How to tell if you’re running on Windows Server Core

I have a bunch of scripts I use when I'm building a lab to install "stuff" (that's the Technical Term we IT Professionals use) that I need to manage and work with a virtual machine. Now, when I build from a SysPrep'd image, that's not an issue, but if I have to build from an ISO, I want to automate the process as much as possible. So I have a couple of Setup scripts I run that install gVim, HyperSnap (my screen capture tool), and various other things.

As I was building a new lab this week, I realized that those scripts were all designed to deal with full GUI installations, and had no provisions for not installing applications that make no sense and can't work when there's only a Server Core installation. So, time to find out how I can tell if I'm running as Server Core, obviously. A bit of poking around, and I came up with the following:

$regKey = "hklm:/software/microsoft/windows nt/currentversion"
$Core = (Get-ItemProperty $regKey).InstallationType -eq "Server Core"

(You could do that as a single line, obviously, but I broke it up to make it easier to see on the page. )

The result is stored as a Boolean value in $Core, and I can now branch my installation decisions based on the value of $Core. (Note there ARE other ways to determine whether you're running on Server Core, but they appear to all be programmatic ones not well suited to the avowedly non-programmer IT system administrator types like me. )

Building a Lab in Hyper-V with PowerShell, Part 5

Deploying a DHCP Server

Now that you have your forest and domain installed, including DNS, the next step to setting up a lab is the DHCP server.  Start by creating a new VM for the DHCP server, trey-dhcp-03. (For details on how to create a VM with PowerShell, see Building a Lab in Hyper-V Part 2 and Part 3. ) There's no particular need to make this a GUI installation, so build it as a Server Core installation. We'll do the configuration all in PowerShell anyway.

 

Next, Install the DHCP role, add the local groups required, and authorize it in Active Directory. (Do note the slightly different server name when you go to do that, please, and you don't need or want to promote this server to a domain controller. )

 

Now, as you'll remember from earlier posts in this series, I configure all my VMs with known MAC addresses by first defining the range and then requiring a MAC address final pair parameter to New-myVM.ps1This allows me to now configure a set of reservations for each VM in the lab, simplifying connections and making it a lot easier for me to keep track what is where.

 

Assuming by now you have installed the DHCP role and authorized it in Active Directory, the next step is to set up your IPv4 and IPv6 ranges. We do that by first adding a scope, then setting exclusion ranges and finally scope options. For IPv4, this is three commands:

Add-DhcpServerv4Scope -Name "Trey-Default" `
                      -ComputerName "trey-dhcp-03" `
                      -Description "Default IPv4 Scope for Lab" `
                      -StartRange "192.168.10.1" `
                      -EndRange   "192.168.10.220" `
                      -SubNetMask "255.255.255.0" `
                      -State Active `
                      -Type DHCP `
                      -PassThru

Add-DhcpServerv4ExclusionRange -ScopeID "192.168.10.0" `
                               -ComputerName "trey-dhcp-03" `
                               -StartRange "192.168.10.1" `
                               -EndRange   "192.168.10.20" `
                               -PassThru

Set-DhcpServerv4OptionValue -ScopeID 192.168.10.0 `
                            -ComputerName "trey-dhcp-03" `
                            -DnsDomain "TreyResearch.net" `
                            -DnsServer "192.168.10.2" `
                            -Router "192.168.10.1" `
                            -PassThru

Now,  the same process for IPv6, though I usually do NOT create IPv6 reservations, but do want to set some default values.

Add-DhcpServerv6Scope -Name "Trey-IPv6-Default" `
                         -ComputerName "trey-dhcp-03" `
                         -Description "Default IPv6 Scope for Lab" `
                         -Prefix 2001:db8:0:10:: `
                         -State Active `
                         -PassThru

Add-DhcpServerv6ExclusionRange –ComputerName trey-dhcp-03 `
                               -Prefix 2001:db8:0:10:: `
                               -StartRange 2001:db8:0:10::1 `
                               -EndRange   2001:db8:0:10::20 `
                               -PassThru

Set-DhcpServerv6OptionValue -Prefix 2001:db8:0:10:: `
                               -ComputerName "trey-dhcp-03" `
                               -DnsServer 2001:db8:0:10::2 `
                               -DomainSearchList "TreyResearch.net" `
                               -PassThru

Now, create a CSV file with Names,MAC addresses(ClientID), and IPv4 Addresses. You can use your favourite plain text editor (mine is gVim), or Excel to create the CSV file. My lab has the following for the 192.168.10.xxx range of IP addresses:

Name,ClientID,IPAddress
trey-edge-01,00-15-5D-32-0A-01,192.168.10.1
trey-dc-02,00-15-5D-32-0A-02,192.168.10.2
trey-dhcp-03,00-15-5D-32-0A-03,192.168.10.3
trey-dc-04,00-15-5D-32-0A-04,192.168.10.4
trey-srv-05,00-15-5D-32-0A-05,192.168.10.5
trey-wds-11,00-15-5D-32-0A-0B,192.168.10.11
Trey-Srv-12,00-15-5D-32-0A-0C,192.168.10.12
Trey-Srv-13,00-15-5D-32-0A-0D,192.168.10.13
Trey-Srv-14,00-15-5D-32-0A-0E,192.168.10.14
Trey-Srv-15,00-15-5D-32-0A-0F,192.168.10.15
Trey-Srv-16,00-15-5D-32-0A-10,192.168.10.16
Trey-client-21,00-15-5D-32-0A-15,192.168.10.21
Trey-client-22,00-15-5D-32-0A-16,192.168.10.22
Trey-client-23,00-15-5D-32-0A-17,192.168.10.23
Trey-client-24,00-15-5D-32-0A-18,192.168.10.24
Trey-client-25,00-15-5D-32-0A-19,192.168.10.25

Save the CSV file as "TreyDHCP.csv". Now, to create the reservations, first read in the CSV file with:

$TreyDHCP = Import-CSV TreyDHCP.csv

Then, create the IPv4 reservations with a simple ForEach loop:

ForEach ($addr in $TreyDHCP ) {
   $ErrorActionPreference = "Continue"
   Add-DhcpServerv4Reservation -ScopeID   192.168.10.0 `
                               -Name      $addr.Name `
                               -ClientID  $addr.ClientID `
                               -IPAddress $addr.IPAddress `
                               -PassThru
}

If you run multiple NICs on your lab environment, you'll want to repeat all of the above for the second range of IP addresses.

So, here's the whole thing in a script that supports running remotely.

