Thursday, 14 May 2015

Enable Hyper-V Integration Services for a VM

This cmdlet was introduced in Windows Server 2012 and has been expanded in Windows Server 2012 R2 to add the Guest Service Interface parameter. This service is turned off by default and must be enabled either through the settings page in Hyper-V Manager for each VM of interest or by using a PowerShell command as inEnable-VMIntegrationService -Name "Guest Service Interface" "Baseline 2012 Server." 

While the Enable/Disable VMIntegrationService cmdlets allow a single integration service to be enabled, there's no wildcard capability to enable all.
However, you can enable all with a simple PowerShell command. Simply set the name of the virtual machine (VM) in the first part and last part of the command, and all integration services will be enabled.

"Get-VMIntegrationService -VMName <virtual machine name> |
ForEach-Object { Enable-VMIntegrationService -Name $_.Name -VMName <virtual machine name>}"

DSC Desired State Configuration

Keeping servers in a known configuration state can be a challenge in any environment. With multiple administrators and the opportunity to change settings comes the ability to potentially disable any feature or function on a server. PowerShell 4.0 introduces automated configuration management in the form of Desired State Configuration. DSC uses script-based configuration files that you create using PowerShell ISE. These are converted into MOF files that are used to set or check the configuration of a server using the Start-DscConfiguration cmdlet.

Create configuration scripts An extension to the PowerShell language 
 Use PowerShell language and cmdlets to create and deploy configurations Create and manage server configuration files
A local configuration manager does the heavy lifting Ensures servers are always configured the way you need

Prevent server configuration “drift” Separate configuration from implementation “Continuous” server deployment Manage servers on-site or in a cloud Leverage your existing PowerShell skills

Desired State Configuration (DSC) is the last major component of the Monad Manifesto which brought us Windows PowerShell. DSC will change the way you manage your datacenter. Instead of managing a server, you will manage its configuration. DSC is known as a “make it so” technology. You will define a desired server configuration and the server will make it happen. This session will provide an overview to DSC


The main difference between these above two Images, is that they show that DSC supports both pushing configuration to sets of nodes from a central point, as well as having those nodes pull configuration on a periodic basis, from a central point, called the Pull Server. This ability to support both push and pull deployment of configuration is extremely useful, and something that Group Policy has always lacked. Group Policy provides a pull-only model of configuration distribution, making it ill suited to environment where you absolutely need to know that configuration changes arrived at their destination at a specific time, and succeeded. Managing configuration in Server environments is a perfect example of this kind of deterministic requirement. Conversely, pull is a great mechanism for transient machines, such as machines in the cloud or mobile clients coming on and off the network. Pull distribution is also ultimately more scalable since pulls can be staggered across many thousands of machines, just as Group Policy works today. The Pull Server itself is simply a web-based endpoint that you can deploy as a feature on any Windows Server running the Windows Management Framework 4.0. It appears as a feature when you configure a server using, for example, Server Manager, under the Windows PowerShell section.

Wednesday, 29 April 2015

What's New In PowerShell 4.0

You will get following new future in PowerShell 4.0 on Windows 8.1 and Server 2012 R2

  • Save-HelpGet-FileHash
  • Get-NetNat
  • Get-VMFirmware
  • Set-ScheduledJob - Run job immediately.  -RunNow parameter
  • New-JobTrigger
  • Set-JobTrigger cmdlets is RepeatIndefinitely
  • Test-NetConnection
  • DSC Desired State Configuration
  • Test-VMNetworkAdapter

Wednesday, 10 July 2013

How Do I Find A List Of Global Catalog Servers Using Nslookup

The following commands will list all Global Catalog Servers in your Active Directory domain:
1.    From the command prompt, type nslookup.
o    C:\nslookup
2.    Set the type to server.
o    >set type=srv
3.    Find the Global Catalog Server(s).
o    >_gc._tcp.<DnsForestName>
4.    Example:
o     >_gc._tcp."your"
5.    The results will include the hostname and IP address of each Global Catalog Server.
6.    Type "exit" to leave the nslookup session.

2008/2008 R2--Server Core

The Server Core installation option is an option that you can use for installing Windows Server 2008 or Windows Server 2008 R2. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles. A server running a Server Core installation of Windows Server 2008 supports the following server roles:

§ Active Directory Domain Services (AD DS)
§ Active Directory Lightweight Directory Services (AD LDS)
§ DHCP Server
§ DNS Server
§ File Services
§ Hyper-V
§ Print Services
§ Streaming Media Services
§ Web Server (IIS)

A server running a Server Core installation of Windows Server 2008 R2 supports the following server roles:

§ Active Directory Certificate Services
§ Active Directory Domain Services
§ Active Directory Lightweight Directory Services (AD LDS)
§ DHCP Server
§ DNS Server
§ File Services (including File Server Resource Manager)
§ Hyper-V
§ Print and Document Services
§ Streaming Media Services
§ Web Server (including a subset of ASP.NET)

A Server Core installation does not include the traditional full graphical user interface. Once you have configured the server, you can manage it locally at a command prompt or remotely using a Terminal Server connection. You can also manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.
Benefits of a Server Core installation

The Server Core installation option of Windows Server 2008 or Windows Server 2008 R2 provides the following benefits:

§ Reduced maintenance. Because the Server Core installation option installs only what is required to have a manageable server for the supported roles, less maintenance is required than on a full installation of Windows Server 2008.

