header image

Archive for Windows Server 2012 R2

Project Honolulu

Posted by: | October 31, 2017 Comments Off on Project Honolulu |

The recent announced project Honolulu – https://blogs.technet.microsoft.com/windowsserver/2017/09/22/project-honolulu-technical-preview-is-now-available-for-download/ – is Microsoft’s new browser based Server management tool.


You can install it on Windows 10, Windows Server 1709 and Windows Server 2016, 2012 R2 and 2012


Honolulu is the proposed replacement for the MMC based tools we’ve been using since Windows 2000.


Honolulu functions as a gateway that uses Remote PowerShell and WMI over WinRM (WS-MAN) to manage servers. The gateway connects to an app on the server. You need PowerShell 5.0 or higher on the servers to be managed.


You can currently manage these areas through Honolulu:

Displaying resources and resource utilization
Certificate Management
Event Viewer
File Explorer
Firewall Management
Configuring Local Users and Groups
Network Settings
Viewing/Ending Processes and Creating Process Dumps
Registry Editing
Managing Windows Services
Enabling/Disabling Roles & Features
Managing Hyper-V VMs & Virtual Switches
Managing Storage
Managing Windows Update


There are some big gaps at present including:

Active Directory


Is this a replacement for the RSAT tools – not at present.


These tools are still under development so this is an opportunity to help shape the next generation of tools. Be really nice if you can generate PowerShell scripts from the commands as you can with later MMC tools.

under: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016

New PowerShell console on Server Core

Posted by: | November 17, 2016 Comments Off on New PowerShell console on Server Core |

Server Core is great for reducing the footprint of your VMs – Nano server is smaller but it can’t be a domain controller


One draw back to server core is that you only get a single console. If you hang that for any reason you have to either try and open another one (Hyper-V console greys out CTRL-DEL-ALT) or open a few when you logon to the machine.


You still get a cmd.exe console instead of PowerShell – that should be changed. Its 10 years since PowerShell came along! So run Powershell to open  Powershell in the default console.


"Start-Process -FilePath powershell.exe -Verb RunAS" > new-powershell.ps1

Will create a simple script to open a new elevated Powershell console .


Run it as many times as you want. Perform your work in the new Powershell console and if it hangs – just shut it down. Keep the default console for just opening new PowerShell consoles and then you’ll always be able to keep working.

under: PowerShell, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016

Don’t reinvent the wheel

Posted by: | October 31, 2016 Comments Off on Don’t reinvent the wheel |

Way back when I used to take Microsoft certification exams there were often questions of the form “Perform task X with the minimum of administrative effort” Most, if nor all, of the possible answers would be correct but the correct answer was the one that achieved the goal with the minimum amount of work.


Many, if not most, administrators don’t seem to follow that model.


This was brought home to me when I saw a forum discussion about collecting event log information from a bunch of remote servers on a regular basis.


You could set up a scheduled task/job that runs a script against the remote servers – collects the  log information and populates an Excel spreadsheet


You could enable event log forwarding and just interrogate the combined logs as needed.


The second option is the easier to MAINTAIN and will cost you less effort in the long run.


When you start to solve a problem – stop and search for a bit to see if there is a solution already available in Windows server. Bet you’ll be surprised by what you find

under: PowerShell, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016

Create a reverse lookup zone

Posted by: | October 30, 2015 Comments Off on Create a reverse lookup zone |

I needed to create a DNS reverse lookup zone for my test environment. With Windows Server 2012 R2 I’ve got cmdlets available for managing DNS servers – the DnsServer module. You need to install the DNS role or the DNS RSAT tools to get access to the module.


To create a new reverse lookup zone

Add-DnsServerPrimaryZone -DynamicUpdate Secure -NetworkId ‘’ -ReplicationScope Domain


Use the netorkId to define the subnet the zone spans. Setting DynamicUpdate to Secure ensures I have an AD integrated zone and I’ve set the replication scope to the domain.


Doesn’t get any easier

under: DNS, PowerShell, Windows Server 2012 R2

Quick update check

Posted by: | October 2, 2015 Comments Off on Quick update check |

Want to check on any updates that haven’t been fully applied in your environment.


