Richard Siddaway's Blog

Windows 10 and Server 2016 automatically install a module called Pester which is used for testing code. Its the foundation of Test Driven Development or Behaviour Driven Development using PowerShell.

The version  installed by default is 3.4.0.

Pester is originally an open source module that has been incorporated into Windows. The latest version from the PowerShell Gallery is 4.0.2

Normally you’d use Update-Module to install the new version BUT you didn’t install pester from the gallery using Install-Module so you’ll get a big fat error message.

The answer is to use

Install-Module pester –Force

You might still get an error message about the Pester module not being catalog signed. if you do and still want the latest version then use

Install-Module pester -Force -SkipPublisherCheck

I like to keep the virtual machines in my test lab up to date so have a WSUS server to download and manage updates. The difficulty is applying the updates. With Windows 2012 R2 I used a module that would contact the WSUS server and apply the updates – the was especially useful on server core installations.

I found with Windows 2016 that this COM based module wasn’t reliable so after a bit of investigation discovered that there are some CIM classes that you can use to discover and apply available updates and see what updates have been applied.

All I need is a simple set of code so wrote a bare bones module that offers three functions:

#Scan for available updates
function Get-AvailableUpdate {
[CmdletBinding()]
param()
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=0";OnlineScan=$true}
$result.Updates
}

#Install all available updates
function Install-AvailableUpdate {
[CmdletBinding()]
param()
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
Invoke-CimMethod -InputObject $ci -MethodName ApplyApplicableUpdates
}

#list installed updates
function Get-InstalledUpdate {
[CmdletBinding()]
param()
$ci = New-CimInstance -Namespace root/Microsoft/Windows/WindowsUpdate -ClassName MSFT_WUOperationsSession
$result = $ci | Invoke-CimMethod -MethodName ScanForUpdates -Arguments @{SearchCriteria="IsInstalled=1";OnlineScan=$true}
$result.Updates
}

 

Testing so far seems to be good. As this is just for me I’m bothering with adding error testing or other production ready stuff. This works and I’ll fix problems as they occur

Server Core is great for reducing the footprint of your VMs – Nano server is smaller but it can’t be a domain controller

One draw back to server core is that you only get a single console. If you hang that for any reason you have to either try and open another one (Hyper-V console greys out CTRL-DEL-ALT) or open a few when you logon to the machine.

You still get a cmd.exe console instead of PowerShell – that should be changed. Its 10 years since PowerShell came along! So run Powershell to open  Powershell in the default console.

"Start-Process -FilePath powershell.exe -Verb RunAS" > new-powershell.ps1

Will create a simple script to open a new elevated Powershell console .

Run it as many times as you want. Perform your work in the new Powershell console and if it hangs – just shut it down. Keep the default console for just opening new PowerShell consoles and then you’ll always be able to keep working.

As I’ve completely rebuilt my demo/lab machine I need to re-create the Active Directory

This is now so simple even on a server core machine

First install the roles and features needed

Add-WindowsFeature -Name AD-Domain-Services, RSAT-AD-PowerShell, DNS, RSAT-DNS-Server, DHCP, RSAT-DHCP

This adds AD, DNS, DHCP and the appropriate admin tools – as its server core we’re really talking about the relevant PowerShell modules

Installing AD just gets you ready – it doesn’t create the forest

You get the ADDSDeployment module

PS C:\Scripts> Get-Command -Module ADDSDeployment

Name
—-
Add-ADDSReadOnlyDomainControllerAccount
Install-ADDSDomain   
Install-ADDSDomainController 
Install-ADDSForest
Test-ADDSDomainControllerInstallation
Test-ADDSDomainControllerUninstallation
Test-ADDSDomainInstallation 
Test-ADDSForestInstallation 
Test-ADDSReadOnlyDomainControllerAccountCreation
Uninstall-ADDSDomainController

To create the forest and the first domain controller

PS C:\Scripts> Install-ADDSForest -DomainName ‘Manticore.org’ -ForestMode Default -DomainMode Default -InstallDns
SafeModeAdministratorPassword: ********