§ Reduced attack surface. Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.

§ Reduced management. Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.

§ Less disk space required. A Server Core installation requires only about 3.5 gigabytes (GB) of disk space to install and approximately 3 GB for operations after the installation.

How do you promote a Server Core to DC

In order to install Active Directory DS on your server core machine you will need to perform the following tasks:
1. Configure an unattend text file, containing the instructions for the DCPROMO process. In this example you will create an additional DC for a domain called pilot.local:
2. Configure the right server core settings
After that you need to make sure the core machine is properly configured.
1. Perform any configuration setting that you require (tasks such as changing computer name, changing and configure IP address, subnet mask, default gateway, DNS address, firewall settings, configuring remote desktop and so on).
2. After changing the required server configuration, make sure that for the task of creating it as a DC – you have the following requirements in place:
§ A partition formatted with NTFS (you should, it’s a server…)
§ A network interface card, configure properly with the right driver
§ A network cable plugged in
§ The right IP address, subnet mask, default gateway
And most importantly, do not forget:
§ The right DNS setting, in most cases, pointing to an existing internal DNS in your corporate network

3. Copy the unattend file to the server core machine
Now you need to copy the unattend file from wherever you’ve stored it. You can run it from a network location but I prefer to have it locally on the core machine. You can use the NET USE command on server core to map to a network path and copy the file to the local drive. You can also use a regular server/workstation to graphically access the core’s C$ drive (for example) and copy the file to that location.

4. Run the DCPROMO process
Next you need to manually run DCPROMO. To run the Active Directory Domain Services Installation Wizard in unattended mode, use the following command at a command prompt:
Dcpromo /unattend

Reboot the machine
In order to reboot the server core machine type the following text in the command prompt and press Enter.
shutdown /r /t 0

How do you install an Read-Only Domain Controller----------(RODC)

1 Make sure you are a member of Domain Admin group
2. Ensure that the forest functional level is Windows Server 2003 or higher
3. Run adprep /rodcprep
3. Install a writable domain controller that runs Windows Server 2008 – An RODC must replicate domain updates from a writable domain controller that runs Windows Server 2008. Before you install an RODC, be sure to install a writable domain controller that runs Windows Server 2008 in the same domain. The domain controller can run either a full installation or a Server Core installation of Windows Server 2008. In Windows Server 2008, the writable domain controller does not have to hold the primary domain controller (PDC) emulator operations master role.
4. You can install an RODC on either a full installation of Windows Server 2008 or on a Server Core installation of Windows Server 2008. Follow the below steps:
§ Click Start, type dcpromo, and then press ENTER to start the Active Directory Domain Services Installation Wizard.
§ On the Choose a Deployment Configuration page, click Existing forest, click Add a domain controller to an existing domain
§ On the Network Credentials page, type the name of a domain in the forest where you plan to install the RODC. If necessary, also type a user name and password for a member of the Domain Admins group, and then click Next.
§ Select the domain for the RODC, and then click Next.
§ Click the Active Directory site for the RODC and click next
§ Select the Read-only domain controller check box, as shown in the following illustration. By default, the DNS server check box is also selected. To run the DNS server on the RODC, another domain controller running Windows Server 2008 must be running in the domain and hosting the DNS domain zone. An Active Directory–integrated zone on an RODC is always a read-only copy of the zone file. Updates are sent to a DNS server in a hub site instead of being made locally on the RODC.
§ To use the default folders that are specified for the Active Directory database, the log files, and SYSVOL, click Next.
§ Type and then confirm a Directory Services Restore Mode password, and then click Next.
§ Confirm the information that appears on the Summary page, and then click Next to start the AD DS installation. You can select the Reboot on completion check box to make the rest of the installation complete automatically.