Run this on your WSUS server (2012 R2)

£> Get-WsusUpdate -Classification All -Status Any -Approval AnyExceptDeclined |
where InstalledOrNotApplicablePercentage -ne 100


You can modify the filters:


Classification = one of All, Critical, Security, WSUS


Status = one of NoStatus, InstalledOrNotApplicable, InstalledOrNotApplicableOrNoStatus, Failed, Needed, FailedOrNeeded, Any


Approval = one of Approved, Unapproved, AnyExceptDeclined, Declined

under: PowerShell, Windows Server 2012 R2, WSUS

Error handling for DNS lookups

Posted by: | September 29, 2015 Comments Off on Error handling for DNS lookups |

Interesting question on the forum regarding the Resolve-DNSname cmdlet. This is part of the DNSclient module introduced with Windows 8.


If the DNS record is found everything is good

£> Resolve-DnsName W12R2DSC -Server server02 | ft -a

Name                   Type TTL  Section IPAddress
—-                   —- —  ——- ———
W12R2DSC.Manticore.org A    1200 Answer


If the record isn’t found you get an error

£> Resolve-DnsName W12R2DSC3 -Server server02
Resolve-DnsName : W12R2DSC3 : DNS name does not exist
At line:1 char:1
+ Resolve-DnsName W12R2DSC3 -Server server02
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (W12R2DSC3:String) [Resolve-DnsName], Win32Exception
    + FullyQualifiedErrorId : DNS_ERROR_RCODE_NAME_ERROR,Microsoft.DnsClient.Commands.ResolveDnsName


If you want to gracefully handle that error you use try-catch


$computer = ‘W12R2DSC3’
try {
Resolve-DnsName $computer -Server server02 -ErrorAction Stop
catch {
  Write-Warning -Message "Record not found for $computer"

under: DNS, PowerShell v5, Windows Server 2012 R2

PowerShell and messaging

Posted by: | July 11, 2015 Comments Off on PowerShell and messaging |

This article – http://powershell.org/wp/2015/07/07/rabbitmq-and-powershell/ – reminded me that Windows server comes with a built-in messaging system – MSMQ.


There is a PowerShell module for MSMQ – https://technet.microsoft.com/en-us/library/hh405007(v=vs.85).aspx


Since reading the RabbitMQ article I think that Rabbit is more useful in a heterogeneous environment but MSMQ would work very nicely in a Windows only environment.


I’ve not looked at MSMQ for a long time and not seen much on using it through PowerShell so I think its time to remedy that – I’ll put together a short series on using MSMQ through PowerShell to complement the RabbitMQ information

under: PowerShell, Windows Server 2012 R2

IPAM: 1 Installation and configuration

Posted by: | May 21, 2015 Comments Off on IPAM: 1 Installation and configuration |

IPAM stands for IP Address Management. It’s a feature in Windows Server 2012 R2 that enables you manage your DHCP and DNS servers as a whole rather than at the individual service or server level.


Installation of IPAM follows the standard approach for any Windows feature. Note that you can install IPAM on a Domain Controller but it won’t configure. IPAM is designed to be installed on a member server.

Full details on deploying IPAM server are available from here https://technet.microsoft.com/en-us/library/hh831353.aspx


I’m not going to run through the full deployment and configuration – just point out some issues and where you can use PowerShell to make things easier.


Once the IPAM feature is installed you have to provision the IPAM server. There isn’t a separate MMC for IPAM admin – you use Server Manager.  Provisioning an IPAM server can be done manually or by GPO.  Manual seemed best for lab/experiment/initial set up as can’t swap from GPO to manual. You can use Windows Internal Database (WID) or SQL Server – I used WID.


You then need to configure your DHCP servers, DNS servers and domain controllers. This involves a number of group membership changes, firewall rule changes and a registry setting.


Create a group called IPAMUG and add the IPAN server into it.