You’ll be asked to confirm the safe mode password

Default for forest and domain mode matches the Windows version

PS C:\Users\Administrator> Get-ADForest

ApplicationPartitions : {}
CrossForestReferences : {}
DomainNamingMaster    : W16DC01.Manticore.org
Domains               : {Manticore.org}
ForestMode            : Windows2016Forest
GlobalCatalogs        : {W16DC01.Manticore.org}
Name                  : Manticore.org
PartitionsContainer   : CN=Partitions,CN=Configuration,DC=Manticore,DC=org
RootDomain            : Manticore.org
SchemaMaster          : W16DC01.Manticore.org
Sites                 : {Default-First-Site-Name}
SPNSuffixes           : {}
UPNSuffixes           : {}

PS C:\Users\Administrator> Get-ADDomain

AllowedDNSSuffixes                 : {}
ChildDomains                       : {}
ComputersContainer                 : CN=Computers,DC=Manticore,DC=org
DeletedObjectsContainer            : CN=Deleted Objects,DC=Manticore,DC=org
DistinguishedName                  : DC=Manticore,DC=org
DNSRoot                            : Manticore.org
DomainControllersContainer         : OU=Domain Controllers,DC=Manticore,DC=org
DomainMode                         : Windows2016Domain
DomainSID                          : S-1-5-21-759617655-3516038109-1479587680
ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=Manticore,DC=org
Forest                             : Manticore.org
InfrastructureMaster               : W16DC01.Manticore.org
LastLogonReplicationInterval       :
LinkedGroupPolicyObjects           : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Manticore,DC=o
                                     rg}
LostAndFoundContainer              : CN=LostAndFound,DC=Manticore,DC=org
ManagedBy                          :
Name                               : Manticore
NetBIOSName                        : MANTICORE
ObjectClass                        : domainDNS
ObjectGUID                         : 05d9aa61-d422-4728-9595-77754934b948
ParentDomain                       :
PDCEmulator                        : W16DC01.Manticore.org
PublicKeyRequiredPasswordRolling   : True
QuotasContainer                    : CN=NTDS Quotas,DC=Manticore,DC=org
ReadOnlyReplicaDirectoryServers    : {}
ReplicaDirectoryServers            : {W16DC01.Manticore.org}
RIDMaster                          : W16DC01.Manticore.org
SubordinateReferences              : {CN=Configuration,DC=Manticore,DC=org}
SystemsContainer                   : CN=System,DC=Manticore,DC=org
UsersContainer                     : CN=Users,DC=Manticore,DC=org

Way back when I used to take Microsoft certification exams there were often questions of the form “Perform task X with the minimum of administrative effort” Most, if nor all, of the possible answers would be correct but the correct answer was the one that achieved the goal with the minimum amount of work.

Many, if not most, administrators don’t seem to follow that model.

This was brought home to me when I saw a forum discussion about collecting event log information from a bunch of remote servers on a regular basis.

You could set up a scheduled task/job that runs a script against the remote servers – collects the  log information and populates an Excel spreadsheet

OR

You could enable event log forwarding and just interrogate the combined logs as needed.

The second option is the easier to MAINTAIN and will cost you less effort in the long run.

When you start to solve a problem – stop and search for a bit to see if there is a solution already available in Windows server. Bet you’ll be surprised by what you find

The launch of Windows Server 2016 has been announced at Ignite – https://blogs.technet.microsoft.com/hybridcloud/2016/09/26/announcing-the-launch-of-windows-server-2016/

Evaluations can be downloaded from the link in the above post.

Soon be time to re-build the test lab

Not having a lot of success with Windows new builds and wireless adapters this year.

First off Windows 2016 TP5 didn’t work with wireless – needed to install a patch to get it working. It still drops the connection when machine is powered down but while a pain is easy to remedy.

Windows 10 preview build 14195 appeared yesterday. Installed it and my wireless adapter stopped working. Looks to be a similar issue to Windows 2016 – oops.  In this case just rolled back to the previous build

What’s really funny about the Windows 10 issue is that I’m using a Surface Pro 2 built by – wait for it – Microsoft. So a Microsoft OS kills Microsoft hardware. I’ve seen this in the past with OS/2 and IBM kit but thought we were past those sort of errors 

Looks like we’re set for some summer goodies over the next few months.