<#
.Synopsis
Install and configure DHCP for the TreyResearch.net lab environment
.Description
The New-TreyDHCP script installs and configures the DHCP environment for the TreyResearch.net
lab environment. It assumes a DHCP server "trey-dhcp-03" has already been created, but accepts
a parameter to change the server name. 
The script reads a CSV file with the machine names, MAC addresses (ClientIDs), and IPv4
addresses that the that the network will use and then creates IPv4 DHCP reservations for those
machines.
.Example
New-TreyDHCP.ps1
Reads in a list of DHCP addresses from TreyDHCP.csv and configures trey-dhcp-03 as a DHCP
server with those addresses. 
.Example
New-TreyDHCP.ps1 -ComputerName Trey-core-03 -Path c:\temp\dhcp.csv
Reads in a list of DHCP addresses from c:\temp\dhcp.csv and configures the server
Trey-core-03 as a DHCP server with those address reservations. 
.Parameter ComputerName
The server to install and configure DHCP on. Default value is trey-dhcp-03
.Parameter Path
The path to a CSV file with the machine names, client IDs, and IPv4 addresses to configure
DHCP reservations for. The default value is .\TreyDHCP.csv. 
.Inputs
[string]
[string]
.Notes
    Author: Charlie Russel
 Copyright: 2017 by Charlie Russel
          : Permission to use is granted but attribution is appreciated
   Initial: 25 March, 2014 (cpr)
   ModHist: 14 March, 2017 (cpr) Added ComputerName parameter and man page
          : 
#>
[CmdletBinding()]
Param(
     [Parameter(Mandatory=$False)]
     [alias("server")]
     [string]
     $ComputerName = 'trey-dhcp-03',
     [Parameter(Mandatory=$False)]
     [Alias("filename")]
     [string]
     $Path = '.\TreyDHCP.csv'
     )

if ( (Get-WindowsFeature -Name DHCP -ComputerName $ComputerName) -ne "Installed" ) {
  Install-WindowsFeature -Name DHCP -ComputerName $ComputerName -IncludeManagementTools 
}

if (Test-Path $Path ) { 
   $TreyDHCP = Import-CSV $Path 
} else {
   Throw "This script requires an input CSV file with the DHCP Reservations in it."
}

# Find out if the DHCP Server is already authorized. If it is, 
# we assume all the rest of this is done. 
If ( (Get-DhcpServerInDC).DnsName -match $ComputerName ) {
   $IsAuth = $True 
} else {
   $IsAuth = $False 
   $DnsName = $ComputerName + ".TreyResearch.net"
}

# If the server isn't authorized, then nothing is set yet, so set up 
# our DHCP server. 
if (! $IsAuth) {
   Add-DhcpServerInDC -DnsName $DnsName -PassThru
   # Create local groups for DHCP
   # The WinNT in the following IS CASE SENSITIVE
   $connection = [ADSI]"WinNT://$ComputerName"
   $lGroup = $connection.Create("Group","DHCP Administrators")
   $lGroup.SetInfo()
   $lGroup = $connection.Create("Group","DHCP Users")
   $lGroup.SetInfo()
   Add-DhcpServerv4Scope -Name "Trey-Default" `
                         -Description "Default IPv4 Scope for TreyResearch Lab" `
                         -StartRange "192.168.10.1" `
                         -EndRange   "192.168.10.220" `
                         -SubNetMask "255.255.255.0" `
                         -State Active `
                         -Type DHCP `
                         -ComputerName $ComputerName `
                         -PassThru
   Add-DhcpServerv4ExclusionRange -ScopeID "192.168.10.0" `
                                  -StartRange "192.168.10.1" `
                                  -EndRange   "192.168.10.20" `
                                  -ComputerName $ComputerName `
                                  -PassThru
   Set-DhcpServerv4OptionValue -ScopeID 192.168.10.0 `
                               -DnsDomain "TreyResearch.net" `
                               -DnsServer "192.168.10.2" `
                               -Router "192.168.10.1" `
                               -ComputerName $ComputerName `
                               -PassThru
   Add-DhcpServerv6Scope -Name "Trey-IPv6-Default" `
                         -Description "Default IPv6 Scope for TreyResearch Lab" `
                         -Prefix 2001:db8:0:10:: `
                         -State Active `
                         -ComputerName $ComputerName `
                         -PassThru
   Add-DhcpServerv6ExclusionRange -Prefix 2001:db8:0:10:: `
                                  -StartRange 2001:db8:0:10::1 `
                                  -EndRange   2001:db8:0:10::20 `
                                  -ComputerName $ComputerName `
                                  -PassThru
   Set-DhcpServerv6OptionValue -Prefix 2001:db8:0:10:: `
                               -DnsServer 2001:db8:0:10::2 `
                               -DomainSearchList "TreyResearch.net" `
                               -ComputerName $ComputerName `
                               -PassThru
}


ForEach ($addr in $TreyDHCP ) {
   $ErrorActionPreference = "Continue"
   Add-DhcpServerv4Reservation -ScopeID 192.168.10.0 `
                               -Name $addr.Name `
                               -ClientID $addr.ClientID `
                               -IPAddress $addr.IPAddress `
                               -ComputerName $ComputerName `
                               -PassThru
}

I hope you find this script useful, and I'd love to hear comments, suggestions for improvements, or bug reports as appropriate. As always, if you use this script as the basis for your own work, please respect my copyright and provide appropriate attribution.

PowerShell: Rename an Active Directory User

This came up at work the other day. Another admin had attempted to rename an AD User account and it had only partially gotten renamed -- the SAM Account, Name and Display name were all correct, but the old user name was still showing up in a couple of places, including the login screen. The user was not happy, so I was asked to fix it, and provide a script that would handle it correctly. I poked around a bit and found the issue - even if you set all of the obvious properties correctly (and the other admin had missed UPN), it still won't show correctly on that logon screen -- you need to actually rename the AD object itself. So, after I fixed the problem user's account, I wrote up a script to solve the problem for the next time. I chose to use a CSV file as the input, but you could easily re-work this to work off either a CSV file or a set of command-line parameters. But honestly, I don't ever want to have to enter that many command-line parameters for a simple script. Especially if I have more than one to change.

 

The script uses Get-ADUser with the old name, then pipes it to Set-ADUser, and finally pipes it to Rename-ADObject to finish the process.  I even gave it basic help. :)

<#
.Synopsis
Renames the Active Directory users
.Description
Rename-myADUser reads a CSV file to identify an array of users. The users are then renamed to the new name in Active Directory.
.Example
Rename-myADUser
Renames the AD Accounts of the users in the default "ADUsers.csv" source file
.Example
Rename-myADUser -Path "C:\temp\ChangedUsers.txt"
Renames the AD accounts of the users listed in the file C:\temp\ChangedUsers.txt"
.Parameter Path
The path to the input CSV file of format:
OldSam,NewName,GivenName,Surname,DisplayName,SAMAccountName,UserPrincipalName,EmailAddress

The default value is ".\ADUsers.csv".  
.Inputs
[string]
.Notes
    Author: Charlie Russel
 Copyright: 2017 by Charlie Russel
          : Permission to use is granted but attribution is appreciated
   Initial: 03/09/2017 (cpr)
   ModHist: 
          :
#>
[CmdletBinding()]
Param(
     [Parameter(Mandatory=$False,Position=0)]
     [string]
     $Path = ".\ADUsers.csv" 
     )

$ADUsers = @()
If (Test-Path $Path ) {
   $ADUsers = Import-CSV $Path
} else { 
   Throw  "This script requires a CSV file with user names and properties."
}
$PDC = (Get-ADDomain).PDCEmulator
Write-Verbose "The PDC Emulator has been identified as $PDC"
Write-Verbose " "

