Archive

Archive for July, 2012

Installing Active Directory Domain Services on Windows Server 2012 (Powershell ADDSDeployment)

July 30th, 2012 1 comment

  Its been few weeks we have got Windows Server 2012 RC. I have been trying to make some time to have a first look at it.  When i say first look, i dont mean feature by feature comparison simply because i am not a Windows Server Geek, instead i like to look at it by performing a defined task.  So here my idea is to set up Domain Controller for a new AD Forest.  I wanted to check out PowerShell v3 also, hence i decided to explore options from PowerShell to perform each steps.  so lets get started.

 

First thing i wanted to do is to just keep a nice title for my Powershell console, so i did run the below one liner:

$host.ui.RawUI.WindowTitle = "[www.get-exchange.info] The Power Of Shell"

Now lets get started, assume that i have just created a new Windows 2012 Hyper-V Virtual Machine, so below are the list of tasks i did perform to get this machine as a First DC in my AD forest

1) Rename Computer: Run the below cmdlet and the server will be restarted within few seconds

Rename-Computer -ComputerName WIN-S2PN5NMBMD -NewName WIN2012DC -Force -Restart

-ComputerName is not required if you are renaming the local machine, i just wanted to let you know that this parameter allows you to rename remote computers also and restart them.  That makes it a powerfull one, and this cmdlet is new in v3

2) Assign IP Address:

While configuring newtork adapter and IP Addresses what i normally do first is to disable unnecessary components which are not used in my setup.

2.a) Disable IPv6 and QoS

List Network Adapters and identify which adapter needs to be modified, you can use either IfIndex, IfAlias, Name to identify an Adapter. Once you know which adapter to modify, then list the binding components and Identify the components you want want disable.  Finally make the changes to the adapter and verify:

#Listing Adapters
Get-NetAdapter

#List Binding components
Get-NetAdapterBinding -IfIndex 12 | Format-Table Name,DisplayName,ComponentID,Enabled -AutoSize

#Disabling Components
Set-NetAdapterBinding -Name EtherNet -ComponentID ms_pacer,ms_tcpip6 -Enabled:$false

#Verify Changes
Get-NetAdapterBinding -IfAlias EtherNet | Format-Table Name,DisplayName,Enabled,ComponentID -AutoSize

 

2.b) Set IP Address and DNS Server Address

The steps involved in assigning an IP address are listing existing IP interfaces, this will include listing the IP Enabled Interfaces, then remove any existing IP Addresses on this network, assign a new IPAddress and Gateway, futher assign a DNS Server IP Address.

#List IP Network Interfaces
Get-NetIPInterface

#Disable DHCP
if((Get-NetIPInterface -ifIndex 12).Dhcp -eq "Enabled"){Set-NetIPInterface -ifIndex 12 -Dhcp Disabled}

#Remove Existing IP Address on this adapter if there is any
Get-NetIPAddress -ifIndex 12 | Remove-NetIPAddress -Confirm:$false

#Remove Default Gateway entries for the Adapter
if(Get-NetRoute -ifIndex 12 -ErrorAction 'SilentlyContinue'){Remove-NetRoute -ifIndex 12 -Confirm:$false}

#Set New IPAddress
New-NetIPAddress -ifIndex 12 -IPAddress 10.10.10.10 -PrefixLength 24 -DefaultGateway 10.10.10.1 -Confirm:$false | Out-Null

#Set DNS IP Addresses
Get-DnsClientServerAddress -InterfaceIndex 12 -AddressFamily IPv4 | Set-DnsClientServerAddress -ServerAddresses 10.10.10.10,10.10.10.20

#Verify Settings
Get-NetIPInterface

First Getting the IP Interfaces and, note down the InterfaceIndex number to modify the settings

Disable DHCP to set the static IP (the radio button in GUI)

Remove Existing IPs assigned to this interface, if you adding additional address dont do this.

Remove any default gateway entries attached to this Interface (not required if there are other IP address configuraion existing and need to be preserved

Assign new IP Address and Gateway

Verify the new IP Address and Default Gateway

Set DNS Server IP Address

Finally, Review using good old ipconfig (Just Kidding, we have a Cmdlet for that too)

 

3) Install Active Directory Domain Services

3.1) Install Windows Feature  AD-Domain-Services

# Installing Features required for AD DS
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

#List all the cmdlets available for DS Deployment:
Get-Command -Module ADDSDeployment
# Use Test-ADDSForestInstallation to check the pre-requisites

3.2) Install AD Forest

#Installing AD DS the below in single line
Install-ADDSForest -DomainMode Win2008R2 -DomainName "get-exchange.local" -DomainNetBiosName "GetExchange" -ForestMode Win2008R2
-InstallDns -NoDnsOnNetwork -NoRebootOnCompletion -SafeModeAdministratorPassword $("P@ssw0rd123" | 
Convertto-SecureString -AsPlainText -Force) -Confirm:$false -force -Whatif
#
#

IMPORTANT: I did use -whatif, but due to whatever reason, it was not respected, so note it

Reboot the server now and then test forest installation using below cmdlet

#Testing Forest Installation
Test-ADDSForestInstallation

Check the status detail and correct, Run again and check the status, it shows error on above, but trust me, i got confused with this cmdlet. Read about it here, this cmdlet is actually for checking your pre-requisites before the actual installation of the ADForest. In my opinion wront naming for this cmdlet.