First up is Windows 10 anniversary update that’s due 2 August

https://blogs.windows.com/buildingapps/2016/07/12/windows-10-anniversary-sdk-preview-build-14388-released/

Followed by the Windows Server 2016 launch at the end of September

https://blogs.technet.microsoft.com/windowsserver/2016/07/12/windows-server-2016-new-current-branch-for-business-servicing-option/

TP5 is stated to be feature complete – my testing so far shows some rough edges. Hope launch means general availability and not another 2-3 month wait like we had with Windows 2012 R2

The article is also interesting for showing how Windows server and Nano server will be treated differently. Windows server wil get patches in the traditional cycle we’ve come to know and love(?). Nano server will be more like Windows 10 with updates 2-3 times per year – including new features. Hopefully that would include Nano server being able to support more roles

I needed to copy the same file to multiple machines so I tried this:

$computers = ‘W16CN01’, ‘W16CN02’

$s = New-PSSession -ComputerName $computers

Copy-Item -Path ‘C:\Source\Windows 2016 TP5\Cumulative Update for Windows Server 2016 Technical Preview 5 (KB3163016)\AMD64-all-windows10.0-kb3163016-x64_83d6e9bca94a64a5d9be3d81cdb182e540285848.msu’ -Destination C:\Scripts -ToSession $s

Remove-PSSession –Session $s

It failed with:

Copy-Item : Cannot convert ‘System.Object[]’ to the type
‘System.Management.Automation.Runspaces.PSSession’ required by parameter
‘ToSession’. Specified method is not supported.
At line:5 char:236
+ … a5d9be3d81cdb182e540285848.msu’ -Destination C:\Scripts -ToSession $s
+                                                                        ~~
    + CategoryInfo          : InvalidArgument: (:) [Copy-Item], ParameterBindi
   ngException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.PowerShell.Comma
   nds.CopyItemCommand

If you look at the syntax

Get-Command Copy-Item -Syntax

Copy-Item [-Path] <string[]> [[-Destination] <string>] [-Container]
[-Force] [-Filter <string>] [-Include <string[]>] [-Exclude <string[]>]
[-Recurse] [-PassThru] [-Credential <pscredential>] [-WhatIf] [-Confirm]
[-UseTransaction] [-FromSession <PSSession>] [-ToSession <PSSession>]
[<CommonParameters>]

Copy-Item [[-Destination] <string>] -LiteralPath <string[]> [-Container]
[-Force] [-Filter <string>] [-Include <string[]>] [-Exclude <string[]>]
[-Recurse] [-PassThru] [-Credential <pscredential>] [-WhatIf] [-Confirm]
[-UseTransaction] [-FromSession <PSSession>] [-ToSession <PSSession>]
[<CommonParameters>]

the ToSession and FromSession parameters only take a single session as their value.

Modify the code to

$computers = ‘W16CN01’, ‘W16CN02’

$sessions = New-PSSession -ComputerName $computers

foreach ($session in $sessions) {
Copy-Item -Path ‘C:\Source\Windows 2016 TP5\Cumulative Update for Windows Server 2016 Technical Preview 5 (KB3163016)\AMD64-all-windows10.0-kb3163016-x64_83d6e9bca94a64a5d9be3d81cdb182e540285848.msu’ -Destination C:\Scripts -ToSession $session
}

Remove-PSSession -Session $sessions

And it works

Last week I mentioned PowerShell and how you can create a PowerShell Remoting session to a Virtual Machine that’s running on Hyper-V

Here’s an example of it in use:

$cred = Get-Credential W16TP5TGT01\Administrator
$s = New-PSSession -VMName W16TP5TGT01 -Credential $cred

Create the credential for the VM and then create the remoting session. I prefer to use the VM name rather than the GUID.

Once you’ve established the session you can use it. In this case I’m using another PowerShell 5.o innovation to copy a file across the remote session:

Copy-Item -Path ‘C:\Source\Windows 2016 TP5\Cumulative Update for Windows Server 2016 Technical Preview 5 (KB3163016)\AMD64-all-windows10.0-kb3163016-x64_83d6e9bca94a64a5d9be3d81cdb182e540285848.msu’ -Destination c:\source -ToSession $s

Clean up as usual:

Remove-PSSession -Session $s

PowerShell Direct is another useful addition to the remoting toolbox. It’ll be especially useful in non-domain remoting situations.