Archive for Server Core

Server Core has been a popular topic for me over the last year as it is something completly different from what i”m used to working on.  I love the GUI but I know there are times when I have to do things via the command line.  Well if you are going to deploy Server Core in your environment then you will need to have the following guide to ensure that you know how to configure your new server.

 I”ve finally compiled a list of commands for Server Core into one article over at AdminPrep. I”ve sinced moved them to my blog hereSwing back here when your done to comment on it.

Last week I spent some time at my former employer taking a Server 2008 upgrade course.  Shame on you if you haven”t checked them out for training because their Hard Hat courses are hands down the best out there.

I spent a lot of time in that course working with Server Core (which needs a dedicated home page on ms.com) I”ve posted in the past about using CoreConfigurator to configure common options on Server Core.  In fact Active Directory can be installed with this tool too…however there are some companys that will not be able to use this tool for a number of reasons (although they really all should 🙂 ,,).

What I would like to help with today is providing a sample Answer file to use to install Active Directory on Server Core.  I”m posting this partially (like all my posts) for my own selfish reasons of being able to get to it at a later date. 

Active Directory still gets installed by using DCPromo on Server Core, however you will have to use the /unattend:<path> switch. In my case I copied the following sample answer file to the C:temp directory and then ran the following command to install Active Directory using an answer file – dcpromo /unattend:c:tempanswer.txt  Here is a look at the answer file (don”t worry I just made that password up for this demo).

This is the Replica Domain Controller Answer File:
[DCINSTALL]
UserName=administrator
UserDomain=AdminPrep.local
Password=$up3rT0p$3cr3t
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=replica
DatabasePath=”%systemroot%NTDS” 
LogPath=”%systemroot%NTDS”
SYSVOLPath=”%systemroot%SYSVOL”
InstallDNS=yes
ReplicaDomainDNSName=AdminPrep.local
ConfirmGC=yes
SafeModeAdminPassword=$up3rT0p$3cr3t
RebootOnCompletion=yes
 

As I”ve written this blog I noticed on Microsoft”s site that they have a KB that can be of further assistance with doing unattended installs or removals of Active Directory.  take a look at KB947034.

Below is the output from the DCPromo on Server Core.

C:Usersadministrator>dcpromo /unattend:c:tempanswer.txt
Checking if Active Directory Domain Services binaries are installed…
Active Directory Domain Services Setup

Validating environment and parameters…

A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. To enable reliable DNS name resolution from outside the domain AdminPrep.local, you should create a delegation to this DNS server manually in the parent zone.

—————————————-
The following actions will be performed:
Configure this server as an additional Active Directory domain controller for the domain AdminPrep.local.

Site: Default-First-Site-Name

Additional Options:
  Read-only domain controller: No
  Global catalog: Yes
  DNS Server: Yes

Update DNS Delegation: No

Source domain controller: any writable domain controller

Database folder: C:WindowsNTDS
Log file folder: C:WindowsNTDS
SYSVOL folder: C:WindowsSYSVOL

The DNS Server service will be installed on this computer.
The DNS Server service will be configured on this computer.
This computer will be configured to use this DNS server as its preferred DNS server.
—————————————-

Starting…

Performing DNS installation…

Press CTRL-C to: Cancel

Waiting for DNS installation to finish
…………………..
Waiting for DNS Server service to be recognized… 0

Waiting for DNS Server service to start… 0

Checking if Group Policy Management Console needs to be installed…

Changing domain membership of this computer…

Stopping service NETLOGON

…..
Installing the Directory Service

..
Examining an existing forest…
.
Configuring the local computer to host Active Directory Domain Services
………………
Creating the NTDS Settings object for this Active Directory Domain Controller on the remote AD DC DC01.AdminPrep.local…