ForEach ($User in $ADUsers ) {
   Write-Verbose "Modifying $user.OldSam to $user.NewName" 
   Sleep 3
   Get-ADUser -Identity $User.OldSam -Properties * | `
   Set-ADUser -Server $PDC `
              -DisplayName $user.DisplayName `
              -EmailAddress $User.EmailAddress `
              -SamAccountName $User.SamAccountName `
              -GivenName $User.GivenName `
              -Surname $User.Surname `
              -UserPrincipalName $user.UserPrincipalName `
              -PassThru | `
   Rename-ADObject -NewName $user.NewName -Server $PDC -PassThru
}

Building a Lab in Hyper-V with PowerShell, Part 4

Creating a new forest

In the previous sections of this series, I've covered how to build VMs using PowerShell, but labs aren't much good if they don't actually have any structure. So, let's create a new forest and domain to manage our labs. I'm going to assume for this post that you've gotten started already and created a new Windows Server 2012R2 or Windows Server 2016 virtual machine. For this, it can be a graphical install or a Server Core installation and either Server Standard or Datacenter. Since we're going to be using only PowerShell to create the forest, there's no need for a GUI.

The things we'll need to have identified before we start are:

  • Server IP address
  • Server name
  • DNS namespace for the root domain of the forest
  • Domain name for the root domain of the forest
  • DNS Server type (AD-integrated or standalone)

Set Server IP Address

We need set our server to a fixed IP address. While not absolutely required, I think it's a really bad idea to not do this. And, since our lab doesn't yet have DHCP in it, you need to anyway. (We'll add a DHCP server in the next installment. )

To configure the network adapter for a static IP address, I need to know either the interface alias (name) or the interface index. To get those, use Get-NetAdapter from a PowerShell window. (Note: if you're doing this on a new Windows Server Core installation, you can open a PowerShell window with Start PowerShell.exe at the command prompt. To start a PowerShell window automatically for this user, at logon, see my May post. )

Get-NetAdapter | Format-Table -AutoSize Name,Status,IFIndex,MacAddress

Name       Status ifIndex MacAddress
----       ------ ------- ----------
Ethernet 2 Up           3 00-15-5D-32-0A-02
Ethernet   Up           5 00-15-5D-32-CE-02

Which tells us that the DC has two network adapters, and the one that is on the Local-10 switch (from New-myVM.ps1) is at an ifIndex of 3, while the one on the "199 Network" switch has an ifIndex of 5. Now, we'll set the static IP addresses for these two adapters. First, the NIC on Local-10:

# Set IPv4
$NIC2 = Get-NetAdapter -ifIndex 3
$NIC2 | Set-NetIPInterface -DHCP Disabled
$NIC2 | New-NetIPAddress -AddressFamily  IPv4 `
                         -IPAddress      192.168.10.2 `
                         -PrefixLength   24 `
                         -Type Unicast `
                         -DefaultGateway 192.168.10.1
# Set IPv6
$NIC2 | New-NetIPAddress -AddressFamily  IPv6 `
                         -IPAddress      2001:db8:0:10::2 `
                         -PrefixLength   64 `
                         -Type Unicast `
                         -DefaultGateway 2001:db8:0:10::1

# Set DNS Server Addresses to self
Set-DnsClientServerAddress -InterfaceIndex  $NIC2.ifIndex `
                           -ServerAddresses 192.168.10.2,2001:db8:0:10::2

#Now, for the 199 Network, which I use for internal communications between lab hosts, I want to set a pure IPv4 address with no IPv6, so instead of setting an IPv6 address for the NIC, I'll disable it with Disable-NetAdapterBinding.

$NIC = Get-NetAdapter -ifIndex 5

# Disable IPv6
Disable-NetAdapterBinding -Name $NIC.Name -ComponentID ms_tcpip6

# Set IPv4 to 192.168.199.2
$NIC | Set-NetIPInterface -Dhcp Disabled
$NIC | New-NetIPAddress -AddressFamily IPv4 `
                        -IPAddress     192.168.199.2 `
                        -PrefixLength  24 `
                        -Type Unicast
# Set DNS to self
Set-DnsClientServerAddress -InterfaceIndex  $NIC.ifIndex `
                           -ServerAddresses 192.168.199.2

(Note: Set-NetAdapterBinding is not available on Windows 7/Server 2008 R2)

 

Set Server Name

Next, let's set the name of the server to match our naming conventions for this lab. We do this now, knowing it will force a reboot before we go any further.

Rename-Computer -NewName trey-dc-02 -Restart -Force

This will give the computer a new name and restart it.

 

Create Forest and Install AD-integrated DNS

Now that we have static IP addresses for our network adapters, and we've set the name of the server, we can go ahead and create our AD forest. First, we install Active Directory and update the PowerShell Help files with:

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Update-Help -SourcePath \\labhost\PSHelp

This installs the ActiveDirectory and ADDSDeployment modules that we'll need to create the forest. Now, we promote the server to be the first domain controller in the new forest. Before we do the actual install, we test to make sure we don't have any issues with Test-ADDSForestInstallation:

Test-ADDSForestInstallation `
       -DomainName 'TreyResearch.net' `
       -DomainNetBiosName 'TREYRESEARCH' `
       -DomainMode 6 `
       -ForestMode 6 `
       -NoDnsOnNetwork `
       -SafeModeAdministratorPassword (ConvertTo-SecureString `
                                                  -String 'P@ssw0rd' `
                                                  -AsPlainText `
                                                  -Force) `
       -NoRebootOnCompletion

Even though this is a brand new forest in an isolated lab setting, it's still a good practice to test before you actually deploy. And it doesn't cost all that much time or annoyance. I've included the SafeModeAdministratorPassword parameter to avoid the prompts for it. This is a lab, not real life. :) Also note that we're setting the forest and domain modes to Server2012R2. If you need earlier versions of domain controllers in your lab, you can set the mode accordingly.

The results of the test are as expected:

WARNING: Windows Server 2016 domain controllers have a default for the security setting named "Allow cryptography
algorithms compatible with Windows NT 4.0" that prevents weaker cryptography algorithms when establishing security
channel sessions.

For more information about this setting, see Knowledge Base article 942564
(http://go.microsoft.com/fwlink/?LinkId=104751).

WARNING: A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it
 does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually
create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain
"TreyResearch.net". Otherwise, no action is required.


Message                          Context                                  RebootRequired  Status
-------                          -------                                  --------------  ------
Operation completed successfully Test.VerifyDcPromoCore.DCPromo.General.3          False Success

With that confirmation, we can go ahead and finish creating the forest and configuring DNS with the command:

Install-ADDSForest `
     -DomainName 'TreyResearch.net' `
     -DomainNetBiosName 'TREYRESEARCH' `
     -DomainMode 6 `
     -ForestMode 6 `
     -NoDnsOnNetwork `
     -SkipPreChecks `
     -SafeModeAdministratorPassword (ConvertTo-SecureString `
                                                  -String 'P@ssw0rd' `
                                                  -AsPlainText `
                                                  -Force) `
     -Force

You'll notice that the options here match our test pass, except I chose to bypass a second test. If you want to keep your SafeMode Administrator password private you can eliminate that parameter and you'll be prompted at the command line. When this finishes and the server has rebooted, you can log in with the TREYRESEARCH\Administrator account and the local Administrator password you had before you promoted the VM to be a domain controller.  This may or may not be the same as the SafeModeAdministratorPassword you set during the installation.

