Charlie Russel's Blog

As I was trying to configure a new lab setup that takes advantage of nested Hyper-V so that I can build a lab to do Hyper-V host clustering, I ran into a problem with networking. Everything looked good on the “host1” virtual machine, but the domain controller I created for TreyResearch.net that runs as a nested VM on host1 couldn’t connect to anything outside of host1. Which would end up being a pain fairly quickly. But after a good bit of poking around, I found the solution – either enable MAC Address Spoofing on host1, or configure a NAT switch on host1. For most of us, the MAC Address Spoofing is the simplest solution and works just fine. But if you’re in a public cloud scenario, you’ll likely have to go the NAT route.

To enable Nested Hyper-V, shutdown host1 and then run the following command on the top level host:

Set-VMProcessor -VMName host1 -ExposeVirtualizationExtensions $True

Start host1 and install the Hyper-V role with:

Install-WindowsFeature -Name Hyper-V -IncludeAllSubFeature -IncludeManagementTools

Once the reboots finish on host1, enable MAC Address Spoofing on the network adapter(s) of  host1:

Get-VMNetworkAdapter -VMName host1 | Set-VMNetworkAdapter -MacAddressSpoofing On

And you’re done.

Creating VMs with New-myVM.ps1 – Part 2

So, as I showed in the previous post, I’ve got my new VM built, but it’s not really ready for use yet. For one thing, it needs a DVD attached and the boot order set, plus I want to add a second NIC, and change the number of processors assigned to it. First, setting up the memory, processors, static MAC address for the NIC and configuring the DVD if we’re booting from DVD. (Which, I admit, I don’t often do. Mostly I copy over a SysPrep’d VHDX file.)

To do this, I have a function, of course, called Set-myVMConfig, to do most of it, and a separate one that I use to configure the second NIC, Add-myNetAdapter

Function Set-myVMConfig {
   Write-Verbose "Setting Processor Count to 4 for $VMName"
   Set-VMProcessor      -VMName $VMName -Count 4
   Write-Verbose "Enabling Dynamic Memory"
   Set-VMMemory         -VMName $VMName -DynamicMemoryEnabled $True
   Write-Verbose "Assigning static MAC address of $MacAdd"
   Get-VMNetworkAdapter -VMName $VmName `
      | Set-VMNetworkAdapter -StaticMacAddress "$MacAdd"
   if ($DVD) {
      Write-Verbose "Building from DVD, so adding DVD drive, and configuring boot order"
      if (! $client) { 
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName  -Path $ServerISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName  -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName -BootOrder $vmDVD,$vmDrive
      } else {
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName -Path $ClientISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName   -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName   -BootOrder $vmDVD,$vmDrive
      }
   }
}

This sets the # of processors to 4, enables dynamic memory, sets a static MAC address on the first NIC, adds a DVD drive if appropriate, and sets the boot order to boot from the specified ISO file.

Almost done – now, all we need to do is add a second network adapter, and set it to a fixed MAC address as well.

Function Add-myNetAdapter {
   Write-Verbose "Adding second network adapter"
   Add-VmNetworkAdapter -VMName $VmName `
                        -SwitchName '199 Network' `
                        -StaticMacAddress "$199MacAdd" `
                        -Name '199 Ethernet'
}

Now, that we have all the functions, all we need to do is execute them, and that all happens with:

If (! ( Get-VM -Name $VmName -ErrorAction Continue 2>$NULL) ) {
   Test-SourcePath
   Test-Clean
   Copy-myVHD -wait
   Write-Verbose "VHD's copied if we were doing that, now creating the VM..."
   Create-myVM
   Write-Verbose "VM Created"
   $myVM = Get-VM -VMName $VMName
}
Set-myVMConfig
Add-myNetAdapter
$myVM | Format-List

And, since this whole thing has been broken up across a couple of posts, here’s the whole script, including full Get-Help support.

