I’ve seen this issue come up time and time again. Some administrator decided to remove an old DC from the network but forgot to remove it from Active Directory or the DC has entered a failed state and cannot be recovered from. In a perfect world DCPROMO is all you have to do to remove a DC from the environment. However, if that DC was already shutdown or DCPROMO is giving you problems you will have to remove it the manual way. That method involves using a command called NTDSUTIL. NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.
Below are the steps needed to remove a failed or offline Domain Controller from your environment.
TIP: NTDSUTIL does not require the full command to be entered…you only have to enter enough of the command that is unique. For Example, instead of typing metadata cleanup you could just type met cle…or better yet m c
You can also find more info located on Microsoft site here and here for removing orphaned domains.
The following code can be run to display the group membership of an Active Directory group and also let you know each member’s LDAP Distinguished Name. The output will name the text file the group name and will include all the members and their location in Active Directory. Just copy this into a txt file and rename to .vbs Enjoy!
Set objGroup = GetObject(“LDAP://cn=GroupName,ou=OUName,DC=DomainName,DC=local“)
Set objFileSystem = CreateObject(“Scripting.FileSystemObject”)
Set objFile = objFileSystem.OpenTextFile(objGroup.Get(“name”) & ” – Members.txt“, 2, True, 0)
For Each objMember in objGroup.Members
objFile.WriteLine objMember.Get(“sAMAccountName”) & VbTab & _
objMember.Get(“cn”) & VbTab & _
objMember.Parent
Next
Set objFile = Nothing
Set objFileSystem = Nothing
Set objGroup = Nothing
From time to time I’ve had to figure out which user account has a specific email address. Actually its more like finding who has the “reallycoolemailaccount@company.com” so another “more senior” person can get it. Well if you work in a smaller company this can be kind of easy…but if your directory has thousands of accounts it becomes more difficult and time consuming.
What you will want to do is open up Active Directory Users and Computers and right-click the domain and select Search. Select the drop-down arrow in the Find field to select Custom Search. If you have multiple domains make sure to select Entire Directory on the In field. Now just click on the Advanced tab and put the following text in the LDAP Query – proxyaddresses=smtp:<whatever the email is you’re looking for>. Now all you have to do is click on Find Now and if the email is in use it will show the user account that is using it.
Repost from AdminPrep.com…I will be moving several of the articles over to this blog.
Before all this starts, credit must go where credit is due. I did not come up with all of the info within this article. A lot of people have felt my pain and have contributed in their own ways. One place you should know about is the Official Server Core Blog, as it is where I learned my all time favorite command which embeds the time into the Command Prompt (read on to see that one!). As I”ve collected my own list internally and blogged on for about a year now I see a lot of the same commands there. The Windows Server 2008 Administrator”s Companion has a nice chapter on Server Core but by far the best resource are the scripts that accompany the book. They allow you to very easily configure common settings. One last area you should look into is of course Guy Teverovsky”s Server Core Configurator…if you haven”t see it check it out now!
Server Core is a version of Windows Server 2008 that has a minimal Graphical User Interface (GUI). I say minimal when most say command-line only because there are GUI tools available such as Notepad and Task Manager. One thing that definitely doesn”t run on Server Core is the Explorer process. If you”re unaware of what that process does, just end the explorer.exe process in Task Manager from your client and look what happens…don”t freak out, all you need to do is then go back to Task Manager and select File -> New Task (Run…) and then type explorer.exe.
The purpose of this article is not to give you every last detail to Server Core but to provide you with what you need to know it get it up and running in your environment.
Server Core has a limited amount of roles that can be installed on it, which include:
Now that doesn”t mean that Server Core can”t do other things. In fact it can, but Microsoft calls those other items Features and not Roles.
Later on in the article I will explain how to install these services. But first its time to go over what I believe to be the most commonly requested commands for administrating a Server Core environment.
Server Core Common Networking and Firewall Commands
Here is the start of you Networking and Firewall related commands for Server Core:
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.
Disable firewall:
netsh firewall set opmode disable
Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.
MMC Snap-in – Event Viewer
Windows Firewall Rule Group – Remote Event Log Management
MMC Snap-in – Services
Windows Firewall Rule Group – Remote Services ManagementMMC Snap-in – Shared Folders
Windows Firewall Rule Group – File and Printer Sharing
MMC Snap-in – Task Scheduler
Windows Firewall Rule Group – Remote Scheduled Tasks Management
MMC Snap-in – Reliability and Performance
Windows Firewall Rule Group – Performance Logs and Alerts
Windows Firewall Rule Group – File and Printer Sharing
MMC Snap-in – Disk Management
Windows Firewall Rule Group – Remote Volume Management
MMC Snap-in – Windows Firewall with Advanced Security
Windows Firewall Rule Group – Windows Firewall Remote Management
To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes
Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.