Nested Hyper-V Networking

As I was trying to configure a new lab setup that takes advantage of nested Hyper-V so that I can build a lab to do Hyper-V host clustering, I ran into a problem with networking. Everything looked good on the "host1" virtual machine, but the domain controller I created for TreyResearch.net that runs as a nested VM on host1 couldn't connect to anything outside of host1. Which would end up being a pain fairly quickly. But after a good bit of poking around, I found the solution - either enable MAC Address Spoofing on host1, or configure a NAT switch on host1. For most of us, the MAC Address Spoofing is the simplest solution and works just fine. But if you're in a public cloud scenario, you'll likely have to go the NAT route.

To enable Nested Hyper-V, shutdown host1 and then run the following command on the top level host:

Set-VMProcessor -VMName host1 -ExposeVirtualizationExtensions $True

Start host1 and install the Hyper-V role with:

Install-WindowsFeature -Name Hyper-V -IncludeAllSubFeature -IncludeManagementTools

Once the reboots finish on host1, enable MAC Address Spoofing on the network adapter(s) of  host1:

Get-VMNetworkAdapter -VMName host1 | Set-VMNetworkAdapter -MacAddressSpoofing On

And you're done.

Building a Lab in Hyper-V with PowerShell, Part 3

Creating VMs with New-myVM.ps1 - Part 2

So, as I showed in the previous post, I've got my new VM built, but it's not really ready for use yet. For one thing, it needs a DVD attached and the boot order set, plus I want to add a second NIC, and change the number of processors assigned to it. First, setting up the memory, processors, static MAC address for the NIC and configuring the DVD if we're booting from DVD. (Which, I admit, I don't often do. Mostly I copy over a SysPrep'd VHDX file.)

To do this, I have a function, of course, called Set-myVMConfig, to do most of it, and a separate one that I use to configure the second NIC, Add-myNetAdapter

Function Set-myVMConfig {
   Write-Verbose "Setting Processor Count to 4 for $VMName"
   Set-VMProcessor      -VMName $VMName -Count 4
   Write-Verbose "Enabling Dynamic Memory"
   Set-VMMemory         -VMName $VMName -DynamicMemoryEnabled $True
   Write-Verbose "Assigning static MAC address of $MacAdd"
   Get-VMNetworkAdapter -VMName $VmName `
      | Set-VMNetworkAdapter -StaticMacAddress "$MacAdd"
   if ($DVD) {
      Write-Verbose "Building from DVD, so adding DVD drive, and configuring boot order"
      if (! $client) { 
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName  -Path $ServerISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName  -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName -BootOrder $vmDVD,$vmDrive
      } else {
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName -Path $ClientISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName   -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName   -BootOrder $vmDVD,$vmDrive
      }
   }
}

This sets the # of processors to 4, enables dynamic memory, sets a static MAC address on the first NIC, adds a DVD drive if appropriate, and sets the boot order to boot from the specified ISO file.

Almost done - now, all we need to do is add a second network adapter, and set it to a fixed MAC address as well.

Function Add-myNetAdapter {
   Write-Verbose "Adding second network adapter"
   Add-VmNetworkAdapter -VMName $VmName `
                        -SwitchName '199 Network' `
                        -StaticMacAddress "$199MacAdd" `
                        -Name '199 Ethernet'
}

Now, that we have all the functions, all we need to do is execute them, and that all happens with:

If (! ( Get-VM -Name $VmName -ErrorAction Continue 2>$NULL) ) {
   Test-SourcePath
   Test-Clean
   Copy-myVHD -wait
   Write-Verbose "VHD's copied if we were doing that, now creating the VM..."
   Create-myVM
   Write-Verbose "VM Created"
   $myVM = Get-VM -VMName $VMName
}
Set-myVMConfig
Add-myNetAdapter
$myVM | Format-List

And, since this whole thing has been broken up across a couple of posts, here's the whole script, including full Get-Help support.

New-myVM.ps1

<# 
.Synopsis
    Creates a new VM
.Description
    New-myVM and New-myClientVM make a new VM of Name $1 and MAC Address in the $MacBase 
    range of MAC addresses. If the command is run as New-myClientVM, then the -Client 
    parameter is assumed unless overridden at the command line. 
.Example 
   New-myVM -VMName Trey-DC-02 02
   Creates a new Server VM of name "Trey-DC-02" in the default MAC address range
   with the "02" as the final octet of MAC address. 
.Example 
   New-myVM -Name trey-client-22 -MacFinal 16 -DVD -Client $True
   Creates a new Client VM of name "trey-client-22" in the default MAC address range
   with 16 as the final octet of MAC address. The VM is installed from the default 
   Server 2016 DVD. 
.Example 
   New-myVM Trey-DC-02 02 -DVD
   Creates a new Server VM of name "Trey-DC-02" in the default MAC address range
   with the "02" as the final octet of MAC address. The VM is installed from the 
   default Server 2016 DVD. 
.Example
    New-myVM -VmName "Trey-WDS-11" -MacFinal "0B" -MacBase "00-15-5D-32-64-"
    Creates a new Server VM of name Trey-WDS-11 in a non-default MAC address range. 
.Example
   New-myClientVM -Name trey-client-01 
   Creates a new Windows 10 client VM, 'trey-client-01' using the default VHD, and 
   will prompt for the final 2 digits of the MAC address. 
.Example
   New-myVM -Name trey-client-01 -MACFinal 65 -Client $True -Source 'V:\Source' -Path 'Y:\'
   Creates a new Windows 10 client VM, 'trey-client-01' using the sysprep'd image at V:\Source, 
   and creating the VM at Y:\trey-client-01. The final two digits of the MAC address will 
   be 65. 
.Parameter VmName
   The name of the new VM
.Parameter MacFinal
   The last two digits in the MAC address of the VM
.Parameter MacBase
   The base MAC address for this VM. The default base is  "00-15-5D-32-10-"  
.Parameter DVD
   A switch that controls whether a DVD is added to the VM and used to mount an ISO for the 
   install. The default is to build the VM with no DVD drive. 
.Parameter Client
  A Boolean. When run as New-myVM, $Client defaults to False. If run as New-myClientVM, 
  the default is true. In either case, the command line parameter overrides the default. 
.Parameter Path
   The target path for the virtual machine. Default is to V:\. This is the base path, to 
   which the VMName is added to build the final path.
.Parameter Source
   The source path of the DVD or VHD used to build the virtual machine. Default is V:\Source. 
.Parameter vmSwitch
   The Hyper-V network switch to connect the VM to. New-myVM creates two network adapters. 
   One is connected to the 199 Network, and the second is controlled by the vmSwitch parameter. 
   The default is "Local-10", the internal lab switch. 
.Parameter 2012R2
   The 2012R2 switch specifies the use of the Server 2012 R2 image. 
.Inputs 
    [string]
    [string]
    [string]
    [switch]
    [Boolean]
    [string]
    [string]
    [string]
.Notes
    Author: Charlie Russel
 Copyright: 2017 by Charlie Russel
          : Permission to use is granted but attribution is appreciated
   ModHist: 1/1/2014 Initial
          : 1/31/2015 Mod for new parameter handling and comment header
          : 3/20/2015 Mod to use Sysprepped VHD and -10 MAC
          : 4/19/2015 Mod for verbose and running in a wrapper
          : 5/16/2016 Mod for new labhost 
          : 9/24/2016 Mod for New-myClientVM
          : 12/21/2016 Added additional parameters, updated help. (cpr)
          : 02/17/2017 Fixed problem with DVD and Gen2, updated help. (cpr)
#>