New-myVM.ps1

<# 
.Synopsis
    Creates a new VM
.Description
    New-myVM and New-myClientVM make a new VM of Name $1 and MAC Address in the $MacBase 
    range of MAC addresses. If the command is run as New-myClientVM, then the -Client 
    parameter is assumed unless overridden at the command line. 
.Example 
   New-myVM -VMName Trey-DC-02 02
   Creates a new Server VM of name "Trey-DC-02" in the default MAC address range
   with the "02" as the final octet of MAC address. 
.Example 
   New-myVM -Name trey-client-22 -MacFinal 16 -DVD -Client $True
   Creates a new Client VM of name "trey-client-22" in the default MAC address range
   with 16 as the final octet of MAC address. The VM is installed from the default 
   Server 2016 DVD. 
.Example 
   New-myVM Trey-DC-02 02 -DVD
   Creates a new Server VM of name "Trey-DC-02" in the default MAC address range
   with the "02" as the final octet of MAC address. The VM is installed from the 
   default Server 2016 DVD. 
.Example
    New-myVM -VmName "Trey-WDS-11" -MacFinal "0B" -MacBase "00-15-5D-32-64-"
    Creates a new Server VM of name Trey-WDS-11 in a non-default MAC address range. 
.Example
   New-myClientVM -Name trey-client-01 
   Creates a new Windows 10 client VM, 'trey-client-01' using the default VHD, and 
   will prompt for the final 2 digits of the MAC address. 
.Example
   New-myVM -Name trey-client-01 -MACFinal 65 -Client $True -Source 'V:\Source' -Path 'Y:\'
   Creates a new Windows 10 client VM, 'trey-client-01' using the sysprep'd image at V:\Source, 
   and creating the VM at Y:\trey-client-01. The final two digits of the MAC address will 
   be 65. 
.Parameter VmName
   The name of the new VM
.Parameter MacFinal
   The last two digits in the MAC address of the VM
.Parameter MacBase
   The base MAC address for this VM. The default base is  "00-15-5D-32-10-"  
.Parameter DVD
   A switch that controls whether a DVD is added to the VM and used to mount an ISO for the 
   install. The default is to build the VM with no DVD drive. 
.Parameter Client
  A Boolean. When run as New-myVM, $Client defaults to False. If run as New-myClientVM, 
  the default is true. In either case, the command line parameter overrides the default. 
.Parameter Path
   The target path for the virtual machine. Default is to V:\. This is the base path, to 
   which the VMName is added to build the final path.
.Parameter Source
   The source path of the DVD or VHD used to build the virtual machine. Default is V:\Source. 
.Parameter vmSwitch
   The Hyper-V network switch to connect the VM to. New-myVM creates two network adapters. 
   One is connected to the 199 Network, and the second is controlled by the vmSwitch parameter. 
   The default is "Local-10", the internal lab switch. 
.Parameter 2012R2
   The 2012R2 switch specifies the use of the Server 2012 R2 image. 
.Inputs 
    [string]
    [string]
    [string]
    [switch]
    [Boolean]
    [string]
    [string]
    [string]
.Notes
    Author: Charlie Russel
 Copyright: 2017 by Charlie Russel
          : Permission to use is granted but attribution is appreciated
   ModHist: 1/1/2014 Initial
          : 1/31/2015 Mod for new parameter handling and comment header
          : 3/20/2015 Mod to use Sysprepped VHD and -10 MAC
          : 4/19/2015 Mod for verbose and running in a wrapper
          : 5/16/2016 Mod for new labhost 
          : 9/24/2016 Mod for New-myClientVM
          : 12/21/2016 Added additional parameters, updated help. (cpr)
          : 02/17/2017 Fixed problem with DVD and Gen2, updated help. (cpr)
#>

[CmdletBinding()]
Param ([Parameter(Mandatory = $True,Position = 0)][alias("Name")][string]$VmName,
       [Parameter(Mandatory = $True,Position = 1)][alias("Final")][string]$MacFinal,
       [Parameter(Mandatory = $False)][alias("Base")][string]$MacBase = "00-15-5D-32-0A-",
       [Parameter(Mandatory = $False)][string]$199MacBase = "00-15-5D-32-CE-",
       [Parameter(Mandatory=$False)][Switch]$DVD,
       [Parameter(Mandatory=$False)][Boolean]$Client=($myInvocation.myCommand.Name -match "Client"),
       [Parameter(Mandatory=$False)][alias("Target")][string]$Path = "V:",
       [Parameter(Mandatory=$False)][alias("VHDSource","DVDBase")][string]$Source = "V:\Source",
       [Parameter(Mandatory=$False)][alias("LocalSwitch","Network")][string]$vmSwitch = "Local-10",
       [Parameter(Mandatory=$False)][switch]$2012R2
       )