3.3) Configure DNS

a) Reset DNS Server IP Address as it will go to loop back address during installation

Get-DnsClientServerAddress -InterfaceIndex 12 -AddressFamily IPv4 | 
Set-DnsClientServerAddress -ServerAddresses 10.10.10.10,10.10.10.20

b) Create Reverse lookup zone

 

#10.10.10 is the subnet mast for the IP range
Add-DnsServerPrimaryZone -Name 10.10.10.in-addr.arpa -ReplicationScope Forest -DynamicUpdate Secure
#
#

Check DNS (Launch)

NSLOOKUP (yes, i couldnt yet find a replacement for this guy in powershell)

So, what wer are still missing is  ptr record for the DNS server

c) Create PTR Record to DC

#
Add-DnsServerResourceRecordPtr -ZoneName 10.10.10.in-addr.arpa -PtrDomainName win2012dc.get-exchange.local -Name 10
#

Verify now, by using nslookup, it should work

3.4) Verifying the forest and domain modes: 

(Get-ADForest).ForestMode
(Get-ADDomain).DomainMode

 

4) Basic Configuration and setting up the environment

4.1) Create Two OUs

First i would create an OU for the accounts i will be creating in this domain to seperate them from other inbuilt accounts.  Then one OU for Test Account and another for Service Accounts or special purpose accounts.

#Creating an OU in Domain Root
New-ADOrganizationalUnit "MyObjects"

#Creating two OUs under MyObjects OU
New-ADOrganizationalUnit "Test-Accounts"  -Path "ou=MyObjects,dc=get-exchange,dc=local"

New-ADOrganizationalUnit "Special-Accounts"  -Path "ou=MyObjects,dc=get-exchange,dc=local"

 

4.1) Creating User Accounts

#Creating a test account
New-ADUser -Name TestUser01 -SamAccountName TestUser01 -GivenName Test -Surname User01 -DisplayName "Test User 01" -Enabled:$true -AccountPassword $("P@ssw0rd1" | ConvertTo-SecureString -AsPlainText -Force) -Path "ou=Test-Accounts,ou=MyObjects,dc=get-exchange,dc=local"

#Creating a special account
New-ADUser -Name ExAdmin -SamAccountName ExAdmin -DisplayName "ExAdmin (Exchange Service Account)" -Enabled:$true -AccountPassword $("P@ssw0rd1" | ConvertTo-SecureString -AsPlainText -Force) -Path "ou=Special-Accounts,ou=MyObjects,dc=get-exchange,dc=local"

 

4.3) Adding special account to required Groups:

#Add Service Account to the Full Previlege Groups
Add-ADGroupMember -Identity "Enterprise Admins" -Members ExAdmin

#Add Service Account to the Full Previlege Groups
Add-ADGroupMember -Identity "Domain Admins" -Members ExAdmin

#Add Service Account to the Full Previlege Groups
Add-ADGroupMember -Identity "Schema Admins" -Members ExAdmin

How does it loook now from the Active Directory Users and Computers

 

5) Now, in case you want to Uninstall DC ( old demotion using dcpromo.exe )

-LastDomainControllerInDomain is only required if the domain is completely getting removed and this is the last DC.

 

Thats all  on Installing  AD Domain Services.

Quick Summary on Cmdlets from AD and Network:

If you want to see the cmdlets available in winsrv8 for Network related configuration, you can run below cmdlets:

As you see there are about 8 Modules related to Network, from Adapter, to Security to QoS, in total there is about 238 cmdlets and NetConnection remains the small one with just two cmdlets.

finally if you check the cmdlets on ActiveDirectory Module on Win8RP you would see 135 cmdlets where as in Windows Server 2008 R2 you would see 76 Cmdlets.

Whats Next Post? Of cause Exchange 2013 First Server..

Cheers!

And Powershell Bangalore User Group (@psbug) Inaugural Meet in 14Hrs

July 28th, 2012 2 comments

Too much of enthusiasm in the air as we (as we the ITPros and Devs in Bangalore) go Live with our First Powershell Bangalore User Group Meeting. Having around ~100 Registrations this event is going to be Big.  The FB Group for @psbug is already full of fruitful conversations around Powershell and tomorrow it all going in person and we meet in person the guys and share our experience.

First i should give a big applaud to Ravikanth for taking this great initiative and bringing all together to it.  I am excited about this event and as discussed on the Group page if Ravi calls my name also to share how we started learning powershell, i am nervous about it due the butterflies :-)

More to the fun, my friends Manas, Sudeeptha, and Pinal sir are also joining tomorrow, i guess after TechEdIn 2012 this will be a great event.