Remove from domain:
netdom remove
Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*
Rename Administrator:
wmic UserAccount where Name=”Administrator” call Rename Name=”new-name”
Add User to a Local Group
net localgroup GroupName /add
Remove User from a Local Group
net localgroup GroupName /delete
Confirm Domain and/ New Computer name
Set
Update User Passwords:
Net user [/domain] *
Toggle Remote Desktop on and off:
Cscript windowssystem32scregedit.wsf /ar 0
Enable reduced security for RDP connections:
Cscript windowssystem32scregedit.wsf /cs 0
Active Server Core:
Local method – Slmgr.vbs –ato
Remote method – Cscript windowssystem32slmgr.vbsServerName UserName password:-ato
Rename a Stand-Alone Member:
netdom renamecomputer /NewName:
List of installed patches:
wmic qfe list
Install Updates:
wusa .msu /quiet
Configure for AutoUpdates:
cscript scregedit.wsf /AU /4
Disable AutoUpdates:
cscript scregedit.wsf /AU /1
View AutoUpdate Setting:
cscript scregedit.wsf /AU /v
Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=
Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :
All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat
List Running Services:
sc query
Start and/or Stop a Service:
sc start
sc stop
Task Manager: (Ctrl+Shift+Esc)
taskmgr
Manage Disk Volumes:
Diskpart /?
Defrag a Volume:
defrag /?
Change Time and Time Zone:
control timedate.cpl
Change the Desktop Resolution: (requires you to log off and back on)
Regedit – HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlVideo
000DefaultSettings.XResolution
000DefaultSettings.YResolution
Display the Time in the Command Prompt:
prompt [$t]$s$p$g
Log off:
shutdown /l
Restart Now:
shutdown /r /t 0
To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.
DNS
start /w ocsetup DNS-Server-Core-Role
DHCP
start /w ocsetup DHCPServerCore
File Services (Server service is installed by default) but there are other role features
File Replication Service
start /w ocsetup FRS-Infrastructure
Distributed File System
start /w ocsetup DFSN-Server
Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition
Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base
Hyper V
start /w ocsetup Microsoft-Hyper-V
Print Server feature
start /w ocsetup Printing-ServerCore-Role
Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService
Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore
Active Directory Domain Services
dcpromo /unattend:
Streaming Media Services
Follow directions found in Article ID 934518
IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Now let”s take a look at how we install Features on Server Core:
Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core
Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-based applications
start /w ocsetup SUACore
Multipath IO
start /w ocsetup MultipathIo
Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption
start /w ocsetup BitLocker
Backup
start /w ocsetup WindowsServerBackup
Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC
Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC
Telnet client
start /w ocsetup TelnetClient
NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Having the Role or Feature installed doesn”t do much without going in and configuring the service. The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista.
Take a look here for more info on how to manage DNS with DNSCMD and then head over here for installing Active Directory via an answer file on Server Core.
I know this isn”t a complete listing of the commands but I really believe this should help you get started in the right direction. One of the best resources out there is from the Windows Server 2008 Step-by-Step Guides.. For this case you will want to download the Server_Core_Installation_Option_of_Windows_Server_2008_Step-By-Step_Guide.doc guide.
In my Administrator’s Guide to Server Core Commands article on AdminPrep I showed you how to display the time on the command prompt of your Server Core command window. I just read that Daniel Petri has some other cool shortcuts on what you can display on the command window of Server Core. The one that I really like is the computer name. If manage multiple Server Core servers then you already know how difficult it can be to manage different sessions…especially since they all look the same.
To display the computer name (among other things listed on Daniel’s article) you need to modify the registry. If you don’t already know please modify the registry carefully!
1. Navigate to the HKLMSystemCurrentControlSetControlSession ManagerEnvironment key.
2. Create or Edit a key called Prompt (it should be an Expandable String Value)
![]()
3. Add the the following for the data – $_Server:%computername%_$p$g
You will have to log off and log back on to see the change but once you do it is a pleasant addition to the command window. Daniel’s example shows how you can the Date, Time and User…very cool so make sure you check it out.
One thing that really bugs me is there is no easy way to grab some email addresses from a distribution group. Usually I end up expanded the group to list all the users and then I have to go to the Outlook properties of each user to view the email address. Heck, I can’t even copy the email address from there…instead I have to write it down. This can be a pain for companies that have long complex email addresses.
I’ve finally figured out a way to export this info into a text file…no one said I was quick. :,,) To do this you just need to use either CSVDE or LDIFDE. I use mail as the attribute I pull from these commands but you could really use any AD attribute that you want to pull.
csvde -f c:tempreport.txt -r "memberOf=cn=group name,ou=ou name,dc=domain,dc=name" -l mail
ldifde -f c:tempreport.txt -r "memberOf=cn=group name,ou=ou name,dc=domain,dc=name" -l mail
This may not be the cleanest way to pull this data but at least now I can copy and paste the email addresses.