Replicating the schema directory partition
..
Replicating CN=Schema,CN=Configuration,DC=AdminPrep,DC=local: received 536 out of approximately 1558 objects
.
Replicating CN=Schema,CN=Configuration,DC=AdminPrep,DC=local: received 1071 out of approximately 1558 objects
.
Replicated the schema container.
.
Replicating the configuration directory partition
.
Replicating CN=Configuration,DC=AdminPrep,DC=local: received 535 out of approximately 4114 objects

Replicating CN=Configuration,DC=AdminPrep,DC=local: received 1071 out of approximately 4114 objects
.
Replicating critical domain information…
.
Replicating data DC=AdminPrep,DC=local: Received 101 out of approximately 101 objects and 23 out of approximately 27 distinguished name (DN) values…

Replicating critical domain information…
….
Creating new domain users, groups, and computer objects

Setting the LSA policy information from policy DC01.AdminPrep.local

.
Configuring service IsmServ

Configuring service kdc

.
Configuring service NETLOGON

.
Setting the computer”s DNS computer name root to AdminPrep
.local

…..
Setting security on the domain controller and Directory Service files and registry keys

..
Securing S-1-5-32-551

Securing S-1-5-32-554
.
Securing S-1-5-9

Securing machinesoftwaremicrosoftwindows
……
Securing machinesystemcurrentcontrolsetcontrol

Securing c:windowssystem32logfiles
.
Securing SamSs
..
Securing dmserver
.
Securing Kerberos Policy

Replicating the domain directory partition…

Press CTRL-C to: Finish Replication Later

Replicating DC=ForestDnsZones,DC=AdminPrep,DC=local: received 18 out of approximately 18 objects
.
Replicating DC=DomainDnsZones,DC=AdminPrep,DC=local: received 42 out of approximately 42 objects
..
Configuring service NtFrs

The attempted domain controller operation has completed

Configuring the DNS Server service on this computer…
………..

I know i”m late on this but I”ve got to blog about it.  Fellow Directory Services MVP Guy Teverovsky has created the coolest tool yet for Server 2008 Server Core.  It is the Server Core CoreConfigurator

After you copy the four files to your Server Core server you have a great tool to help with the most common tasks within Server Core.  Included features are:
Features:

  • Product Activation
  • Configuration of display resolution
  • Clock and time zone configuration
  • Remote Desktop configuration
  • Management of local user accounts (creation, deletion, group membership, passwords)
  • Firewall configuration
  • WinRM configuration
  • IP configuration
  • Computer name and domain/workgroup membership
  • Installation of Server Core features/roles

The latest build added support for 3 scenarios for DCPromo:

  • Additional DC in existing domain new forest
  • Few Forest
  • New Child Domain

I highly recommend you go to his blog to view some of the screen shots.  To bad he didn”t get to make it to the last MVP summit because it would have been nice to catch up with him again.

Mar
28

Fellow Directory Services MVP Mark Minasi has a great table that shows a ton DNS commands using dnscmd. For those of you getting ready to use Server Core here is yet another list of commands that will come in handy. All I can say is WOW!!!

Function

DNSCMD option

Example

Comments

Do any dnscmd command on a remote system

dnscmd servername command

dnscmd main.bigfirm.com /zoneprint bigfirm.com

   

Create a primary zone

dnscmd /zoneadd zonename /primary

dnscmd /zoneadd bigfirm.com /primary

   

Create a secondary zone

dnscmd /zoneadd zonename /secondary master IP address

dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1

   

Host a zone on a server based on an existing (perhaps restored) zone file

dnscmd /zoneadd zonename /primary /file filename /load

dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load

   

Delete a zone from a server

dnscmd /zonedelete zonename [/f]

dnscmd /zonedelete bigfirm.com /f

(without the /f, dnscmd asks you if you really want to delete the zone)

Show all of the zones on a DNS server

dnscmd /enumzones

dnscmd /enumzones

   

Dump (almost) all of the records in a zone

dnscmd /zoneprint zonename

dnscmd /zoneprint bigfirm.com

Doesn”t show glue records.