New-ADGroup -Name IPAMUG -DisplayName IPAMUG -SamAccountName IPAMUG    -Description ‘IPAM management group’ -GroupCategory Security -GroupScope Universal

Add-ADGroupMember -Identity IPAMUG -Members (Get-ADComputer -Identity W12R2SUS)


Add IPAMUG to a number of groups

Add-ADGroupMember -Identity ‘Event Log Readers’ -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity ‘DHCP Users’ -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity ‘DNSAdmins’ -Members (Get-ADGroup -Identity IPAMUG)


I also found I had to add the IPAM server to the domain Administrators group to get the DNS data to come through.


Modify some firewall rules

$cs = New-CimSession -ComputerName W12R2SCDC01

Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (RPC)’ -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (NP-In)’ -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (RPC-EPMAP)’ -CimSession $cs -PassThru

Get-NetFirewallRule -DisplayGroup ‘Remote Service Management’ -CimSession $cs |
ft  DisplayName, Enabled, Direction,Profile –a


There are a bunch of firewall rules that need setting. You can find the full list in the TechNet documentation.

For DHCP servers create an audit share


New-SmbShare -Name dhcpaudit -Path ‘C:\Windows\System32\dhcp’ -ReadAccess ‘manticore\IPAMUG’
Set-SmbShare -Name dhcpaudit -Description ‘DHCP audit share for IPAM’ -Force

## restart DHCP service
Get-Service -Name DHCPServer | Restart-Service -PassThru


Enable event log monitoring on the DNS servers

$csd = Get-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server’ -Name CustomSD |
select -ExpandProperty CustomSD
$ipamsid = (Get-ADComputer -Identity W12R2SUS | select -ExpandProperty SID).value
$csd = $csd + "(A;;0x1;;;$ipamsid)"
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server’ -Name CustomSD -Value $csd –PassThru


I also had to manually add the IPAMUG group into the security permissions for the DNS servers. Didin’t seem to be a way to automate that bit.


IPAM has a PowerShell module – IpamServer – which contains lots of cmdlets:


Now I’ve got my IPAM server up and running its time to see what I can do with it

under: Networking, PowerShell, Windows Server 2012 R2

DHCP scope lease time

Posted by: | January 7, 2015 Comments Off on DHCP scope lease time |

I wanted to reduce the lease time on a DHCP scope


$lt = New-TimeSpan -Hours 12
Set-DhcpServerv4Scope -ScopeId -LeaseDuration $lt


You could even make it a one liner if you wished


Set-DhcpServerv4Scope -ScopeId –LeaseDuration (New-TimeSpan -Hours 12)

under: DHCP, PowerShell, Windows Server 2012, Windows Server 2012 R2

Merry Christmas from the PowerShell team

Posted by: | December 23, 2014 Comments Off on Merry Christmas from the PowerShell team |

The PowerShell team have produced wave 9 of the DSc resource kit – just in time for Christmas – http://blogs.msdn.com/b/powershell/archive/2014/12/17/another-holiday-present-from-the-powershell-team-dsc-reskit-wave-9.aspx

This wave contains a number of new resources and some updates to existing resources including the Exchange resource.

You can download the latest version of the resource kit from  https://gallery.technet.microsoft.com/DSC-Resource-Kit-All-c449312d

The team’s blog post states that you should check for the GA update (which is minimum requirement for running the DSC res kit) by testing to see if KB2883200 is installed. This won’t work if you’ve built you system using Windows media that incorporates the update.

A better test is to look at the build number. It should be 9400 or higher. You can see this by using $psversiontable

£> $PSVersionTable

Name                           Value
—-                           —–
PSVersion                      4.0
WSManStackVersion              3.0
CLRVersion                     4.0.30319.34014
BuildVersion                   6.3.9600.17400
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion      2.2

The version is  6.3.9600.17400  where 6.3 = Windows 2012 R2 and 9600 = the build

You can also use WMI

£> Get-CimInstance -ClassName Win32_Operatingsystem | Format-List BuildNumber, Version

BuildNumber : 9600
Version     : 6.3.9600

under: DSC, PowerShell, Windows Server 2012 R2

Older Posts »