[CmdletBinding()]
Param ([Parameter(Mandatory = $True,Position = 0)][alias("Name")][string]$VmName,
       [Parameter(Mandatory = $True,Position = 1)][alias("Final")][string]$MacFinal,
       [Parameter(Mandatory = $False)][alias("Base")][string]$MacBase = "00-15-5D-32-0A-",
       [Parameter(Mandatory = $False)][string]$199MacBase = "00-15-5D-32-CE-",
       [Parameter(Mandatory=$False)][Switch]$DVD,
       [Parameter(Mandatory=$False)][Boolean]$Client=($myInvocation.myCommand.Name -match "Client"),
       [Parameter(Mandatory=$False)][alias("Target")][string]$Path = "V:",
       [Parameter(Mandatory=$False)][alias("VHDSource","DVDBase")][string]$Source = "V:\Source",
       [Parameter(Mandatory=$False)][alias("LocalSwitch","Network")][string]$vmSwitch = "Local-10",
       [Parameter(Mandatory=$False)][switch]$2012R2
       )

$MacAdd = $MacBase + $MacFinal
$199MacAdd = $199MacBase + $MacFinal
Write-Verbose "MacFinal is $MacFinal" 
Write-Verbose "MacAdd is $MacAdd on switch $vmSwitch" 
Write-Verbose "VMName is $VMName"
Write-Verbose "Client is $Client"
Write-Verbose "Path is $Path, Source is $Source, and 199 MAC address is $199MacBase + $MacFinal"
Write-Verbose "Sleeping for 5 seconds to give you a chance to exit..."
sleep 5

$VMBase     = "$Path\$VMName"
$VHDSource  = $Source
$DVDBase    = $Source
$VHDBase    = "$VMBase\Virtual Hard Disks"
$SysVHD     = "$VMBase\Virtual Hard Disks\$VmName-System.vhdx"
$MachineBase= "$VMBase\Virtual Machines"
$ServerISO  = "$DVDBase\en_windows_server_2016_x64_dvd_9718492.iso"
$ClientISO  = "$DVDBase\en_windows_10_enterprise_version_1607_updated_jan_2017_x64_dvd_9714415.iso"
$ClientVHD  = "$Source\Generalized-client.vhdx"
if ($2012R2) { 
   $ServerVHD = "$Source\Generalized-2012R2.vhdx"
} else {
   $ServerVHD  = "$Source\Generalized-System.vhdx"
}

Function Test-SourcePath () {
   if ($Client) {
      if ($dvd) {
         if (Test-Path $ClientISO) {
            Write-Verbose "Install DVD found at $ClientISO"
         } else {
            Throw "Client ISO not found at $ClientISO" 
         }
      } elseif (Test-Path $ClientVHD) { 
         Write-Verbose "Source VHD found at $ClientVHD"
      }
   } else {
      if ($dvd) {
         if (Test-Path $ServerISO) {
            Write-Verbose "Install DVD found at $ServerISO"
         } else {
            Throw "Server ISO not found at $ServerISO" 
         }
      } elseif (Test-Path $ServerVHD) { 
         Write-Verbose "Source VHD found at $ServerVHD"
      }
   }
}

if (! (Test-Path $VHDBase ) ) { 
   mkdir $VHDBase
}
if (! (Test-Path $MachineBase ) ) { 
   mkdir $MachineBase
}

Function Test-Clean () {
   If (Test-Path $VHDBase\*.vhdx ) {
      Throw "Found an existing VHD. Please clean up the target path and try again."
   }
}

function Copy-myVhd () {
      if ( $DVD ) {
         Write-Verbose "DVD specified. Not copying source VHD to $SysVHD"
      } else { 
         if ( $Client ) { 
            Write-Verbose "Creating VM from Sysprep'd VHD base $ClientVHD"
            cp $ClientVHD $SysVHD 
         } else { 
         Write-Verbose "Creating VM from Sysprep'd VHD base $ServerVHD"
            cp $ServerVHD $SysVHD
         } 
      }
}

function Create-myVM () { 
if ($DVD ) { 
  Write-Verbose "Creating $vmname from DVD with the following command:"
  Write-Verbose "New-VM -Name $VmName -MemoryStartupBytes 1024MB -BootDevice VHD -Generation 2 -SwitchName $vmSwitch -NewVHDPath $SysVHD -NewVHDSize 200GB -Path $MachineBase "
  Sleep 3
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -NewVHDPath $SysVHD `
       -NewVHDSize 200GB `
       -Path $MachineBase
} else { 
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -VHDPath $SysVHD `
       -Path $MachineBase
  }
}

Function Set-myVMConfig {
   Write-Verbose "Setting Processor Count to 4 for $VMName"
   Set-VMProcessor      -VMName $VMName -Count 4
   Write-Verbose "Enabling Dynamic Memory"
   Set-VMMemory         -VMName $VMName -DynamicMemoryEnabled $True
   Write-Verbose "Assigning static MAC address of $MacAdd"
   Get-VMNetworkAdapter -VMName $VmName `
      | Set-VMNetworkAdapter -StaticMacAddress "$MacAdd"
   if ($DVD) {
      Write-Verbose "Building from DVD, so adding DVD drive, and configuring boot order"
      if (! $client) { 
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName  -Path $ServerISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName  -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName -BootOrder $vmDVD,$vmDrive
      } else {
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName -Path $ClientISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName   -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName   -BootOrder $vmDVD,$vmDrive
      }
   }
}

Function Add-myNetAdapter {
   Write-Verbose "Adding second network adapter"
   Add-VmNetworkAdapter -VMName $VmName `
                        -SwitchName "199 Network" `
                        -StaticMacAddress "$199MacAdd" `
                        -Name "199 Ethernet"
}

If (! ( Get-VM -Name $VmName -ErrorAction Continue 2>$NULL) ) {
   Test-SourcePath
   Test-Clean
   Copy-myVHD -wait
   Write-Verbose "VHD's copied if we were doing that, now creating the VM..."
   Create-myVM
   Write-Verbose "VM Created"
   $myVM = Get-VM -VMName $VMName
}
Set-myVMConfig $myVM
Add-myNetAdapter $myVM
$myVM | Format-List

I hope you find this script useful, and I'd love to hear comments, suggestions for improvements, or bug reports as appropriate. As always, if you use this script as the basis for your own work, please respect my copyright and provide appropriate attribution.

