header image

Archive for Windows Server 2012

AD Management MEAP

Posted by: | July 15, 2013 | No Comment |

A new MEAP was released last week for AD Management in a Month of Lunches.  Chapters 1-15 are now available


under: Active Directory, Books, PowerShell original, Windows Server 2012

RDP annoyance

Posted by: | June 26, 2013 | 2 Comments |

I’ve RDPing into a number of servers from different systems recently and the way the screen resolution changes to match your monitor size is annoying. If I use the shortcut to the session I get whatever sizes were set in the last session so often logon, curse when the size isn’t convenient and logoff and reset.

maybe I should just buy a giant monitor?

under: Windows 8, Windows Server 2012

Creating a new disk

Posted by: | April 12, 2013 | No Comment |

I really like Windows Server Core. The concept has come of age in Windows 2012.

I needed to add a new disk to a virtual machine  – that’s easy using the Hyper-V cmdlets. But what about formating the disk.

A module new to Windows 2012 & Windows can be used.  Its the Storage module.  I’ve not had chance, or reason, to play with this module yet. So many cmdlets so little time.

Start with viewing the disks:

PS C:\Users\richard> Get-Disk | ft -a

Number Friendly Name          OperationalStatus Total Size Partition Style
—— ————-          —————– ———- —————
0      Virtual HD ATA Device  Online                120 GB MBR
1      Microsoft Virtual Disk Offline               127 GB RAW


Disk 1 is the new disk so need to initialise it.

PS C:\Users\richard> Initialize-Disk -Number 1 -PartitionStyle MBR

View the disks again

PS C:\Users\richard> Get-Disk | ft -a

Number Friendly Name          OperationalStatus Total Size Partition Style
—— ————-          —————– ———- —————
0      Virtual HD ATA Device  Online                120 GB MBR
1      Microsoft Virtual Disk Online                127 GB MBR


Create a partition on the disk -   -useMaximimSize means use all of the disk for this partition

PS C:\Users\richard> New-Partition -DiskNumber 1 -UseMaximumSize -DriveLetter R

Now view the partitions

PS C:\Users\richard> Get-Partition | ft -a

   Disk Number: 0

PartitionNumber DriveLetter Offset         Size Type
————— ———– ——         —- —-
1                           1048576      350 MB IFS
2               C           368050176 119.66 GB IFS

   Disk Number: 1

PartitionNumber DriveLetter Offset    Size Type
————— ———– ——    —- —-
1               R           1048576 127 GB Logical

And finally format the new disk:

PS C:\Users\richard> Get-Volume | where DriveLetter -eq R | Format-Volume -FileSystem NTFS -NewFileSystemLabel Backup

Are you sure you want to perform this action?
Warning, all data on the volume will be lost!
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y

You get a nice friendly warning (you could bypass using –Confirm $false) and the format happens

You could pipe the cmdlets together to do everything in one pass. Best of all – the cmdlets are WMI based.

under: PowerShell V3, Windows Server 2012

Windows Server Backup

Posted by: | April 11, 2013 | No Comment |

Windows Server 2012 has a PowerShell enabled backup utility. When you enable the feature you get a module called WindowsServerBackup.  It has the cmldets you would expect for creating and managing backups. No surprise you may say as this was avialable in Windows 2008 R2.

The difference with Windows Server 2012 is that you can do restores from PowerShell cmdlets whcih wasn’t available in the earlier version.

The restore cmdlets are






This might not replace your currebt backup system but is very useful for backing up test environments and experimenting with things like authorative AD restores.

under: PowerShell V3, Windows Server 2012

The MEAP marches on with chapter 8 now released:

Chapter 8 – creating Group Policies

details from http://www.manning.com/siddaway3/

under: Active Directory, Books, PowerShell V3, Windows Server 2012

PowerShell provides the Stop-Computer cmdlet for closing down a remote machine. I find this especially useful in my virtual test environment. I’ll have several machines running but won’t necessarily have logged onto them. Using Stop-Computer means that I can shut them down cleanly without the hassle of logging onto them.

In modern Windows systems you have to explicitly enable remote WMI access through the Windows firewall. Stop-Computer uses WMI. If the WMI firewall ports aren’t enabled you can’t use Stop-Computer. I’ve taken to use the CIM cmdlets rather than WMI so sometimes don’t open the WMI firewall ports.

