; Desc = "DNS" } @{ Port = 88; Desc = "Kerberos" } @{ Port = 135; Desc = "RPC" } @{ Port = 389; Desc = "LDAP" } @{ Port = 445; Desc = "SMB" } @{ Port = 636; Desc = "LDAPS" } @{ Port = 3268; Desc = "Global Catalog" } ) foreach ($p in $ports) { try { $result = Test-NetConnection -ComputerName "192.168.2.254" -Port $p.Port -WarningAction SilentlyContinue -ErrorAction SilentlyContinue if ($result.TcpTestSucceeded) { Write-Host " [OK] Port $($p.Port) ($($p.Desc)) - open" -ForegroundColor Green } else { Write-Host " [FAIL] Port $($p.Port) ($($p.Desc)) - CLOSED/FILTERED" -ForegroundColor Red $allPassed = $false } } catch { Write-Host " [FAIL] Port $($p.Port) ($($p.Desc)) - test failed" -ForegroundColor Red $allPassed = $false } } # --- SMB Access --- Write-Host "`n--- SMB Share Access ---" -ForegroundColor Yellow try { $shares = net view \\192.168.2.254 2>&1 if ($LASTEXITCODE -eq 0) { Write-Host " [OK] net view \\192.168.2.254 succeeded" -ForegroundColor Green } else { Write-Host " [FAIL] net view \\192.168.2.254 failed: $shares" -ForegroundColor Red $allPassed = $false } } catch { Write-Host " [FAIL] SMB access test failed: $_" -ForegroundColor Red $allPassed = $false } # --- Internet --- Write-Host "`n--- Internet Access ---" -ForegroundColor Yellow $internet = Test-Connection -ComputerName "8.8.8.8" -Count 1 -Quiet -ErrorAction SilentlyContinue if ($internet) { Write-Host " [OK] Internet connectivity works" -ForegroundColor Green } else { Write-Host " [WARN] No internet connectivity" -ForegroundColor Yellow } # --- Result --- Write-Host "`n========================================" -ForegroundColor Cyan if ($allPassed) { Write-Host "ALL TESTS PASSED - Safe to proceed with domain join" -ForegroundColor Green } else { Write-Host "SOME TESTS FAILED - Fix issues before domain joining" -ForegroundColor Red Write-Host "Check firewall rules (Phase 1.3) and DNS (Phase 1.4)" -ForegroundColor Yellow } Write-Host "========================================" -ForegroundColor Cyan