One important point PSBug is part of our Successful community BITPro, due to the importance and demand i feel it makes sense to have a group dedicated for content around Powershell.

 

This is how my psbug timer looks like now:

 

Here is the code for the same:

Description: http://www.ravichaganti.com/blog/?p=2598

Code:

$timer = New-Object System.Timers.Timer
$timer.Interval = 1000
Register-ObjectEvent -InputObject $timer -EventName Elapsed -Action {
$timespan = New-TimeSpan -End "28 July 2012 14:00:00"
$days = $timespan.days
$hours = $timespan.hours
$Host.ui.rawui.WindowTitle = "The Power Of Shell: $($days) days and $($hours) hours until the first PSBUG bite!"
} | Out-Null 
$timer.start()

Agenda and Venue Details: http://psbug-july282012.eventbrite.com/

What others are talking about the event:

Conversation from the social media: PSBug FB

Twitter: @psbug

Sudeepta writes: sudeeptaganguly.wordpress.com

Announcement: http://www.ravichaganti.com/blog/?p=2584

Bangalore on powershellgroup.org : http://powershellgroup.org/bangalore.india

Let us make this a big succcess together!

Don’t forget

$(UG -eq Learning+Networking)

Happy learning the Shell!!

Categories: Community, Powershell Tags:

My Date with the Date [DateTime] in PowerShell

July 16th, 2012 2 comments

I have been working on few reporting scripts for an Exchange 2010 Monthly Service Level  Report.  This included getting list of files from a folder based on some date duration.  For example the script is scheduled to run on the first day of every month and it should collect and analyze log files from the first day to last day of the previous month.

So here is what I did use:

$Date = Get-Date
[datetime]$Start = Get-Date -Month $Date.AddMonths(-1).Month -Day 1 -Year $Date.Year -Hour 0 -Minute 0 -Second 0
#
#

Everything went well, except while testing one thing strange was found this doesn’t really list all the files created between the time span provided. Lets look at the below example:

The folder c:\temp contains 50 .txt files, below figure just shows it, and all the files are created at time 15-July-2012 13:1500

Now lets get a list of files created from time 13:15:00 (this is just an example, in my scripts I need to list all the files created from time 12:00:00 AM onwards). 

You see the issue here, this does just don’t list 9 files out of my 50 files. After digging for a while I could figure out this has something to do with “Millisecond”.  Lets have a look at this property of our $start variable and the file creation time property. What I see in below picture is the file creation time’s millisecond value is clearly below the Millisecond property of my $start time. And see the Ticks value which is probably used for the comparison.

But if I have to just do a point in time comparison such as below, I do not have this issue, it goes well.

$Start = $(Get-Date).AddMonths(-1)

Lets come back and see the solutions available for my initial problem:

Option 1: Set the Millisecond Property to zero

You cannot directly Assign a value to Millisecond Property as this is a read only property.  So I did use the AddMilliseconds() Method like below:

[datetime]$Start = $(Get-Date -Month $Date.AddMonths(-1).Month -Day 1 -Year 2012 -Hour 0 -Minute 0 -Second 0)
[datetime]$Start = $Start.AddMilliseconds(-$Start.Millisecond)

#

 

Option 2: Change the time format used to generate the $start DateTime object:

If you are using the cmdlet as below the Millisecond is set to zero:

 

How to implement this in script:

Get-Date has a -Format Parameter, by which you can just pass “MMM” and get the Month name of the DateTime Object

Method 1: Use  full date time values using a $Date variable stored with Date

$Date = Get-Date
[datetime]$Start = Get-Date "01 $(Get-Date $($Date).AddMonths(-1) -Format MMM) $($Date.Year) 00:00:00"

#

 

Method 2: Use [datetime]:: Static Methods instead of using the $Date variable

[datetime]$Start = Get-Date "01 $(Get-Date $([datetime]::Now).AddMonths(-1) -Format MMM)  $([datetime]::Now.Year) 00:00:00"
#
#

   Here you could shorten the code using fomart such as (example date 15 Dec 2011):

Get-Date "15 12 2011 00:00:00"
Get-Date "12 15 2011 00:00:00"

#To get the month number use $(Get-Date).Month property, in above two examples you don’t need to get the month in MMM format such as Jun or May. That makes it neat and clean.

 But there is a catch, in this method you should know the culture (use Get-Culture), otherwise if you use the wrong date format than the current format in current culture – it will throw an Exception, so you should always create scripts which can be run on any machine, with any language and time zone set [ Think of Internationlization and Universal Code Execution - Powershell Manifesto ]. Below is the Error if wrong format is used:

Option 3:  Set the milliseond property while creating the date time object

Get-Date -Month 7 -Day 15 -Year 2012 -Hour 13 -Minute 15 -Second 0 -Millisecond 0

NOTE: The parameter -Millisecond is only available in V3 of Get-Date Cmdlet.

 Now all is good:

 

I hope sharing this situation could be helpful to some one. Enjoy learning

Please pass your feedback or suggestions.

 Cheers!

 

Categories: Powershell Tags: