BSonPoSH

Using some regex magic and some custom object mojo I threw together this DCDiag objectifier.

These are very early bits (only spent a few minutes on it) and may not go any further as I think this would be better as a cmdlet, but it was fun to play with and show some of the POWER you have at your finger tips.

The Code

tshell :: Apr.28.2009 :: All :: 1 Comment »

In my previous article: Command line guide for Server Core. I listed a bunch of product keys. I received several emails quickly pointing this out, but I want to ease their minds. It was intentional.

Those are not my nor my companies product keys. Those keys are actually the default keys that tell the Host to use KMS server for activation. You can also find them listed here Volume Activation 2.0 Deployment Guide on the bottom of the article.

tshell :: Apr.26.2009 :: Active Directory, All :: No Comments »

In my previous article: Command line guide for Server Core. I listed a bunch of product keys. I received several emails quickly pointing this out, but I want to ease their minds. It was intentional.

Those are not my nor my companies product keys. Those keys are actually the default keys that tell the Host to use KMS server for activation. You can also find them listed here Volume Activation 2.0 Deployment Guide on the bottom of the article.

tshell :: Apr.24.2009 :: All :: No Comments »

Tomorrow Laura Hunter and Brian Desmond will be doing a webcast discussing and premoting the new Active Directory features in Windows Server 2008 R2 as well as answering AD questions. They have a 90 minute slot and they expect to spend ~45-60 minutes on R2 and the remainder taking questions on the presentation and AD in general.

The webcast is hosted by O?Reilly and is free to attend. If you can?t make it, a recording will be available.

Here are the details:

Registration Link - HERE

Date: Friday, April 24, 2009

Time: 10am PT, San Francisco
6pm - London | 1pm - New York | Sat, Apr 25th at 3am - Sydney | Sat, Apr 25th at 2am - Tokyo | Sat, Apr 25th at 1am - Beijing | 10:30pm - Mumbai

Presented by: Brian Desmond, Laura E. Hunter

Duration: Approximately 90 minutes.

Cost: Free

tshell :: Apr.24.2009 :: Active Directory, All :: No Comments »

I have been doing a lot of server core builds as of late and here are list of commands I have found useful.

Set Interface ID
netsh interface set interface name=";Old Name"; newname=";New Name";

Set IP
netsh interface ipv4 set address name=";<ID>"; source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>

Set DNS
netsh interface ipv4 add dnsserver name=";<Interface ID>"; address=<DNSIP> index=1
netsh interface ipv4 add dnsserver name=";ExtraNet"; address=1.1.1.1 index=1

Set Proxy
netsh winhttp set proxy proxy-server=";http=myproxy;https=sproxy:88″ bypass-list=";*.contoso.com";

Set Computer Name
# Use hostname from the command prompt to get current name
netdom renamecomputer <ComputerName> /NewName:<NewComputerName>

Join Domain
netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /passwordd:*

Set the Default scripting engine to cscript
cscript //H:Cscript

To Activate via KMS server
slmgr -ipk YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
slmgr -skms <KMSServer>:1688
slmgr -ato
slmgr -ato # Yes twice

Running Windows Update
http://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx

Disable Firewall
netsh advfirewall set allprofiles state off

Allow Remote Desktop
netsh advfirewall firewall set rule group=";remote desktop"; new enable=yes

Allow Remote Administration
netsh advfirewall firewall set rule group=";Remote Administration"; new enable=yes

Allow Remote Firewall Administration
netsh advfirewall firewall set rule group=?Windows Firewall Remote Management? new enable=yes

Allow Ping
netsh firewall set icmpsetting 8

Connect to remote Server Core w/ out domain (this is done on management box)
cmdkey /add:<ServerCore> /user:<UserName> /pass:<password>

Export Security Policy
secedit /export /db secedit.sbd /cfg <Policy File Name>

Import Security Policy
secedit /configure /db secedit.sdb /cfg sctest.inf /overwrite

Allow Remote Disk Management
THIS HAS to be done on BOTH SIDES!!!
netsh advfirewall firewall set rule group=";Remote Volume Management"; new enable=yes

Allow Remote Device Mgr
1. On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
2. Connect to the Server Core installation
3. Navigate to Computer ConfigurationAdministrative TemplatesDevice Installation
4. Enable ?Allow remote access to the PnP interface?
5. Restart the Server Core installation
or
Via GPO