Server Core has been a popular topic for me over the last year as it is something completly different from what i”m used to working on. I love the GUI but I know there are times when I have to do things via the command line. Well if you are going to deploy Server Core in your environment then you will need to have the following guide to ensure that you know how to configure your new server.
I”ve finally compiled a list of commands for Server Core into one article over at AdminPrep. I”ve sinced moved them to my blog here. Swing back here when your done to comment on it.
I”ve just written a small article on the common steps that I perform when doing health checks on domain controllers. AdminPrep is not up right now so I”ll post the health check stuff here. I would love for you to come back here and let me know what else you do when you do health checks on domain controllers.
I get asked over and over about what I do when I”m performing a health check on a domain controller. Below you will see some of the commands that I use when I need to ensure my domain controllers are still healthy after some sort of change…like patching.
The Event Viewer is always a must. I look at all the logs before and after the update to the domain controller looking for abnormal events. With the pre-check I usually go back a month of logs to get more historical data. I then run through a couple command line utilities. One thing I always do is pipe my commands out to a text document. This just makes it easier for me to read and also search for failed events.
Dcdiag.exe /v >> c:temppre_dcdiag.txt
This is a must and will always tell you if there is trouble with your DCs and/or services associated with it
Netdiag.exe /v >> c:temppre_Netdiag.txt
This will let me know if there are issues with the networking components on the DC. This along with the post test also is a quick easy way to ensure the patch I just installed is really installed (just check the top of the log)
Netsh dhcp show server >> c:temppre_dhcp.txt
Some may not do this but I”ve felt the pain of a DHCP server somehow not being authorized after a patch. This allows me verify the server count and names.
Repadmin /showreps >> c:temppre_rep_partners.txt
This shows all my replication and if it was successful or not. Just be aware that Global Catalogs will have more info here than a normal domain controller.
repadmin /replsum /errorsonly >> c:temppre_repadmin_err.txt
This is the one that always takes forever but will let you know who you are having issues replicating with.
After I run and check the pre_ scripts I update my server. When it is done I run post_ scripts which are the same thing but this allows me to verify them against the scripts earlier.
Hopefully this helps you when you troubleshoot your domain controllers but by no way is this an all encompassing list of things to do. These are the standard steps I take but I would love to hear what you all do as well.
Fellow Directory Services MVP Mark Minasi has a great table that shows a ton DNS commands using dnscmd. For those of you getting ready to use Server Core here is yet another list of commands that will come in handy. All I can say is WOW!!!
Function |
DNSCMD option |
Example |
Comments |
Do any dnscmd command on a remote system |
dnscmd servername command |
dnscmd main.bigfirm.com /zoneprint bigfirm.com |
|
Create a primary zone |
dnscmd /zoneadd zonename /primary |
dnscmd /zoneadd bigfirm.com /primary |
|
Create a secondary zone |
dnscmd /zoneadd zonename /secondary master IP address |
dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1 |
|
Host a zone on a server based on an existing (perhaps restored) zone file |
dnscmd /zoneadd zonename /primary /file filename /load |
dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load |
|
Delete a zone from a server |
dnscmd /zonedelete zonename [/f] |
dnscmd /zonedelete bigfirm.com /f |
(without the /f, dnscmd asks you if you really want to delete the zone) |
Show all of the zones on a DNS server |
dnscmd /enumzones |
dnscmd /enumzones |
|
Dump (almost) all of the records in a zone |
dnscmd /zoneprint zonename |
dnscmd /zoneprint bigfirm.com |
Doesn”t show glue records. |
Add an A record to a zone |
dnscmd /recordadd zonename hostname A ipaddress |
dnscmd /recordadd bigfirm.com mypc A 192.168.1.33 |
|
Add an NS record to a zone |
dnscmd /recordadd zonename @ NS servername |
dnscmd /recordadd bigfirm.com @ dns3.bigfirm.com |
|
Delegate a new child domain, naming its first DNS server |
dnscmd /recordadd zonename childname NS dnsservername |
dnscmd /recordadd bigfirm.com test NS main.bigfirm.com |
This would create the “test.bigfirm.com” DNS child domain unter the bigfirm.com DNS domain |
Add an MX record to a zone |
dnscmd /recordadd zonename @ MX priority servername |
dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com |
|
Add a PTR record to a reverse lookup zone |
dnscmd /recordadd zonename lowIP PTR FQDN |
dnscmd /recordadd 1.168.192.in-addr.arpa 3 PTR pc1.bigfirm.com |
This is the PTR record for a system with IP address 192.168.1.3 |
Modify a zone”s SOA record |
dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL |
dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200 |