Add an A record to a zone

dnscmd /recordadd zonename hostname A ipaddress

dnscmd /recordadd bigfirm.com mypc A 192.168.1.33

   

Add an NS record to a zone

dnscmd /recordadd zonename @ NS servername

dnscmd /recordadd bigfirm.com @ dns3.bigfirm.com

   

Delegate a new child domain, naming its first DNS server

dnscmd /recordadd zonename childname NS dnsservername

dnscmd /recordadd bigfirm.com test NS main.bigfirm.com

This would create the “test.bigfirm.com” DNS child domain unter the bigfirm.com DNS domain

Add an MX record to a zone

dnscmd /recordadd zonename @ MX priority servername

dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com

   

Add a PTR record to a reverse lookup zone

dnscmd /recordadd zonename lowIP PTR FQDN

dnscmd /recordadd 1.168.192.in-addr.arpa 3 PTR pc1.bigfirm.com

This is the PTR record for a system with IP address 192.168.1.3

Modify a zone”s SOA record

dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL

dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200

Ignores the serial number if it”s not greater than the current serial number

Delete a resource record

dnscmd /recorddelete zonename recordinfo [/f]

dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f

Again, “/f” means “don”t annoy me with a confirmation request, just do it.”

Create a resource record and incorporate a nonstandard TTL

dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord

dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4

   

Reload a zone from its zone file in windowssystem32dns

dnscmd /zonereload zonename

dnscmd /zonereload bigfirm.com

Really only useful on primary DNS servers

Force DNS server to flush DNS data to zone file

dnscmd /zonewriteback zonename

dnscmd /zonewriteback bigfirm.com

   

Tell a primary whom to allow zone transfers to

dnscmd /zoneresetsecondaries zonename /nonsecure|securens

dnscmd /zoneresetsecondaries bigfirm.com /nonsecure

That example says to allow anyone who asks to get a zone transfer

Enable/disable DNS NOTIFY

dnscmd /zoneresetsecondaries zonename /notify|/nonotify

dnscmd /zoneresetsecondaries bigfirm.com /nonotify

Example disables DNS notification, which is contrary to the default settings.

Tell a secondary DNS server to request any updates from the primary

dnscmd /zonerefresh zonename

dnscmd /zonerefresh bigfirm.com

   

Enable or disable dynamic DNS on a zone

dnscmd /config zonename /allowupdate 1|0

1 enables, 0 disables, 0 is default

   

Stop the DNS service

Either net stop dns or sc stop dns

   

(No dnscmd command for this)

Start the DNS service

Either net start dns or sc start dns

   

(No dnscmd command for this)

Install the DNS service on a 2008 full install system

servermanagercmd -install dns

   

   

Install the DNS service on a 2008 Server Core system

ocsetup DNS-Server-Core-Role

   

Case matters — ocsetup dns-server-core-role would fail

Uninstall the DNS service on a 2008 Server full install system

servermanagercmd -remove dns

   

   

Uninstall the DNS service on a 2008 Server Core system

ocsetup /uninstall DNS-Server-Core-Role

   

   

Mar
27

It”s been quite awhile since my last Server Core blog so I feel obligated to share some of the other findings that I have.  I”ve been asked several times how to configure TCP/IP settings on a Server Core server.

To configure the IP address we will have to remember (or learn) Netsh.

Configure a Static IP Address on Server Core:

Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1

Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary

Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary

Configure a Dynamic (DHCP) IP Address on Server Core:

Netsh int ipv4 set address “Local Area Connection” source=dhcp

Change the name of the network interface on Server Core:

Netsh int set interface name = “Local Area Connection” newname = “Primary Network”

 

And another little handy command that I thought you might like.

List of installed patches:

wmic qfe list

 

Hope that helps those that are in need.