Things to Note:
- Firewall rules will have to be re-adjusted after Domain Join

Good Links for more info
Server Core Installation Option of Windows Server 2008 Step-By-Step Guide:
http://technet.microsoft.com/en-us/library/cc753802.aspx#bkmk_managingservercore

Windows Server 2008 Network Shell (Netsh) Technical Reference:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f41878de-2ee7-4718-8499-2ef336db3df5

-Volume Activation 2.0 Deployment Guide
http://technet.microsoft.com/en-us/library/cc303280.aspx#

Product SKUs for Volume Licensing
==================================
Operating System Edition || Product Key
Windows Vista Business || YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N || HMBQG-8H2RH-C77VX-27R82-VMQBT
Windows Vista Enterprise || VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Windows Vista Enterprise N || VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008 Datacenter || 7M67G-PC374-GR742-YH8V4-TCBY3
Windows Server 2008 Datacenter without Hyper-V || 22XQ2-VRXRG-P8D42-K34TD-G3QQC
Windows Server 2008 for Itanium-Based Systems || 4DWFP-JF3DJ-B7DTH-78FJB-PDRHK
Windows Server 2008 Enterprise || YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 Enterprise without Hyper-V || 39BXF-X8Q23-P2WWT-38T2F-G3FPG
Windows Server 2008 Standard || TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Standard without Hyper-V || W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Windows Web Server 2008 || WYR28-R7TFJ-3X2YQ-YCY4H-M249D

tshell :: Apr.24.2009 :: Active Directory, All :: No Comments »

I have been doing a lot of server core builds as of late and here are list of commands I have found useful.

Set Interface ID
netsh interface set interface name=”Old Name” newname=”New Name”

Set IP
netsh interface ipv4 set address name=”<ID>” source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>

Set DNS
netsh interface ipv4 add dnsserver name=”<Interface ID>” address=<DNSIP> index=1
netsh interface ipv4 add dnsserver name=”ExtraNet” address=1.1.1.1 index=1

Set Proxy
netsh winhttp set proxy proxy-server=”http=myproxy;https=sproxy:88″ bypass-list=”*.contoso.com”

Set Computer Name
# Use hostname from the command prompt to get current name
netdom renamecomputer %COMPUTERNAME% /NewName:<NewComputerName>

Join Domain
netdom join %COMPUTERNAME% /domain:<DomainName> /userd:<UserName> /passwordd:*

Set the Default scripting engine to cscript
cscript //H:Cscript

To Activate via KMS server
slmgr -ipk YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
slmgr -skms <KMSServer>:1688
slmgr -ato
slmgr -ato  # Yes twice

Running Windows Update
http://msdn.microsoft.com/en-us/library/aa387102(VS.85).aspx

Disable Firewall
netsh advfirewall set allprofiles state off

Allow Remote Desktop
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes

Allow Remote Administration
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes

Allow Remote Firewall Administration
netsh advfirewall firewall set rule group=”Windows Firewall Remote Management” new enable=yes

Allow Ping
netsh firewall set icmpsetting 8

Connect to remote Server Core w/ out domain (this is done on management box)
cmdkey /add:<ServerCore> /user:<UserName> /pass:<password>

Export Security Policy
secedit /export /db secedit.sbd /cfg <Policy File Name>

Import Security Policy
secedit /configure /db secedit.sdb /cfg sctest.inf /overwrite

Allow Remote Disk Management
THIS HAS to be done on BOTH SIDES!!!
netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes

Allow Remote Device Mgr
1.    On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
2.    Connect to the Server Core installation
3.    Navigate to Computer Configuration\Administrative Templates\Device Installation
4.    Enable “Allow remote access to the PnP interface”
5.    Restart the Server Core installation
or
Via GPO

Things to Note:
- Firewall rules will have to be re-adjusted after Domain Join

Good Links for more info
Server Core Installation Option of Windows Server 2008 Step-By-Step Guide:
http://technet.microsoft.com/en-us/library/cc753802.aspx#bkmk_managingservercore

Windows Server 2008 Network Shell (Netsh) Technical Reference:
http://www.microsoft.com/downloads/details.aspx?FamilyID=f41878de-2ee7-4718-8499-2ef336db3df5