$MacAdd = $MacBase + $MacFinal
$199MacAdd = $199MacBase + $MacFinal
Write-Verbose "MacFinal is $MacFinal" 
Write-Verbose "MacAdd is $MacAdd on switch $vmSwitch" 
Write-Verbose "VMName is $VMName"
Write-Verbose "Client is $Client"
Write-Verbose "Path is $Path, Source is $Source, and 199 MAC address is $199MacBase + $MacFinal"
Write-Verbose "Sleeping for 5 seconds to give you a chance to exit..."
sleep 5

$VMBase     = "$Path\$VMName"
$VHDSource  = $Source
$DVDBase    = $Source
$VHDBase    = "$VMBase\Virtual Hard Disks"
$SysVHD     = "$VMBase\Virtual Hard Disks\$VmName-System.vhdx"
$MachineBase= "$VMBase\Virtual Machines"
$ServerISO  = "$DVDBase\en_windows_server_2016_x64_dvd_9718492.iso"
$ClientISO  = "$DVDBase\en_windows_10_enterprise_version_1607_updated_jan_2017_x64_dvd_9714415.iso"
$ClientVHD  = "$Source\Generalized-client.vhdx"
if ($2012R2) { 
   $ServerVHD = "$Source\Generalized-2012R2.vhdx"
} else {
   $ServerVHD  = "$Source\Generalized-System.vhdx"
}

Function Test-SourcePath () {
   if ($Client) {
      if ($dvd) {
         if (Test-Path $ClientISO) {
            Write-Verbose "Install DVD found at $ClientISO"
         } else {
            Throw "Client ISO not found at $ClientISO" 
         }
      } elseif (Test-Path $ClientVHD) { 
         Write-Verbose "Source VHD found at $ClientVHD"
      }
   } else {
      if ($dvd) {
         if (Test-Path $ServerISO) {
            Write-Verbose "Install DVD found at $ServerISO"
         } else {
            Throw "Server ISO not found at $ServerISO" 
         }
      } elseif (Test-Path $ServerVHD) { 
         Write-Verbose "Source VHD found at $ServerVHD"
      }
   }
}

if (! (Test-Path $VHDBase ) ) { 
   mkdir $VHDBase
}
if (! (Test-Path $MachineBase ) ) { 
   mkdir $MachineBase
}

Function Test-Clean () {
   If (Test-Path $VHDBase\*.vhdx ) {
      Throw "Found an existing VHD. Please clean up the target path and try again."
   }
}

function Copy-myVhd () {
      if ( $DVD ) {
         Write-Verbose "DVD specified. Not copying source VHD to $SysVHD"
      } else { 
         if ( $Client ) { 
            Write-Verbose "Creating VM from Sysprep'd VHD base $ClientVHD"
            cp $ClientVHD $SysVHD 
         } else { 
         Write-Verbose "Creating VM from Sysprep'd VHD base $ServerVHD"
            cp $ServerVHD $SysVHD
         } 
      }
}

function Create-myVM () { 
if ($DVD ) { 
  Write-Verbose "Creating $vmname from DVD with the following command:"
  Write-Verbose "New-VM -Name $VmName -MemoryStartupBytes 1024MB -BootDevice VHD -Generation 2 -SwitchName $vmSwitch -NewVHDPath $SysVHD -NewVHDSize 200GB -Path $MachineBase "
  Sleep 3
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -NewVHDPath $SysVHD `
       -NewVHDSize 200GB `
       -Path $MachineBase
} else { 
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -VHDPath $SysVHD `
       -Path $MachineBase
  }
}

Function Set-myVMConfig {
   Write-Verbose "Setting Processor Count to 4 for $VMName"
   Set-VMProcessor      -VMName $VMName -Count 4
   Write-Verbose "Enabling Dynamic Memory"
   Set-VMMemory         -VMName $VMName -DynamicMemoryEnabled $True
   Write-Verbose "Assigning static MAC address of $MacAdd"
   Get-VMNetworkAdapter -VMName $VmName `
      | Set-VMNetworkAdapter -StaticMacAddress "$MacAdd"
   if ($DVD) {
      Write-Verbose "Building from DVD, so adding DVD drive, and configuring boot order"
      if (! $client) { 
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName  -Path $ServerISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName  -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName -BootOrder $vmDVD,$vmDrive
      } else {
         Add-VMDvdDrive -VMName $VmName
         Set-VMDvdDrive -VMName $VmName -Path $ClientISO 
         $vmDVD     = Get-VMDvdDrive -VMName $VmName
         $vmDrive   = Get-VMHardDiskDrive -VMName $VmName 
         Set-VMFirmware -VMName $VmName   -FirstBootDevice $vmDVD 
         Set-VMFirmware -VMName $VmName   -BootOrder $vmDVD,$vmDrive
      }
   }
}