One quick function later and I have an answer

function invoke-cimshutdown {            
param (            
$comp = Get-CimInstance win32_operatingsystem -ComputerName $computername            
Invoke-CimMethod -InputObject $comp -MethodName Shutdown            

Pass the computer name as a parameter – I deliberately didn’t put a default

Use Get-CimInstance to get the Win32_operatingsystem class and use Invoke-CimMethod to call the Shutdown method.

Another reason not to enable WMI on my server 2012 firewalls.

You can use this on legacy versions of Windows if you have PowerShell v3, and therefore WSMAN v3, installed

under: PowerShell and WMI, PowerShell V3, Windows Server 2012

Last time we saw the Get-NetAdapter cmdlet from the NetAdapter module

PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Up

If you look in the module you also find Disable-NetAdapter & Enable-NetAdapter

PS> Disable-NetAdapter -Name Wifi -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Disabled

PS> Enable-NetAdapter -Name Wifi -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Up

You can also enable/disable based on an Input Object, the alias (-ifalias) or the description (-InterfaceDescription)

PS> Get-NetAdapter -Name Wifi | Disable-NetAdapter -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Disabled

PS> Get-NetAdapter -Name Wifi | Enable-NetAdapter -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Up

What’s the alias?

PS> Get-NetAdapter | ft Name, InterfaceDescription, ifAlias, InterfaceAlias -a

Name     InterfaceDescription                           ifAlias  InterfaceAlias
—-     ——————–                           ——-  ————–
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Ethernet Ethernet
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter WiFi     WiFi

If you want to use these cmdlets against remote machines you can run them through a CIMsession

under: PowerShell and WMI, PowerShell V3, Windows 8, Windows Server 2012

Network adapters

Posted by: | March 4, 2013 | No Comment |

The WMI classes Win32_NetworkAdapter and Win32_NetworkAdapterConfiguration have seen a lot of use over the years. They can be a bit fiddly to use which is why the NetAdapter module in Windows 8/2012 is a so welcome.

Lets start by looking at basic information gathering

PS> Get-NetAdapter | ft -a

Name     InterfaceDescription                        ifIndex Status MacAddress        LinkSpeed
—-     ——————–                        ——- —— ———-        ———
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet          13 Up     00-1F-16-63-F5-DF  100 Mbps
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter   12 Up     00-24-2B-2F-9C-A5   54 Mbps

We get the Name & description, status, MAC address and link speed as the default display. Contrast with Win32_NetworkAdapter for the same two interfaces

ServiceName      : athr
MACAddress       : 00:24:2B:2F:9C:A5
AdapterType      : Ethernet 802.3
DeviceID         : 10
Name             : Qualcomm Atheros AR5007 802.11b/g WiFi Adapter
NetworkAddresses :
Speed            : 54000000

ServiceName      : NVNET
MACAddress       : 00:1F:16:63:F5:DF
AdapterType      : Ethernet 802.3
DeviceID         : 11
Name             : NVIDIA nForce 10/100/1000 Mbps Ethernet
NetworkAddresses :
Speed            : 100000000

Notice the ifIndex from Get-NetAdapter & DeviceId from Win32_NetworkAdapter.  Two different numbers to identify the device.

What else can Get-NetAdapter tell us:

PS> Get-NetAdapter  -Name Ethernet | fl *

ifAlias                                          : Ethernet
InterfaceAlias                                   : Ethernet
ifIndex                                          : 13
ifDesc                                           : NVIDIA nForce 10/100/1000 Mbps Ethernet
ifName                                           : Ethernet_7
DriverVersion                                    :
LinkLayerAddress                                 : 00-1F-16-63-F5-DF
MacAddress                                       : 00-1F-16-63-F5-DF
Status                                           : Up
LinkSpeed                                        : 100 Mbps
MediaType                                        : 802.3
PhysicalMediaType                                : 802.3
AdminStatus                                      : Up
MediaConnectionState                             : Connected
DriverInformation                                : Driver Date 2010-03-04 Version NDIS 6.20
DriverFileName                                   : nvmf6232.sys
NdisVersion                                      : 6.20
ifOperStatus                                     : Up
Caption                                          :
Description                                      :
ElementName                                      :
InstanceID                                       : {188C370D-AD90-46F3-8AD2-0C10AFB6490C}
CommunicationStatus                              :
DetailedStatus                                   :
HealthState                                      :
InstallDate                                      :
Name                                             : Ethernet
OperatingStatus                                  :
OperationalStatus                                :
PrimaryStatus                                    :
StatusDescriptions                               :
AvailableRequestedStates                         :
EnabledDefault                                   : 2
EnabledState                                     : 5
OtherEnabledState                                :
RequestedState                                   : 12
TimeOfLastStateChange                            :
TransitioningToState                             : 12
AdditionalAvailability                           :
Availability                                     :
CreationClassName                                : MSFT_NetAdapter
DeviceID                                         : {188C370D-AD90-46F3-8AD2-0C10AFB6490C}
ErrorCleared                                     :
ErrorDescription                                 :
IdentifyingDescriptions                          :
LastErrorCode                                    :
MaxQuiesceTime                                   :
OtherIdentifyingInfo                             :
PowerManagementCapabilities                      :
PowerManagementSupported                         :
PowerOnHours                                     :
StatusInfo                                       :
SystemCreationClassName                          : CIM_NetworkPort
SystemName                                       : RSLAPTOP01
TotalPowerOnHours                                :
MaxSpeed                                         :
OtherPortType                                    :
PortType                                         :
RequestedSpeed                                   :
Speed                                            : 100000000
UsageRestriction                                 :
ActiveMaximumTransmissionUnit                    : 1500
AutoSense                                        :
FullDuplex                                       : True
LinkTechnology                                   :
NetworkAddresses                                 : {001F1663F5DF}
OtherLinkTechnology                              :
OtherNetworkPortType                             :
PermanentAddress                                 : 001F1663F5DF
PortNumber                                       : 0
SupportedMaximumTransmissionUnit                 :
AdminLocked                                      : False
ComponentID                                      : pci\ven_10de&dev_0760
ConnectorPresent                                 : True
DeviceName                                       : \Device\{188C370D-AD90-46F3-8AD2-0C10AFB6490C}
DeviceWakeUpEnable                               : False
DriverDate                                       : 2010-03-04
DriverDateData                                   : 129121344000000000
DriverDescription                                : NVIDIA nForce 10/100/1000 Mbps Ethernet
DriverMajorNdisVersion                           : 6
DriverMinorNdisVersion                           : 20
DriverName                                       : \SystemRoot\system32\DRIVERS\nvmf6232.sys
DriverProvider                                   : NVIDIA
DriverVersionString                              :
EndPointInterface                                : False
HardwareInterface                                : True
Hidden                                           : False
HigherLayerInterfaceIndices                      : {26}
IMFilter                                         : False
InterfaceAdminStatus                             : 1
InterfaceDescription                             : NVIDIA nForce 10/100/1000 Mbps Ethernet
InterfaceGuid                                    : {188C370D-AD90-46F3-8AD2-0C10AFB6490C}
InterfaceIndex                                   : 13
InterfaceName                                    : Ethernet_7
InterfaceOperationalStatus                       : 1
InterfaceType                                    : 6
iSCSIInterface                                   : False
LowerLayerInterfaceIndices                       :
MajorDriverVersion                               : 73
MediaConnectState                                : 1
MediaDuplexState                                 : 2
MinorDriverVersion                               : 30
MtuSize                                          : 1500
NdisMedium                                       : 0
NdisPhysicalMedium                               : 14
NetLuid                                          : 1688849977704448
NetLuidIndex                                     : 7
NotUserRemovable                                 : False
OperationalStatusDownDefaultPortNotAuthenticated : False
OperationalStatusDownInterfacePaused             : False
OperationalStatusDownLowPowerState               : False
OperationalStatusDownMediaDisconnected           : False
PnPDeviceID                                      : PCI\VEN_10DE&DEV_0760&SUBSYS_360A103C&REV_A2\3&2411E6FE&0&50
PromiscuousMode                                  : False
ReceiveLinkSpeed                                 : 100000000
State                                            : 2
TransmitLinkSpeed                                : 100000000
Virtual                                          : False
VlanID                                           :
WdmInterface                                     : False
PSComputerName                                   :
CimClass                                         : ROOT/StandardCimv2:MSFT_NetAdapter
CimInstanceProperties                            : {Caption, Description, ElementName, InstanceID…}
CimSystemProperties                              : Microsoft.Management.Infrastructure.CimSystemProperties

Notice the CimClass property ROOT/StandardCimv2:MSFT_NetAdapter   – this is one of the new WMI classes introduced in Windows 8.  Does this class have any methods?