-Volume Activation 2.0 Deployment Guide
http://technet.microsoft.com/en-us/library/cc303280.aspx#

NOTE: I am not crazy… these Product keys are public record. They simply tell the host to require a KMS server to activate.
Product SKUs for Volume Licensing
==================================
Operating System Edition || Product Key
Windows Vista Business || YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N || HMBQG-8H2RH-C77VX-27R82-VMQBT
Windows Vista Enterprise || VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Windows Vista Enterprise N || VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008  Datacenter || 7M67G-PC374-GR742-YH8V4-TCBY3
Windows Server 2008 Datacenter without Hyper-V || 22XQ2-VRXRG-P8D42-K34TD-G3QQC
Windows Server 2008 for Itanium-Based Systems || 4DWFP-JF3DJ-B7DTH-78FJB-PDRHK
Windows Server 2008 Enterprise || YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 Enterprise without Hyper-V || 39BXF-X8Q23-P2WWT-38T2F-G3FPG
Windows Server 2008 Standard  || TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Standard without Hyper-V ||  W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Windows Web Server 2008  || WYR28-R7TFJ-3X2YQ-YCY4H-M249D

More from Mr Jay Closky

---

More DNS settings via Registry
NOTE: use regedit.exe or reg.exe to configure

The primary DNS suffix is stored in the registry in the following location:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

You might want to change the values for the following registry keys:

Domain (REG_SZ)
This value contains the DNS Suffix for the Network Connection on your Server Core box. Changing it will immediately change your DNS Suffix.

SearchList (REG_SZ)
This value contains the DNS Suffix search order list. You can add DNS Suffixes here to use when searching other servers.

NetBIOS over TCP/IP:
====================
In Server Core installations of Windows Server 2008 NetBIOS? over TCP/IP (NetBT? is enabled by default when you configure IPv4 manually. You can disable it by editing the registry. The NetBIOS over TCP/IP setting is stored in the following location:

HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces

Underneath this location you’ll find a registry key (depicted as a folder) starting with tcpip_ followed by a GUID for every network connection. Find the network connection for which you want to disable NetBIOS over TCP/IP. (NetBT) In the value you’d find a REG_DWORD value named NetBiosOptions?. This value would have a value of 2. (enabled)

To disable NetBIOS over TCP/IP change the value to 0. (disabled)

DNS REGISTRATION OPTIONS:
========================
On a full installation of Windows Server 2008 there are a few options for DNS registration on the DNS tab of the advanced properties of the IP version4 configuration of a Network Connection.

In Server Core you can achieve these settings as well, but only when you set the DNS Server. (fortunately you can set it as many times as you like) Also, you have to specify DNS Suffixes first. When you set the DNS Server you can optionally use the register= switch at the end of the command. The three switch options are none, primary and both.

None
Specifying Register=None would result in your Server Core box not registering its DNS name with any of its DNS suffixes. This effectively disables Dynamic DNS Registration.

Primary
With Register=Primary your Server Core installation will register its hostname together with its primary DNS suffix with the DNS Server you set.

Both
When you tell your Server Core box to Register=Both it will register its hostname with its primary DNS suffix and the connection specific DNS suffix with the DNS Server you set.

tshell :: Apr.24.2009 :: All :: 2 Comments »

Tomorrow Laura Hunter and Brian Desmond will be doing a webcast discussing and premoting the new Active Directory features in Windows Server 2008 R2 as well as answering AD questions. They have a 90 minute slot and they expect to spend ~45-60 minutes on R2 and the remainder taking questions on the presentation and AD in general.

The webcast is hosted by O’Reilly and is free to attend. If you can’t make it, a recording will be available.

Here are the details:

Registration Link – HERE

Date: Friday, April 24, 2009

Time: 10am PT, San Francisco
6pm – London | 1pm – New York | Sat, Apr 25th at 3am – Sydney | Sat, Apr 25th at 2am – Tokyo | Sat, Apr 25th at 1am – Beijing | 10:30pm – Mumbai

Presented by: Brian Desmond, Laura E. Hunter

Duration: Approximately 90 minutes.