Function Add-myNetAdapter {
   Write-Verbose "Adding second network adapter"
   Add-VmNetworkAdapter -VMName $VmName `
                        -SwitchName "199 Network" `
                        -StaticMacAddress "$199MacAdd" `
                        -Name "199 Ethernet"
}

If (! ( Get-VM -Name $VmName -ErrorAction Continue 2>$NULL) ) {
   Test-SourcePath
   Test-Clean
   Copy-myVHD -wait
   Write-Verbose "VHD's copied if we were doing that, now creating the VM..."
   Create-myVM
   Write-Verbose "VM Created"
   $myVM = Get-VM -VMName $VMName
}
Set-myVMConfig $myVM
Add-myNetAdapter $myVM
$myVM | Format-List

I hope you find this script useful, and I’d love to hear comments, suggestions for improvements, or bug reports as appropriate. As always, if you use this script as the basis for your own work, please respect my copyright and provide appropriate attribution.

Next up in the Building a Lab with PowerShell series will how to configure your DHCP server with PowerShell. This will take advantage of the fixed MAC addresses I create for all my lab machines and use these to populate DHCP Reservations.

Creating VMs with New-myVM.ps1 – Part 1

As we saw in Part 1 of this series, I build my labs almost entirely with Windows PowerShell scripts. In that first post, I showed how to set the MAC address range on a Hyper-V host. I use this MAC address range to explicitly set my lab VMs to a specific MAC address for their NICs. This allows me to pre-configure all the IP addresses in DHCP by using reservations. (I showed you how to install and preconfigure the DHCP Server role in my post on Configuring Windows Server 2016 core as a DHCP Server with PowerShell. And I’ll show you how to create all those reservations automatically in a later post in this series.)

For this post, and the couple, I want to share my “New-myVM.ps1” script. I use this script to create client and server VMs, from either DVD or sysprep’d VHDX files.

First, the parameters that New-myVM accepts:

[CmdletBinding()]
Param ([Parameter(Mandatory = $True,Position = 0)][alias("Name")][string]$VmName,
       [Parameter(Mandatory = $True,Position = 1)][alias("Final")][string]$MacFinal,
       [Parameter(Mandatory = $False)][alias("Base")][string]$MacBase = "00-15-5D-C8-0A-",
       [Parameter(Mandatory = $False)][string]$199MacBase = "00-15-5D-C8-CE-",
       [Parameter(Mandatory=$False)][alias("ISO")][Switch]$DVD,
       [Parameter(Mandatory=$False)][Boolean]$Client=($myInvocation.myCommand.Name -match "Client"),
       [Parameter(Mandatory=$False)][alias("Target")][string]$Path = "V:\",
       [Parameter(Mandatory=$False)][alias("VHDSource","DVDBase")][string]$Source = "V:\Source",
       [Parameter(Mandatory=$False)][alias("LocalSwitch","Network")][string]$vmSwitch = "10 Network",
       [Parameter(Mandatory=$False)][switch]$2012R2
       )

I have only two required parameters, the VMName and final two digits of the MAC addresses that the VM will use. Everything else defaults to some reasonable value for my labs. You’ll notice that by default, I don’t install from DVD, and I’m not installing Server 2012R2, but Server 2016. And, finally, a bit you might not have seen before, my default to determine if this is a client build or a server build.

[Parameter(Mandatory=$False)][Boolean]$Client=($myInvocation.myCommand.Name -match "Client")

The $Client parameter is a Boolean. I can specify it on the command line with -Client $True/$False, or I can allow it to accept the default value. The interesting thing is that the default value is dynamic. I use an NTFS hard link for New-myVM.ps1 to give it a second name, New-myClientVM.ps1.

