Monday, 23 May 2016

Transferring, Move or Seizing FSMO Roles with AD-Powershell Command to Another Domain Controller

Moving the FSMO roles with the AD PowerShell has the following benefits :
  •  It must not first connect to the future Domain Controller role holders.
  •  Only Seizing (role holder is offline) the FSMO roles will require an additional parameter, you must use -Forceparameter.
  •  Transfering or Seizing the FSMO roles must not necessarily be done from the role holder or the future role holder. You can run the AD-Powershell command from a Windows 7 Client or any Windows member server (after RSAT is installed).

The FSMO roles are can be moved to another Domain Controller by using the command: Move-ADDirectoryServerOperationMasterRole

Transfering all roles, command syntax:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator


Seizing all roles, command syntax:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force


For example, my target Domain Controller name is DC01.

We use this command to transfer all roles to another Domain Controller:

PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

We use this command to seize all roles from a permanently offline Domain Controller:

PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force



Instead of typing the Names of the operations master roles, Numbers may also be specified.

Here is table:
Role Name
Number
PDCEmulator
0
RIDMaster
1
InfrastructureMaster
2
SchemaMaster
3
DomainNamingMaster
4



Transfering all roles, command syntax: 
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4
Seizing all roles, command syntax: 
PS> Move-ADDirectoryServerOperationMasterRole -Identity "Target-DC" -OperationMasterRole 0,1,2,3,4 -Force
For example, my target Domain Controller name is DC01.

We use this command to transfer roles to another Domain Controller:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole 0,1,2,3,4

We use this command to seize roles to another Domain Controller:
PS> Move-ADDirectoryServerOperationMasterRole -Identity "DC01" -OperationMasterRole 0,1,2,3,4 -Force


View Role Placement

You can view FSMO role owner with this AD-Powershell commands:
PS> Get-ADForest | select SchemaMaster,DomainNamingMaster

PS> Get-ADDomain | select PDCEmulator,RIDMaster,InfrastructureMaster




Thursday, 19 May 2016

Step-By-Step: Active Directory Migration from Windows Server 2008 R2 to Windows Server 2012 R2 in Five small easy steps


Prerequisites
  1. Install windows Server 2012 R2.
     
  2. As a precaution, complete a full backup of your existing server.
     
  3. Check the Schema version of AD DS (Before adprep) by running regedit, navigating to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters and noting the current Schema version.

Step 1: Preparing your existing forest via the adprep command
 
  1. Insert the Windows Server 2012 DVD into the DVD drive of the Windows Server 2008 R2 AD DS.
     
  2. Open command prompt, and type adprep /forestprep and press enter.
     
  3. Check the Schema version of AD DS (After adprep) by running regedit, navigating to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters and noting the current Schema version.
     
Step 2: Promoting the Windows Server 2012 Server domain controller
 
  1. Complete Adding a Windows Server 2012 Domain Controller to an Existing Windows Server 2003 network

Step 3: Verify the new Windows Server 2012 Domain Controller
  1. Open Active Directory Users and Computersexpand <Your Domain> and click the Domain Controller OU to verify your server is listed.
     
  2. Open DNS Managerright-click on <Your Domain>, select Properties and then click Name Servers Tab. Verify that your server is listed inName Servers: lists.
     
  3. Open Active Directory Sites and Servicesverify that your server is listed in Servers under Default-First-Site-Name.

Step 4: Transferring the FSMO Role

  1. Open the Active Directory Users and Computers console on your new Windows Server 2012 computer.


  2. Right click your domain and select Operations Masters in the sub menu.


  3. In the Operations Masters window, ensure the RID tab is selected.


  4. Select the Change button.

  1. Select Yes when asked about transferring the operations master role.


  2. Once the operations master role has successfully transferred, click OK to continue.


  3. Ensure the Operations Master box now shows your new 2012 Windows Server.


  4. Repeat steps 4 to 6 for the PDC and Infrastructure tabs.


  5. Once completed, click Close to close the Operations Masters window.


  6. Close the Active Directory Users and Computers window.
Step 5: Removing the Windows 2008 R2 domain controller

  1. On the Windows 2008 R2 server click Start, Click Run, type dcpromo, then click OK.
     
  2. After the Welcome to the Active Directory Installation Wizard page, be sure to leave the Delete the domain because this server is the last domain controller in the domain unchecked.
     
  3. On the Administrator Password Page, enter your password and click Next.
     
  4. On the Summary page, click Next, wait for the process to end, then click Finish.
     
  5. On the Completing the Active Directory Domain Services Installation Wizardclick Finish.
     
  6. On the Active Directory Domain Services Installation Wizard page, click Restart Now to Restart the server.
     
  7. After the reboot is completed, delete the Windows Server 2008 R2 server from the domain to a workgroup and remove any unnecessary record from Active Directory Sites and Services.