 

Next up in the Building a Lab with PowerShell series will how to configure your DHCP server with PowerShell. This will take advantage of the fixed MAC addresses I create for all my lab machines and use these to populate DHCP Reservations.

Building a Lab in Hyper-V with PowerShell, Part 2

Creating VMs with New-myVM.ps1 - Part 1

As we saw in Part 1 of this series, I build my labs almost entirely with Windows PowerShell scripts. In that first post, I showed how to set the MAC address range on a Hyper-V host. I use this MAC address range to explicitly set my lab VMs to a specific MAC address for their NICs. This allows me to pre-configure all the IP addresses in DHCP by using reservations. (I showed you how to install and preconfigure the DHCP Server role in my post on Configuring Windows Server 2016 core as a DHCP Server with PowerShell. And I'll show you how to create all those reservations automatically in a later post in this series.)

For this post, and the couple, I want to share my "New-myVM.ps1" script. I use this script to create client and server VMs, from either DVD or sysprep'd VHDX files.

First, the parameters that New-myVM accepts:

[CmdletBinding()]
Param ([Parameter(Mandatory = $True,Position = 0)][alias("Name")][string]$VmName,
       [Parameter(Mandatory = $True,Position = 1)][alias("Final")][string]$MacFinal,
       [Parameter(Mandatory = $False)][alias("Base")][string]$MacBase = "00-15-5D-C8-0A-",
       [Parameter(Mandatory = $False)][string]$199MacBase = "00-15-5D-C8-CE-",
       [Parameter(Mandatory=$False)][alias("ISO")][Switch]$DVD,
       [Parameter(Mandatory=$False)][Boolean]$Client=($myInvocation.myCommand.Name -match "Client"),
       [Parameter(Mandatory=$False)][alias("Target")][string]$Path = "V:\",
       [Parameter(Mandatory=$False)][alias("VHDSource","DVDBase")][string]$Source = "V:\Source",
       [Parameter(Mandatory=$False)][alias("LocalSwitch","Network")][string]$vmSwitch = "10 Network",
       [Parameter(Mandatory=$False)][switch]$2012R2
       )

I have only two required parameters, the VMName and final two digits of the MAC addresses that the VM will use. Everything else defaults to some reasonable value for my labs. You'll notice that by default, I don't install from DVD, and I'm not installing Server 2012R2, but Server 2016. And, finally, a bit you might not have seen before, my default to determine if this is a client build or a server build.

[Parameter(Mandatory=$False)][Boolean]$Client=($myInvocation.myCommand.Name -match "Client")

The $Client parameter is a Boolean. I can specify it on the command line with -Client $True/$False, or I can allow it to accept the default value. The interesting thing is that the default value is dynamic. I use an NTFS hard link for New-myVM.ps1 to give it a second name, New-myClientVM.ps1.


Sidebar: NTFS Hard Links 

NTFS filesystem hard links take a single file and give it multiple names. The file is stored only once on the filesystem, but it has multiple names that can access the file. Each name for the file is completely equal. Even if you delete the original filename, all the linked versions are still present and completely unaffected by the deletion. You create a hard link in Server 2016 or Windows 10 with New-Item or in earlier versions of Windows with the built-in CMD command mklink. So, for example:

New-Item -Type HardLink `
         -Path 'C:\Build\New-myClientVM.ps1','C:\Build\New-myServerVM.ps1' `
         -Value 'C:\Build\New-myVM.ps1'

#Older OS Version:
cmd /c mklink /h C:\Build\New-myClientVM.ps1 C:\Build\New-myVM.ps1
cmd /c mklink /h C:\Build\New-myServerVM.ps1 C:\Build\New-myVM.ps1

I then use ($myInvocation.myCommand.Name -match "Client") to see if the filename I started the script with was New-myClientVM.ps1 , or one of the other names I have for this script.  ($myInvocation.myCommand.Name -match "Client") returns $True for New-myClientVM.ps1, but $False for filenames that don't include 'Client' in the filename.

 

Next, I set some basic variables used throughout the script. These are periodically tweaked as new builds become my default. Currently, they're set at:

$VMBase     = "$Path\$VMName"
$VHDSource  = $Source
$DVDBase    = $Source
$VHDBase    = "$VMBase\Virtual Hard Disks"
$SysVHD     = "$VMBase\Virtual Hard Disks\$VmName-System.vhdx"
$MachineBase= "$VMBase\Virtual Machines"
$ServerISO  = "$DVDBase\en_windows_server_2016_x64_dvd_9718492.iso"
$ClientISO  = "$DVDBase\en_windows_10_enterprise_version_1607_updated_jan_2017_x64_dvd_9714415.iso"
$ClientVHD  = "$Source\Generalized-client.vhdx"
if ($2012R2) { 
   $ServerVHD = "$Source\Generalized-2012R2.vhdx"
} else {
   $ServerVHD  = "$Source\Generalized-System.vhdx"
}

Nothing special there. Next, three functions to verify paths, etc. These are pretty basic Test-Path statements. If I need to create directories, I do. But if I don't find my source files where I expect them, or I find an already existing .vhdx where I'm not expecting one, then I use simple Throw statements to get me out and report the problem, since either of these failures will cause the script to fail, usually in an ugly way. ;)

Function Test-SourcePath () {
   if ($Client) {
      if ($dvd) {
         if (Test-Path $ClientISO) {
            Write-Verbose "Install ISO found at $ClientISO"
         } else {
            Throw "Client ISO not found at $ClientISO" 
         }
      } elseif (Test-Path $ClientVHD) { 
         Write-Verbose "Source VHD found at $ClientVHD"
      }
   } else {
      if ($dvd) {
         if (Test-Path $ServerISO) {
            Write-Verbose "Install ISO found at $ServerISO"
         } else {
            Throw "Server ISO not found at $ServerISO" 
         }
      } elseif (Test-Path $ServerVHD) { 
         Write-Verbose "Source VHD found at $ServerVHD"
      }
   }
}

if (! (Test-Path $VHDBase ) ) { 
   mkdir $VHDBase
}
if (! (Test-Path $MachineBase ) ) { 
   mkdir $MachineBase
}

Function Test-Clean () {
   If (Test-Path $VHDBase\*.vhdx ) {
      Throw "Found an existing VHD. Please clean up the target path and try again."
   }
}

You'll notice with these functions, and the ones that follow, everything builds on those original variables created at the top of the script, or as part of the script parameters. Yes, I need to keep those up to date. But there's only one place to make the changes.

Now, assuming I'm most likely going to be building from a sysprep'd VHD, I  copy that .vhdx file into my "Virtual Hard Disks" folder for this VM, changing the name as I do to reflect the new VM's name.

function Copy-myVhd () {
      if ( $DVD ) {
         Write-Verbose "DVD specified. Not copying source VHD to $SysVHD"
      } else { 
         if ( $Client ) { 
            Write-Verbose "Creating VM from Sysprep'd VHD base $ClientVHD"
            cp $ClientVHD $SysVHD 
         } else { 
         Write-Verbose "Creating VM from Sysprep'd VHD base $ServerVHD"
            cp $ServerVHD $SysVHD
         } 
      }
}

Now that we have all that setup work done, let's actually create the VM. We have to do this in two separate steps because Hyper-V doesn't give us a way to set the number of CPUs or configure some other stuff as part of the initial creation of the VM. We have to modify the VM after we first create it. Silly, but not all that hard to deal with in a script, though a real nuisance at the interactive command line.