Get-CimClass -Namespace ROOT/StandardCimv2 -ClassName MSFT_NetAdapter | select -ExpandProperty CimClassMethods


These will be investigated in other posts – maybe we get cmdlets to work with these as well

under: PowerShell and WMI, PowerShell V3, Windows 8, Windows Server 2012

Filter or LDAP filter

Posted by: | February 27, 2013 | 1 Comment |

Many of the Microsoft AD cmdlets have a –Filter and an –LDAPFilter parameter.  So what’s the difference?

PS> Get-Help Get-ADUser -Parameter *Filter*

-Filter <String>
    Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression
    Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types  received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, see  about_ActiveDirectory_Filter.

-LDAPFilter <String>
    Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run  your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For  more information, see the Filter parameter description and the about_ActiveDirectory_Filter.

This means you have two ways to approach a problem. Lets think about finding a single user:

Get-ADUser -LDAPFilter "(samAccountName=Richard)"

Get-ADUser -Filter {samAccountName -eq ‘Richard’}

The LDAPFilter uses LDAP query syntax – attribute and value.  Filter uses PowerShell syntax. You could think of the –Filter as a condensed version of

Get-ADUser -Filter * | where samAccountName -eq ‘Richard’

Use the –Filter parameter because its less typing and you filter early – especially important if querying across a network.

You can use multiple attributes in the filters  – & implies AND in the LDAP filter

Get-ADUser -LDAPFilter "(&(givenname=Bill)(sn=Green))"

Get-ADUser -Filter {GivenName -eq ‘Bill’ -and Surname -eq ‘Green’}

The LDAP filter HAS to use the correct attribute name but Filter uses the property name returned by Get-ADUser.

LDAP filters can get very complicated very quickly. For instance if you want to find the disabled user accounts

Get-ADUser -LDAPFilter "(&(objectclass=user)(objectcategory=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2))"

Get-ADUser -Filter {Enabled -eq $false}

Alternatively,and in my opinion, its simpler to use Search-ADaccount

Search-ADAccount -AccountDisabled –UsersOnly

Which one should you use?  The one that best solves your problem. I mix & match to suit the search I’m performing

under: PowerShell and Active Directory, Windows Server 2012

I decided to replace one of the DCs in my test environment with a Windows 2012 Server Core machine. Server Core has really come of age in Windows 2012 – its easy to configure.

I’ve covered configuring a server before but to recap:

  • Rename the machine – use Rename-Computer
  • Set Network – use Set-NetIPInterface (address) & et-DnsClientServerAddress( dns address) & Rename-netAdapter
  • Join to domain – use Add-Computer

To create the domain controller use the ADDSDeployment module. You’ll only find this on servers where you’ve installed the AD Domain Services feature which you do like this:

Install-WindowsFeature -Name AD-Domain-Services -Confirm:$false


Import the module

Import-Module ADDSDeployment
Get-Command -Module ADDSDeployment

Create the Domain Controller. This is the equivalent of running DCPROMO in earlier versions. Even better you don’t need the answer file. Everything is a parameter on the cmdlet.

Install-ADDSDomain Controller -DomainName "manticore.org" -InstallDns -Credential (Get-Credential manticore\richard) -ApplicationPartitionsToReplicate *

Thats it!  Just wait for replication to happen.

You can also demote a domain controller

$cred = Get-Credential
Uninstall-ADDSDomainController -Credential $cred -RemoveApplicationPartitions -Confirm:$false

Restart the machine and uninstall AD & DNS

Uninstall-WindowsFeature -Name AD-Domain-Services, DNS -Confirm:$false
Restart-Computer -ComputerName dc02

Leave the domain

$cred = Get-Credential manticore\richard
Remove-Computer -UnjoinDomainCredential $cred -Workgroup Test

Trash the VM.

And best of all it works over remoting.  You will need to recreate the session for restarts & changes but it is really easy.

Server Core is now a much friendlier option.

under: PowerShell and Active Directory, PowerShell V3, Windows Server 2012

« Newer Posts - Older Posts »