Wednesday, 23 March 2016

Windows PowerShell (DSC) Desired State Configuration Local Configuration Manager

Local Configuration Manager is the Windows PowerShell Desired State Configuration (DSC) engine. It runs on all target nodes, and it is responsible for calling the configuration resources that are included in a DSC configuration script. This topic lists the properties of Local Configuration Manager and describes how you can modify the Local Configuration Manager settings on a target node.

Local Configuration Manager properties

The following lists the Local Configuration Manager properties that you can set or retrieve.
  • AllowModuleOverwrite: Controls whether new configurations downloaded from the configuration server are allowed to overwrite the old ones on the target node. Possible values are True and False.
  • CertificateID: GUID a certificate used to secure credentials for access to the configuration.
  • ConfigurationID: Indicates a GUID which is used to get a particular configuration file from a server set up as a “pull” server. The GUID ensures that the correct configuration file is accessed.
  • ConfigurationMode: Specifies how the Local Configuration Manager actually applies the configuration to the target nodes. It can take the following values:
    • ApplyOnly: With this option, DSC applies the configuration and does nothing further unless a new configuration is detected, either by you sending a new configuration directly to the target node (“push”) or if you have configured a “pull” server and DSC discovers a new configuration when it checks with the “pull” server. If the target node’s configuration drifts, no action is taken.
    • ApplyAndMonitor: With this option (which is the default), DSC applies any new configurations, whether sent by you directly to the target node or discovered on a “pull” server. Thereafter, if the configuration of the target node drifts from the configuration file, DSC reports the discrepancy in logs.
    • ApplyAndAutoCorrect: With this option, DSC applies any new configurations, whether sent by you directly to the target node or discovered on a “pull” server. Thereafter, if the configuration of the target node drifts from the configuration file, DSC reports the discrepancy in logs, and then attempts to adjust the target node configuration to bring in compliance with the configuration file.
  • ConfigurationModeFrequencyMins: Represents the frequency (in minutes) at which the background application of DSC attempts to implement the current configuration on the target node. The default value is 15. This value can be set in conjunction with RefreshMode. When RefreshMode is set to PULL, the target node contacts the configuration server at an interval set by RefreshFrequencyMins and downloads the current configuration. Regardless of the RefreshMode value, at the interval set by ConfigurationModeFrequencyMins, the consistency engine applies the latest configuration that was downloaded to the target node. RefreshFrequencyMins should be set to an integer multiple of ConfigurationModeFrequencyMins.
  • Credential: Indicates credentials (as with Get-Credential) required to access remote resources, such as to contact the configuration server.
  • DownloadManagerCustomData: Represents an array that contains custom data specific to the download manager.
  • DownloadManagerName: Indicates the name of the configuration and module download manager.
  • RebootNodeIfNeeded: Certain configuration changes on a target node might require it to be restarted for the changes to be applied. With the value True, this property will restart the node as soon as the configuration has been completely applies, without further warning. If False (the default value), the configuration will be completed, but the node must be restarted manually for the changes to take effect.
  • RefreshFrequencyMins: Used when you have set up a “pull” server. Represents the frequency (in minutes) at which the Local Configuration Manager contacts a “pull” server to download the current configuration. This value can be set in conjunction with ConfigurationModeFrequencyMins. When RefreshMode is set to PULL, the target node contacts the “pull” server at an interval set by RefreshFrequencyMins and downloads the current configuration. At the interval set by ConfigurationModeFrequencyMins, the consistency engine then applies the latest configuration that was downloaded to the target node. If RefreshFrequencyMins is not set to an integer multiple of ConfigurationModeFrequencyMins, the system will round it up. The default value is 30.
  • RefreshMode: Possible values are Push (the default) and Pull. In the “push” configuration, you must place a configuration file on each target node, using any client computer. In the “pull” mode, you must set up a “pull” server for Local Configuration Manager to contact and access the configuration files.

Wednesday, 3 February 2016

New Automation Tool Chef

Chef is a systems and cloud infrastructure automation framework that makes it easy to deploy servers and applications to any physical, virtual, or cloud location, no matter the size of the infrastructure. Each organization is comprised of one (or more) workstations, a single server, and every node that will be configured and maintained by the chef-client.

Chef can run in client/server mode, or in a standalone configuration named "chef-solo". In client/server mode, the Chef client sends various attributes about the node to the Chef server. The server uses Solo to index these attributes and provides an API for clients to query this information. Chef recipes can query these attributes and use the resulting data to help configure the node.
Traditionally, Chef was used to manage Linux, Microsoft Windows.