Cost: Free

tshell :: Apr.23.2009 :: All :: No Comments »

Tomorrow Laura Hunter and Brian Desmond will be doing a webcast discussing and premoting the new Active Directory features in Windows Server 2008 R2 as well as answering AD questions. They have a 90 minute slot and they expect to spend ~45-60 minutes on R2 and the remainder taking questions on the presentation and AD in general.

The webcast is hosted by O’Reilly and is free to attend. If you can’t make it, a recording will be available.

Here are the details:

Registration Link - HERE

Date: Friday, April 24, 2009

Time: 10am PT, San Francisco 6pm - London | 1pm - New York | Sat, Apr 25th at 3am - Sydney | Sat, Apr 25th at 2am - Tokyo | Sat, Apr 25th at 1am - Beijing | 10:30pm - Mumbai

Presented by: Brian Desmond, Laura E. Hunter

Duration: Approximately 90 minutes.

Cost: Free

tshell :: Apr.22.2009 :: Active Directory, All :: No Comments »

If you were told you needed to move your GUI based management application to Powershell what would you do? How would you approach the design spec so that you maintain what your user base expects while providing the extra benefit of a CLI interface.

This is an interesting problem and one that I expect many will have in the future. I have thought about this at great length and decided that if you take the "task base" approach it is much simpler than you may first expect.

Let me illustrate what I mean using the dnsmgmt.msc interface. How would we go about converting that to a Powershell base cli that we could build a GUI on?

First I would break down the existing GUI into components. Like Servers, Zones, and Records. I would then think about what I could do to those components. Finally I would think of edge case scenarios that do not fit this generic model.

Using this method we would end up with something like this (not complete... just for illustration)

Basic:
------

• Add-DNSServer
• Get-DNSServer
• Set-DNSServer
• Remove-DNSServer
• New-DNSZone
• Get-DNSZone
• Set-DNSZone
• Remove-DNSZone
• New-DNSRecord
• Get-DNSRecord
• Set-DNSRecord
• Remove-DNSRecord
• ...

Edge Case:
----------

• Get-DNSInterface
• Set-DNSInterface
• Get-DNSRootHint
• Set-DNSRootHint
• Get-DNSForwarder
• Set-DNSForwarder
• Remove-DNSForwarder
• ...

Using this method allows you design a scalable GUI bases on a solid CLI while maintaining a consistent.

What do you think?

tshell :: Apr.21.2009 :: Active Directory, All :: No Comments »

This weekend I did a Powershell session at a codecamp in Philly. During my session I was reminded of a old blog post of mine and the discussion Gil and I had. I thought this would be a perfect post for TheExpertsCommunity. I would love feedback on your thoughts.

I wanted to make a case for using task based cmdlets instead of methods when designing Snapins. There have been several "Vendors" that have produced cmdlets for Powershell: Exchange, Citrix, VMWare, and IBM to name a few. Most have done very well here, but this is one thing I think the VMware team excelled at.

Here is the basic Goal

Get-Something | Filter | Change-Something | Save-Something

The thing to avoid: Depending on methods for object task.

Get-Something | %{$_.DoSomething()}

Here is an Example of what I mean
Lets say we have a Car Object (class). The Car object has Properties like Make, Model, Color, TireCount, Size, and Type. We also have things we can do with a car like start , turn off, stop, turn, load, and unload.

We could approach this by creating a Car class with the set properties and methods. This may seem simpler, but it is not intuitive for your typical Admin. Your typical admin does not want to do this

Get-Car | ?{$_.Type -eq "MiniVan"} | %{$_.LoadPeople()} | %{$_.Start()} | %{$_.Turn("Right")} | %{$_.Stop()} | %{$_.UnLoadPeople()}

Ideally from an Admin perspective a bunch of Task oriented cmdlets would be your best bet. Let’s assume you had these cmdlets instead of Methods:

• Get-Car
• New-Car
• Remove-Car
• Start-Car
• Stop-Car
• Invoke-TurnCar
• Invoke-LoadCar
• Invoke-UnLoadCar
• Set-Car

Your admin can now do this

Get-Car -Type "MiniVan" | Invoke-LoadCar | Start-Car | Invoke-TurnCar -Right | Stop-Car | Invoke-UnloadCar

This reads more like a sentence than script syntax.

tshell :: Apr.19.2009 :: Active Directory, All :: No Comments »