Sidebar: NTFS Hard Links 

NTFS filesystem hard links take a single file and give it multiple names. The file is stored only once on the filesystem, but it has multiple names that can access the file. Each name for the file is completely equal. Even if you delete the original filename, all the linked versions are still present and completely unaffected by the deletion. You create a hard link in Server 2016 or Windows 10 with New-Item or in earlier versions of Windows with the built-in CMD command mklink. So, for example:

New-Item -Type HardLink `
         -Path 'C:\Build\New-myClientVM.ps1','C:\Build\New-myServerVM.ps1' `
         -Value 'C:\Build\New-myVM.ps1'

#Older OS Version:
cmd /c mklink /h C:\Build\New-myClientVM.ps1 C:\Build\New-myVM.ps1
cmd /c mklink /h C:\Build\New-myServerVM.ps1 C:\Build\New-myVM.ps1

I then use ($myInvocation.myCommand.Name -match “Client”) to see if the filename I started the script with was New-myClientVM.ps1 , or one of the other names I have for this script.  ($myInvocation.myCommand.Name -match “Client”) returns $True for New-myClientVM.ps1, but $False for filenames that don’t include ‘Client’ in the filename.

Next, I set some basic variables used throughout the script. These are periodically tweaked as new builds become my default. Currently, they’re set at:

$VMBase     = "$Path\$VMName"
$VHDSource  = $Source
$DVDBase    = $Source
$VHDBase    = "$VMBase\Virtual Hard Disks"
$SysVHD     = "$VMBase\Virtual Hard Disks\$VmName-System.vhdx"
$MachineBase= "$VMBase\Virtual Machines"
$ServerISO  = "$DVDBase\en_windows_server_2016_x64_dvd_9718492.iso"
$ClientISO  = "$DVDBase\en_windows_10_enterprise_version_1607_updated_jan_2017_x64_dvd_9714415.iso"
$ClientVHD  = "$Source\Generalized-client.vhdx"
if ($2012R2) { 
   $ServerVHD = "$Source\Generalized-2012R2.vhdx"
} else {
   $ServerVHD  = "$Source\Generalized-System.vhdx"
}

Nothing special there. Next, three functions to verify paths, etc. These are pretty basic Test-Path statements. If I need to create directories, I do. But if I don’t find my source files where I expect them, or I find an already existing .vhdx where I’m not expecting one, then I use simple Throw statements to get me out and report the problem, since either of these failures will cause the script to fail, usually in an ugly way. ;)

Function Test-SourcePath () {
   if ($Client) {
      if ($dvd) {
         if (Test-Path $ClientISO) {
            Write-Verbose "Install ISO found at $ClientISO"
         } else {
            Throw "Client ISO not found at $ClientISO" 
         }
      } elseif (Test-Path $ClientVHD) { 
         Write-Verbose "Source VHD found at $ClientVHD"
      }
   } else {
      if ($dvd) {
         if (Test-Path $ServerISO) {
            Write-Verbose "Install ISO found at $ServerISO"
         } else {
            Throw "Server ISO not found at $ServerISO" 
         }
      } elseif (Test-Path $ServerVHD) { 
         Write-Verbose "Source VHD found at $ServerVHD"
      }
   }
}

if (! (Test-Path $VHDBase ) ) { 
   mkdir $VHDBase
}
if (! (Test-Path $MachineBase ) ) { 
   mkdir $MachineBase
}

Function Test-Clean () {
   If (Test-Path $VHDBase\*.vhdx ) {
      Throw "Found an existing VHD. Please clean up the target path and try again."
   }
}

You’ll notice with these functions, and the ones that follow, everything builds on those original variables created at the top of the script, or as part of the script parameters. Yes, I need to keep those up to date. But there’s only one place to make the changes.

Now, assuming I’m most likely going to be building from a sysprep’d VHD, I  copy that .vhdx file into my “Virtual Hard Disks” folder for this VM, changing the name as I do to reflect the new VM’s name.

function Copy-myVhd () {
      if ( $DVD ) {
         Write-Verbose "DVD specified. Not copying source VHD to $SysVHD"
      } else { 
         if ( $Client ) { 
            Write-Verbose "Creating VM from Sysprep'd VHD base $ClientVHD"
            cp $ClientVHD $SysVHD 
         } else { 
         Write-Verbose "Creating VM from Sysprep'd VHD base $ServerVHD"
            cp $ServerVHD $SysVHD
         } 
      }
}

Now that we have all that setup work done, let’s actually create the VM. We have to do this in two separate steps because Hyper-V doesn’t give us a way to set the number of CPUs or configure some other stuff as part of the initial creation of the VM. We have to modify the VM after we first create it. Silly, but not all that hard to deal with in a script, though a real nuisance at the interactive command line.