Ignores the serial number if it”s not greater than the current serial number |
Delete a resource record |
dnscmd /recorddelete zonename recordinfo [/f] |
dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f |
Again, “/f” means “don”t annoy me with a confirmation request, just do it.” |
Create a resource record and incorporate a nonstandard TTL |
dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord |
dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4 |
|
Reload a zone from its zone file in windowssystem32dns |
dnscmd /zonereload zonename |
dnscmd /zonereload bigfirm.com |
Really only useful on primary DNS servers |
Force DNS server to flush DNS data to zone file |
dnscmd /zonewriteback zonename |
dnscmd /zonewriteback bigfirm.com |
|
Tell a primary whom to allow zone transfers to |
dnscmd /zoneresetsecondaries zonename /nonsecure|securens |
dnscmd /zoneresetsecondaries bigfirm.com /nonsecure |
That example says to allow anyone who asks to get a zone transfer |
Enable/disable DNS NOTIFY |
dnscmd /zoneresetsecondaries zonename /notify|/nonotify |
dnscmd /zoneresetsecondaries bigfirm.com /nonotify |
Example disables DNS notification, which is contrary to the default settings. |
Tell a secondary DNS server to request any updates from the primary |
dnscmd /zonerefresh zonename |
dnscmd /zonerefresh bigfirm.com |
|
Enable or disable dynamic DNS on a zone |
dnscmd /config zonename /allowupdate 1|0 |
1 enables, 0 disables, 0 is default |
|
Stop the DNS service |
Either net stop dns or sc stop dns |
|
(No dnscmd command for this) |
Start the DNS service |
Either net start dns or sc start dns |
|
(No dnscmd command for this) |
Install the DNS service on a 2008 full install system |
servermanagercmd -install dns |
|
|
Install the DNS service on a 2008 Server Core system |
ocsetup DNS-Server-Core-Role |
|
Case matters — ocsetup dns-server-core-role would fail |
Uninstall the DNS service on a 2008 Server full install system |
servermanagercmd -remove dns |
|
|
Uninstall the DNS service on a 2008 Server Core system |
ocsetup /uninstall DNS-Server-Core-Role |
|
|
My friend Norm asked if I could post this sample Sysprep.xml file as he couldn”t find anything online yet to really help him with Server 2008 and Sysprep. If you have any questions or feedback just leave it in the comments and I”ll be sure to have Norm review them.
Here”s a sample sysprep.xml that you can use to get your Server 2008 build going. It has some of the basic functions you”ll need if you are deploying Server 2008 in an enterprise environment. This example is for the 64-bit version, using KMS (no product key in the sysprep). We do most of our configuration post-image and this configuration allows us to take a completely generic image and prepare it for enterprise deployment. This .xml is ready to go. It took me several days of trial and error to get this and I”m sure there are some admins that would love to have this as a starting point instead of what I had to start with.
Some of the things I”m doing in here:
<?xml version=”1.0″ encoding=”utf-8″?>
<unattend xmlns=”urn:schemas-microsoft-com:unattend”>
<settings pass=”specialize”>
<component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<ComputerName>*</ComputerName>
<RegisteredOrganization>Company Name</RegisteredOrganization>
<RegisteredOwner>Company Name</RegisteredOwner>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
<component name=”Microsoft-Windows-Security-Licensing-SLC-UX” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name=”Microsoft-Windows-IE-ESC” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
</settings>
<settings pass=”oobeSystem”>
<component name=”Microsoft-Windows-International-Core” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
<component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<RegisteredOrganization>Company Name</RegisteredOrganization>
<RegisteredOwner>Company Name</RegisteredOwner>
<UserAccounts>
<AdministratorPassword>
<Value>@bc!23</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action=”add”>
<Password>
<Value>@bc!23</Value>
<PlainText>true</PlainText>
</Password>
<Description>Administrative Installer</Description>
<DisplayName>Admin2</DisplayName>
<Group>Administrators</Group>
<Name>Admin2</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Password>
<Value>@bc!23</Value>
<PlainText>true</PlainText>
</Password>
<Domain>WORKGROUP</Domain>
<Enabled>true</Enabled>
<LogonCount>2</LogonCount>
<Username>Administrator</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action=”add”>
<CommandLine>%WINDIR%POST_INSTALLERpost_installer.vbs</CommandLine>
<Description>Post Install Script</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<Display>
<ColorDepth>32</ColorDepth>
<HorizontalResolution>1024</HorizontalResolution>
<VerticalResolution>768</VerticalResolution>
</Display>
<TimeZone>Eastern Standard Time</TimeZone>
</component>
</settings>
<settings pass=”generalize”>
<component name=”Microsoft-Windows-ServerManager-SvrMgrNc” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component name=”Microsoft-Windows-OutOfBoxExperience” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance“>
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
</settings>
</unattend>