After spending a bit of time on Amazon I noticed that books, movies, and other random things you can buy all had customer reviews.  I started to think, why don”t white papers and technical documents have the same?  Today I”ve decided to take action against poorly written technical papers and ensure that those companies are held accountable to what they are publishing.  OK, maybe I”m not that gun-ho about it but I do think it would be nice to give a review here and there on stuff i”ve read through.

Today”s review is on the Windows Server 2008 Reviewers Guide.  How interesting to start my reviews on a Reviewers Guide.  From what I can gather this guide has been available since early February and is in two forms, Full and Short.  The Full version weighs in at just under 11 MB while the Short version is just over 8 MB.  Not much a difference on the size.  The Full version is a whopping 250 pages while the Short version is 116 pages.  I actually thought the Short version would have been much shorter.  This review is for the Full version.

 

Usually when I download these Guides I notice that they are 100% marketing speak and 0% technical.  I was pleasantly surprised that this Guide had only a few areas littered with  marketing junk.  If you can get past the first few pages you are presented with several tables detailing which features work on which edition of Windows Server 2008.  Since this is a new OS i”m quite fond of it since i”m trying to figure out what goes where.

Section 2: Server Virtualization – I really hoped to gather a lot out of this section and quite frankly it did not deliver.  It provides a good high-level overview of Hyper-V but not much of anything when it comes to technical details.  I”m also not sure why there is even a page on Server Core here as it is really out of place.  Feel free to skip this section if you have been working with Virtualization for some time now.

Section 3: Centralized Application Access – This section was all about Terminal Services (TS).  Since there is quite a bit of changes with this service in Windows Server 2008 I again was looking forward to this section.  For me, this one delivered.  It went over all the new features and the best part of the entire section was that it gave you Group Policy locations to configure certain TS options! 

Section 4: Branch Office – All i”ve been hearing about with Sever 2008 is branch office this and branch office that.  Because of that I expected to see a lot of stuff in this section. The Read-Only Domain Controller (RODC) part was decent.  It actually gave some info that I didn”t expect to see like detailing which Active Directory Services attributes that were added to the schema to support RODCs.  I also thought a decent job was done on the BitLocker portion as it went into commands to help install it and Group Policy settings. As for the DFS portion I really wanted to see more.  This one lacked some of the details in the other products from this section.

Section 5: Security and Policy Enforcement – At over 80 pages this was the largest of all sections and covered a wide range of features within Windows Server 2008. The first few areas go over some definitions and can be used for a good reference at a later time.  There were so many in fact that I had to skip ahead because I felt I was studying for an exam. The Routing and Remote Access Service portion was very light and only highlighted some new technologies and removed ones (thanks for finally removing OSPF…it never belonged on a server).  I wanted to see more in the next section on how some of the services would work with IPv6. There was very little detail on that.  The Firewall portion of this section did a good job explaining what changed in Server 2008 from previous versions (client and server).  The Cryptography Next Generation portion provided nothing more then an overview. 

Now we began the Active Directory portion of this section.  Starting with an excellent write up of the Active Directory Certificate Services.  I felt that it was adequately covered hitting all major points of interest.  This portion was followed up by Active Directory Domain Services and the team did another good job on this area.  There isn”t a lot of technical How-To stuff here but it will inform you on what is new.  Federation Services was covered next and there was some good reading there with a nice flow chart to follow along with.  Let”s just say that the Active Directory Lightweight Directory Services was…well…light.  Finishing up Section 5 was an area that I really wanted to read up on, Active Directory Rights Management Services.  I was disappointed but only because I wanted to read more technical information on this product. Perhaps a scenario or two here with some flow charts would have been beneficial.

Section 6: Web and Application Platform – I”ve been a big fan of IIS since all the great changes that were made with IIS6.  I haven”t had time to look into IIS7 with great detail but this was about to change.  I felt empty after readying this portion.  What about FTP being completely redone?  Nothing!  The last portion is about Transactional NTFS, I think that page and a half will only confuse people and have them wondering how do I turn this on.