Create-myVM {
if ($DVD ) { 
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -NewVHDPath $SysVHD `
       -NewVHDSize 200GB `
       -Path $MachineBase
} else { 
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -VHDPath $SysVHD `
       -Path $MachineBase
  }
}

And, we now have a VM. It's not quite what we want and need, yet, but we have a VM. One problem, I can't set the boot device to DVD, regardless of what the PowerShell help pages say, because I'm building Generation 2 virtual machines, and they don't allow you to specify 'CD' as the boot device during initial setup. So, we'll have to configure that, along with the other tweaks we need, as part of the next stage of the whole process. And for that, you'll have to wait until tomorrow, when I do Part 2 of New-myVM. :)

Configuring Windows Server 2016 core as a DHCP Server with PowerShell

As I mentioned last time, I'm setting up a new domain controller and DHCP server for my internal domain on Windows Server 2016 Core, and I'm exclusively using PowerShell to do it. For both the DHCP Server and AD DS roles, we need to configure a fixed IP address on the server, so let's do that first. From my Deploying and Managing Active Directory with Windows PowerShell book from Microsoft Press, here's my little very quick and dirty script to set a fixed IP address:

# Quick and dirty IP address setter

[CmdletBinding()]
Param ([Parameter(Mandatory=$True)][string]$IP4,
       [Parameter(Mandatory=$True)][string]$IP6 
      )
$Network = "192.168.10."
$Network6 = "2001:db8:0:10::"
$IPv4 = $Network + "$IP4"
$IPv6 = $Network6 + "$IP6"
$Gateway4 = $Network + "1"
$Gateway6 = $Network6 + "1"

Write-Verbose "$network,$network6,$IP4,$IP6,$IPv4,$IPv6,$gateway4, $gateway6"

$Nic = Get-NetAdapter -name Ethernet
$Nic | Set-NetIPInterface -DHCP Disabled
$Nic | New-NetIPAddress -AddressFamily IPv4 `
                        -IPAddress $IPv4 `
                        -PrefixLength 24 `
                        -type Unicast `
                        -DefaultGateway $Gateway4
Set-DnsClientServerAddress -InterfaceAlias $Nic.Name `
                           -ServerAddresses 192.168.10.2,2001:db8:0:10::2
$Nic |  New-NetIPAddress -AddressFamily IPv6 `
                         -IPAddress $IPv6 `
                         -PrefixLength 64 `
                         -type Unicast `
                          -DefaultGateway $Gateway6

ipconfig /all

I warned you it was a quick and dirty script. But let's quickly look at what it does. First, we get the network adapter into a variable, $Nic. Then we turn off DHCP with Set-NetIPInterface, and configure the IPv4 and IPv6 addresses with New-NetIPAddress. Finally, we use Set-DnsClientServerAddress to configure the DNS Servers for this server.

 

Next, let's join the server to the TreyResearch.net domain with another little script. OK, I admit, you could do this all as a simple one-liner, but I do it so often that I scripted it.

<#
.Synopsis
Joins a computer to the domain
.Description
Joins a new computer to the domain. If the computer hasn't been renamed yet, 
it renames it as well.
.Parameter NewName
The new name of the computer
.Parameter Domain
The domain to join the computer to. Default value is TreyResearch.net
.Example
Join-myDomain -NewName trey-wds-11
.Example
Join-myDomain dc-contoso-04 -Domain Contoso.com
.Notes
     Name: Join-myDomain
   Author: Charlie Russel
Copyright: 2017 by Charlie Russel
         : Permission to use is granted but attribution is appreciated
  ModHist:  9 Apr, 2014 -- Initial
         : 25 Feb, 2015 -- Updated to allow name already matches
         :
#>
[CmdletBinding()]
Param ( [Parameter(Mandatory=$true,Position=0)]
        [String]$NewName,
        [Parameter(Mandatory=$false,Position=1)]
        [String]$Domain = "TreyResearch.net"
       )

$myCred = Get-Credential -UserName "$Domain\Charlie" `
                         -Message "Enter the Domain password for Charlie."

if ($ENV:COMPUTERNAME -ne $NewName ) {
   Add-Computer -DomainName $Domain -Credential $myCred -NewName $NewName -restart
} else {
   Add-Computer -DomainName $Domain -Credential $myCred -Restart
}

After the server restarts, log in with your domain credentials, not as "Administrator".  The account you logon with should be at least Domain Admin or equivalent, since you're going to be adding DHCP to the server and promoting it to be a domain controller.

 

To add the necessary roles to the server, use:

Install-WindowsFeature -Name DHCP,AD-Domain-Services `
                       -IncludeAllSubFeature `
                       -IncludeManagementTools

Next, download updated Get-Help files with Update-Help. Once you've got those, go ahead and restart the server, and when it comes back up, we'll do the base configuration for DHCP to enable it in the domain, and create the necessary accounts. Creating scopes, etc., is the topic of another day. Probably as part of my Lab series.

 

First, enable the DHCP server in AD (this assumes the $NewName from earlier was 'trey-core-03'. )

Add-DhcpServerInDC -DnsName 'trey-core-03' -PassThru

And, finally, create the necessary local groups:

# Create local groups for DHCP
# The WinNT in the following IS CASE SENSITIVE
$connection = [ADSI]"WinNT://trey-core-03"
$lGroup = $connection.Create("Group","DHCP Administrators")
$lGroup.SetInfo()
$lGroup = $connection.Create("Group","DHCP Users")
$lGroup.SetInfo()

This uses ADSI to create a local group, since there's no good way built into base PowerShell to do it except through ADSI.

 

Finally, we'll use my Promote-myDC.ps1 script to promote the server to domain controller. Again, I could easily do this by hand, but I'm building and rebuilding labs often enough that I scripted it. I'm lazy! Do it once, use the PowerShell interactive command line. Do it twice? Write a script!