Read-Only Domain Controller----------(RODC)

A read-only domain controller (RODC) is a new type of domain controller in the Windows Server® 2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the Active Directory Domain Services (AD DS) database.
Before the release of Windows Server 2008, if users had to authenticate with a domain controller over a wide area network (WAN), there was no real alternative. In many cases, this was not an efficient solution. Branch offices often cannot provide the adequate physical security that is required for a writable domain controller. Furthermore, branch offices often have poor network bandwidth when they are connected to a hub site. This can increase the amount of time that is required to log on. It can also hamper access to network resources.
Beginning with Windows Server 2008, an organization can deploy an RODC to address these problems. As a result, users in this situation can receive the following benefits:
§ Improved security
§ Faster logon times
§ More efficient access to resources on the network

Inadequate physical security is the most common reason to consider deploying an RODC. An RODC provides a way to deploy a domain controller more securely in locations that require fast and reliable authentication services but cannot ensure physical security for a writable domain controller.
However, your organization may also choose to deploy an RODC for special administrative requirements. For example, a line-of-business (LOB) application may run successfully only if it is installed on a domain controller. Or, the domain controller might be the only server in the branch office, and it may have to host server applications.
In such cases, the LOB application owner must often log on to the domain controller interactively or use Terminal Services to configure and manage the application. This situation creates a security risk that may be unacceptable on a writable domain controller.
An RODC provides a more secure mechanism for deploying a domain controller in this scenario. You can grant a non administrative domain user the right to log on to an RODC while minimizing the security risk to the Active Directory forest.
You might also deploy an RODC in other scenarios where local storage of all domain user passwords is a primary threat, for example, in an extranet or application-facing role.

Active Directory Recycle Bin--How do you use it

Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting Active Directory Domain Services (AD DS), or rebooting domain controllers.
When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
Active Directory Recycle Bin is functional for both AD DS and Active Directory Lightweight Directory Services (AD LDS) environments.
By default, Active Directory Recycle Bin in Windows Server 2008 R2 is disabled. To enable it, you must first raise the forest functional level of your AD DS or AD LDS environment to Windows Server 2008 R2, which in turn requires all forest domain controllers or all servers that host instances of AD LDS configuration sets to be running Windows Server 2008 R2.

To enable Active Directory Recycle Bin using the Enable-ADOptionalFeature cmdlet

1.    Click Start, click Administrative Tools, right-click Active Directory Module for Windows PowerShell, and then click Run as administrator.
1. At the Active Directory module for Windows PowerShell command prompt, type the following command, and then press ENTER:
Enable-ADOptionalFeature -Identity <ADOptionalFeature> -Scope <ADOptionalFeatureScope> -Target <ADEntity>

For example, to enable Active Directory Recycle Bin for, type the following command, and then press ENTER:

Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=pilot,DC=com’ –Scope ForestOrConfigurationSet –Target ‘’

How do you promote a Server Core to DC

A snapshot is a shadow copy—created by the Volume Shadow Copy Service (VSS)—of the volumes that contain the Active Directory database and log files. With Active Directory snapshots, you can view the data inside such a snapshot on a domain controller without the need to start the server in Directory Services Restore Mode.
Windows Server 2008 has a new feature allowing administrators to create snapshots of the Active Directory database for offline use. With AD snapshots you can mount a backup of AD DS under a different set of ports and have read-only access to your backups through LDAP.
There are quite a few scenarios for using AD snapshots. For example, if someone has changed properties of AD objects and you need to revert to their previous values, you can mount a copy of a previous snapshot to an alternate port and easily export the required attributes for every object that was changed. These values can then be imported into the running instance of AD DS. You can also restore deleted objects or simply view objects for diagnostic purposes.
It does not allow you to move or copy items or information from the snapshot to the live database. In order to do that you will need to manually export the relevant objects or attributes from the snapshot, and manually import them back to the live AD database.

Steps for using Snapshot:
1. Create a snapshot:
open CMD.exe, Ntdsutil, activate instance ntds, snapshot, create, list all.

2. Mounting an Active Directory snapshot:
Before connecting to the snapshot we need to mount it. By looking at the results of the List All command in above step, identify the snapshot that you wish to mount, and note the number next to it.
Type Ntdsutil, Snapshot, List all, Mount 2. The snapshot gets mounted to c:\$SNAP_200901250030_VOLUMEC$. Now you can refer this path to see the objects in these snapshots.

3. Connecting an Active Directory snapshot:
In order to connect to the AD snapshot you’ve mounted you will need to use the DSAMAIN command. DSAMAIN is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) server role installed.
After using DSAMAIN to expose the information inside the AD snapshot, you can use any GUI tool that can connect to the specified port, tools such as Active Directory Users and Computers (DSA.msc), ADSIEDIT.msc, LDP.exe or others. You can also connect to it by using command line tools such as LDIFDE or CSVDE, tools that allow you to export information from that database.
dsamain -dbpath ” c:\$SNAP_200901250030_VOLUMEC$\Windows\NTDS\ntds.dit” -ldapport 10289

The above command will allow you to access the database using port 10289.
Now you can use LDP.exe tool to connect to this mounted instance.

4. Disconnecting from the Active Directory snapshot:
In order to disconnect from the AD snapshot all you need to do is to type CTRL+C at the DSAMAIN command prompt window. You’ll get a message indicating that the DS shut down successfully.

5. Unmounting the snapshot:
Run command, Ntdsutil, Snapshot, List all, Unmount 2.