Section 7: Server Management –  The first three portions of this section are a very basic introduction to Server Manager.  It is nice to have a reference of all the Roles and Features in Server Manager though. The next area goes over a brief introduction to PowerShell.  As much as I would love to see more technical info here, this is the one area that I can give that a pass on.  PowerShell is not something you want people learning from a Reviewers Guide.  To my dismay there were a total of 4 pages on Server Core and all of them marketing!  I really wish there would have been some more info here.  The same marketing theme was put into the Backup portion but that is ok with me because not many mid-to-large companies use the built in backup tool.  An area I thought would have been really nice was the Windows Reliability and Performance Monitor.  Again there really lacked any details about the feature. The only thing I would have liked to seen added to the Windows Deployment Services (WDS) portion would have been some sample scripts or commands…also any Group Policy settings that apply to WDS.  The Group Policy portion finishes this section off and saves the section in my opinion.  Great job to the people that put that area together.

Section 8: High Availability Introduction – Why is it every guide I read through lacks information on clusters and network load balanced systems?  All 7 pages are marketing and nothing to get the technical person excited about high availability. 

Section 9: Better Together & Section 10: Miscellaneous – Feel free to skip these areas now.  Section 9 is a sales pitch to put Vista and Server 2008 together and Section 10 should have been put in the first section.

It”s now time for my rating.  This is 100% totally subjective to my opinion and only my opinion.  If you feel it should be different let me know by proving feedback in the comments section.  I will rate each section on a scale of 1 – 5 with 5 being the best possible.  Then I will rate the entire guide but it will not just be the average of all the scores.  I will rate it on usefulness to the community.

Brian”s Official Rating Scale
1 = Why were calories spent on this?
2 = Save some trees and don”t print this one
3 = Some areas are good but some aren”t so good
4 = Kept my technical interest and definitely printable
5 = Excellent – Print it out and keep it as a reference in your office

 

Rating on a scale of 1 – 5
Section 1 2
Section 2 2
Section 3 5
Section 4 4
Section 5 4
Section 6 1
Section 7 3
Section 8 2
Section 9 1
Section 10 1
Windows Server 2008 Reviewers Guide 3

I was just doing some catching up on some blog reading and saw that Keith Combs from Microsoft has an excellent screencast on Windows Server 2008 Password Caching on Domain Controllers. In fact he just doesn”t show you how to set it up he takes it to a whole new level by first installing Server 2008 Core and installing AD on it. Then he uses that DC as a Read Only DC (RODC). AWESOME stuff to see!

Back in January of 2007 I posted that TechNet Magazine had a really cool poster that showed Active Directory as a Jigsaw puzzle. I noticed in my latest copy of TechNet Magazine that it included two new posters. One of them was another Active Directory poster that showed all the cool new stuff in Windows Server 2008 and the other was one of the Windows Server 2008 Components. I just saw that the both of these are now available to download from Microsoft. This is something you will want to get your hands on and if you don”t get TechNet the magazine this is a great way to print it out too.

Jose Barreto just informed me that he has an excellent list of what has changed between Server 2008 Beta 3 and Server 2008 June CTP. The link shows what changed with Enterprise Edition and Server Core. What I really enjoy about this list is that:

  1. It is simple to read and understand (follows the KISS rule)
  2. It shows what is new from Beta 3
  3. Shows the newly renamed features

Thanks for the update Jose this is something I have been waiting to see!

Jun
06

Bob Muglia mentioned in the keynote at TechEd 2007 (really wish I could be there) that IIS7 was in fact going to be included in Server Core. I know that a lot of hosting providers have been screaming for this and rightfully so. While this sounds like outstanding news it is only the first step in what really needs to be done. This allows you to run a great webftp server on a server that has a reduced attack surface and small footprint, however it ONLY allows you to run non ASP.NET sites and applications. That is because .NET is still not supported on Server Core. I”m not sure if it will be by time it is released but I truly hope they will find a way to get .NET working on Server Core.