<#
.Synopsis
Tests a candidate domain controller, and then promotes it to DC.
.Description
Promote-myDC first tests if a domain controller can be successfully promoted,
and, if the user confirms that the test was successful, completes the
promotion and restarts the new domain controller.
.Example
Promote-myDC -Domain TreyResearch.net

Tests if the local server can be promoted to domain controller for the
domain TreyResearch.net. The user is prompted after the test completes
and must press the Y key to continue the promotion.
.Parameter Domain
The domain to which the server will be promoted to domain controller.
.Inputs
[string]
.Notes
    Author: Charlie Russel
 Copyright: 2017 by Charlie Russel
          : Permission to use is granted but attribution is appreciated
   Initial: 05/14/2016 (cpr)
   ModHist: 02/14/2017 (cpr) Default the domain name for standard lab builds
          :
#>
[CmdletBinding()]
Param(
     [Parameter(Mandatory=$False,Position=0)]
     [string]$Domain = 'TreyResearch.net'
     )

Write-Verbose "Testing if ADDSDeployment module is available"
If ( (Get-WindowsFeature -Name AD-Domain-Services).InstallState -ne "Installed" ) {
   Write-Verbose "Installing the ActiveDirectory Windows Feature, since you seem to have forgotten that."
   Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
   Write-Host ""
}

If ( (Get-WindowsFeature -Name AD-Domain-Services).InstallState -ne "Installed" ) {
   throw "Failed to install the ActiveDirectory Windows Feature."
}

Write-Verbose "Testing if server $env:computername can be promoted to DC in the $Domain domain"
Write-Host ""
Test-ADDSDomainControllerInstallation `
      -NoGlobalCatalog:$false `
      -CreateDnsDelegation:$false `
      -CriticalReplicationOnly:$false `
      -DatabasePath "C:\Windows\NTDS" `
      -DomainName $Domain `
      -LogPath "C:\Windows\NTDS" `
      -NoRebootOnCompletion:$false `
      -SiteName "Default-First-Site-Name" `
      -SysvolPath "C:\Windows\SYSVOL" `
      -InstallDns:$true `
      -Force
Write-Host ""
Write-Host ""
Write-Host ""

Write-Host -NoNewLine "If the above looks correct, press Y to continue...  "
$Key = [console]::ReadKey($true)
$sKey = $key.key

Write-Verbose "The $sKey key was pressed."
Write-Host ""
Write-Host ""
If ( $sKey -eq "Y" ) {
   Write-Host "The $sKey key was pressed, so proceeding with promotion of $env:computername to domain controller."
   Write-Host ""
   sleep 5
   Install-ADDSDomainController `
      -SkipPreChecks `
      -NoGlobalCatalog:$false `
      -CreateDnsDelegation:$false `
      -CriticalReplicationOnly:$false `
      -DatabasePath "C:\Windows\NTDS" `
      -DomainName $Domain `
      -InstallDns:$true `
      -LogPath "C:\Windows\NTDS" `
      -NoRebootOnCompletion:$false `
      -SiteName "Default-First-Site-Name" `
      -SysvolPath "C:\Windows\SYSVOL" `
      -Force:$true
} else {
   Write-Host "The $sKey key was pressed, exiting to allow you to fix the problem."
   Write-Host ""
   Write-Host ""
}

This uses a little trick I haven't talked about before -

$Key = [console]::ReadKey($true)
$sKey = $key.key

This reads in a single keystroke and gets the value of the key. Because of the way this works, "Y" and "y" are equivalent. Useful to give yourself a last chance out if something doesn't look right, though obviously you'll want to remove those bits if you're creating a script that needs to run without interactive input.

 

Configuring Windows Server 2016 Core with and for PowerShell

I know I owe you more on creating a lab with PowerShell, and I'll get to that in a few days. But having just set up a new domain controller running Server 2016 Core, I thought I'd include a couple of tricks I worked through to make your life a little easier if you choose to go with core.

First: Display Resolution -- the default window for a virtual machine connected with a Basic Session in VMConnect is 1024x768. Which is just too small. So, we need to change that. Now in the full Desktop Experience, you'd right click and select Display Resolution, but that won't work in Server Core, obviously. Instead we have PowerShell. Of course. The command to set the display resolution to 1600x900 is:

Set-DisplayResolution -Width 1600 -Height 900

This will accept a -Force parameter if you don't like being prompted. A key point, however, is that it ONLY accepts supported resolutions. For a Hyper-V VM, that means one of the following resolutions:

1920x1080     1600x1050     1600x1200
1600x900      1440x900      1366x768
1280x1024     1280x800      1280x720
1152x864      1024x768       800x600

Now that we have a large enough window to get something done, start PowerShell with the Start PowerShell (that space is on purpose, remember we're still in a cmd window.)  But don't worry, we'll get rid of that cmd window shortly.

Now that we have a PowerShell window, you can set various properties of that window by using any of the tricks I've shown before, such as Starting PowerShell Automatically which sets the Run key to start PowerShell for the current user on Login with:

 New-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Run `
                       -Name  "Windows PowerShell" `
                       -Value "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe"

 

I also showed you how to set the PowerShell window size, font, etc in Starting PowerShell Automatically Revisited. And, of course, you can set the PowerShell window colour and syntax highlighting colours as described in Setting Console Colours. Of course, all my $Profile tricks work as well, so check those out.

 

So, now that we've configured the basics of our PowerShell windows, let's set PowerShell to replace cmd as the default console window. To do that, use the Set-ItemProperty cmdlet to change the WinLogon registry key:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' `
                 -Name Shell `
                 -Value 'PowerShell.exe -NoExit'

Viola! Now, when we log on to our Server Core machine, it will automatically open a pair of PowerShell windows, one from WinLogon registry key and one from the Run registry key.

Building a Lab in Hyper-V with PowerShell, Part 1

Setting the MAC Address Range on a Hyper-V Host

 

Today I want to start a new series of posts on building a lab environment in Hyper-V, primarily using Windows PowerShell to do initial configuration. For some things, you'll need to use a non-PowerShell tool, such as SysPrep or even the Hyper-V Manager. But the vast majority of the process is going to be pure PowerShell. And, to be clear, this is exactly how I build labs. I do very little checkpointing (snapshotting), preferring to rebuild to a known point rather than assuming I've gotten the right snapshot. And with a good set of scripts, and properly configured .VHDXs for source files, that's not really hard.

 

To understand how I build the base environment, you'll need to understand some assumptions I make and why. The first thing I do is configure the MAC address range for the lab host in Hyper-V. This avoids potential conflicts with other machines that might be on the network, especially since I'm going to be manually configuring all the MAC addresses for the VMs I create to allow me to easily configure DHCP reservations for all VMs. All of which makes keeping track of things much, much easier.

 

When Hyper-V hands out MAC addresses dynamically, it creates a range that begins "00-15-5D". This is the Microsoft IEEE Organizationally Unique Identifier, and is used for all Hyper-V generated MAC addresses unless we do something to change that prefix. Don't, you risk conflicting with some other company's range of addresses.

 

The next two pairs in the MAC address range are based on the current IPv4 network address(es) on the host itself if we don't manually configure them.  For lab environments, I usually set the first pair (fourth pair overall) to C8, C9, or CA, depending on which host machine I'm on, and the next pair to a number related to the IPv4 network that will be the primary network for core VMs in the lab. So, when I use a simple 192.168.10/24 network, I set that 5th pair to 0A. This gives me a MAC address range from 00-15-5D-C8-0A-00 to 00-15-5D-C8-0A-FF unless I need a larger range. If I'm going to have multiple networks and multiple NICs on lab VMs, I'll set a larger MAC address range.

 

To set the MAC address range on a Hyper-V server, you could use the GUI, but where's the fun in that. Instead, use the Set-VMHost cmdlet, thus:

Set-VMHost -MacAddressMinimum 00155DC80A00 `
           -MacAddressMaximum 00155DC80AFF `
           -PassThru

Now, I set my new VM script to default to this range as well, and I edit the CSV file that creates DHCP addresses to the same range. But more on setting fixed or reserved IP addresses and configuring DHCP later in the series.  Next up, we'll start building the parts of New-myVM.ps1.