It is one of the four major configuration management systems on Linux, along with CFEngine, Bcfg2, and Puppet.

Sunday, 24 January 2016

Windows Server Upgrade Options for Windows Server 2012 R2-------PART1

Upgrading previous Windows Server versions to Windows Server 2012 R2

  • In-place upgrades from 32-bit to 64-bit architectures are not supported. All editions of Windows Server 2012 R2 are 64-bit only.
  • In-place upgrades from one language to another are not supported.
  • In-place upgrades from one build type (fre to chk, for example) are not supported.
  • Upgrades from pre-release versions of Windows Server 2012 R2 are not supported. Perform a clean installation to Windows Server 2012 R2.
  • Upgrades that switch from a Server Core installation to the Server with a GUI mode of Windows Server 2012 R2 in one step (and vice versa) are not supported but after upgrade is complete, Windows Server 2012 R2 allows you to switch freely between Server Core and Server with a GUI modes.

If you do not see your current version in the left column, upgrading to this release of Windows Server 2012 R2 is not supported.
If you see more than one edition in the right column, upgrade to either edition from the same starting version is supported.

If you are running:
You can upgrade to these editions:
Windows Server 2008 R2 Datacenter with SP1
Windows Server 2012 R2 Datacenter
Windows Server 2008 R2 Enterprise with SP1
Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter
Windows Server 2008 R2 Standard with SP1
Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter
Windows Web Server 2008 R2 with SP1
Windows Server 2012 R2 Standard
Windows Server 2012 Datacenter
Windows Server 2012 R2 Datacenter
Windows Server 2012 Standard
Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter
Hyper-V Server 2012
Hyper-V Server 2012 R2
Windows Storage Server 2012 Standard
Windows Storage Server 2012 R2 Standard
Windows Storage Server 2012 Workgroup
Windows Storage Server 2012 R2 Workgroup


 To be Continue.........

Tuesday, 19 January 2016

Who am I?

if you'd like to know your current user account, UserDomain of course you can query environment variables like this:
PS C:\> $env:userdomain
Admin-PC

PS C:\> $env:username
admin

You get a lot more information including your security identifier (SID) by using the appropriate .NET methods:

PS C:\> [System.Security.Principal.WindowsIdentity]::GetCurrent()


AuthenticationType : NTLM
ImpersonationLevel : None
IsAuthenticated    : True
IsGuest            : False
IsSystem           : False
IsAnonymous        : False
Name               : Admin-PC\admin
Owner              : S-1-5-21-981951286-3924174524-3344100332-1000
User               : S-1-5-21-981951286-3924174524-3344100332-1000
Groups             : {S-1-5-21-981951286-3924174524-3344100332-513, S-1-1-0, S-1-5-32-545, S-1-5-4...}
Token              : 644
UserClaims         : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: Admin-PC\admin,
                     http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid:
                     S-1-5-21-981951286-3924174524-3344100332-1000,
                     http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid:
                     S-1-5-21-981951286-3924174524-3344100332-513, http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid:
                     S-1-5-21-981951286-3924174524-3344100332-513...}
DeviceClaims       : {}
Claims             : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: Admin-PC\admin,
                     http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid:
                     S-1-5-21-981951286-3924174524-3344100332-1000,
                     http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid:
                     S-1-5-21-981951286-3924174524-3344100332-513, http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid:
                     S-1-5-21-981951286-3924174524-3344100332-513...}
Actor              :
BootstrapContext   :
Label              :
NameClaimType      : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
RoleClaimType      : http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid

PS C:\> [System.Security.Principal.WindowsIdentity]::GetCurrent() |
 Select-Object -ExpandProperty Name
Admin-PC\admin
PS C:\> [System.Security.Principal.WindowsIdentity]::GetCurrent() |
 Select-Object -ExpandProperty User

                                BinaryLength AccountDomainSid                             Value                                     
                                ------------ ----------------                             -----                                     
                                          28 S-1-5-21-981951286-3924174524-3344100332     S-1-5-21-981951286-3924174524-3344100332...


PS C:\> [System.Security.Principal.WindowsIdentity]::GetCurrent() |
 Select-Object -ExpandProperty Groups

                                BinaryLength AccountDomainSid                             Value                                     
                                ------------ ----------------                             -----                                     
                                          28 S-1-5-21-981951286-3924174524-3344100332     S-1-5-21-981951286-3924174524-3344100332...
                                          12                                              S-1-1-0                                   
                                          16                                              S-1-5-32-545                               
                                          12                                              S-1-5-4                                   
                                          12                                              S-1-2-1                                    
                                          12                                              S-1-5-11                                  
                                          12                                              S-1-5-15                                  
                                          12                                              S-1-2-0                                   
                                          16                                              S-1-5-64-10