Create-myVM {
if ($DVD ) { 
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -NewVHDPath $SysVHD `
       -NewVHDSize 200GB `
       -Path $MachineBase
} else { 
  New-VM -Name $VmName `
       -MemoryStartupBytes 1024MB `
       -BootDevice VHD `
       -Generation 2 `
       -SwitchName $vmSwitch `
       -VHDPath $SysVHD `
       -Path $MachineBase
  }
}

And, we now have a VM. It’s not quite what we want and need, yet, but we have a VM. One problem, I can’t set the boot device to DVD, regardless of what the PowerShell help pages say, because I’m building Generation 2 virtual machines, and they don’t allow you to specify ‘CD’ as the boot device during initial setup. So, we’ll have to configure that, along with the other tweaks we need, as part of the next stage of the whole process. And for that, you’ll have to wait until tomorrow, when I do Part 2 of New-myVM. :)

As I mentioned last time, I’m setting up a new domain controller and DHCP server for my internal domain on Windows Server 2016 Core, and I’m exclusively using PowerShell to do it. For both the DHCP Server and AD DS roles, we need to configure a fixed IP address on the server, so let’s do that first. From my Deploying and Managing Active Directory with Windows PowerShell book from Microsoft Press, here’s my little very quick and dirty script to set a fixed IP address:

# Quick and dirty IP address setter

[CmdletBinding()]
Param ([Parameter(Mandatory=$True)][string]$IP4,
       [Parameter(Mandatory=$True)][string]$IP6 
      )
$Network = "192.168.10."
$Network6 = "2001:db8:0:10::"
$IPv4 = $Network + "$IP4"
$IPv6 = $Network6 + "$IP6"
$Gateway4 = $Network + "1"
$Gateway6 = $Network6 + "1"

Write-Verbose "$network,$network6,$IP4,$IP6,$IPv4,$IPv6,$gateway4, $gateway6"

$Nic = Get-NetAdapter -name Ethernet
$Nic | Set-NetIPInterface -DHCP Disabled
$Nic | New-NetIPAddress -AddressFamily IPv4 `
                        -IPAddress $IPv4 `
                        -PrefixLength 24 `
                        -type Unicast `
                        -DefaultGateway $Gateway4
Set-DnsClientServerAddress -InterfaceAlias $Nic.Name `
                           -ServerAddresses 192.168.10.2,2001:db8:0:10::2
$Nic |  New-NetIPAddress -AddressFamily IPv6 `
                         -IPAddress $IPv6 `
                         -PrefixLength 64 `
                         -type Unicast `
                          -DefaultGateway $Gateway6

ipconfig /all

I warned you it was a quick and dirty script. But let’s quickly look at what it does. First, we get the network adapter into a variable, $Nic. Then we turn off DHCP with Set-NetIPInterface, and configure the IPv4 and IPv6 addresses with New-NetIPAddress. Finally, we use Set-DnsClientServerAddress to configure the DNS Servers for this server.

Next, let’s join the server to the TreyResearch.net domain with another little script. OK, I admit, you could do this all as a simple one-liner, but I do it so often that I scripted it.

<#
.Synopsis
Joins a computer to the domain
.Description
Joins a new computer to the domain. If the computer hasn't been renamed yet, 
it renames it as well.
.Parameter NewName
The new name of the computer
.Parameter Domain
The domain to join the computer to. Default value is TreyResearch.net
.Example
Join-myDomain -NewName trey-wds-11
.Example
Join-myDomain dc-contoso-04 -Domain Contoso.com
.Notes
     Name: Join-myDomain
   Author: Charlie Russel
Copyright: 2017 by Charlie Russel
         : Permission to use is granted but attribution is appreciated
  ModHist:  9 Apr, 2014 -- Initial
         : 25 Feb, 2015 -- Updated to allow name already matches
         :
#>
[CmdletBinding()]
Param ( [Parameter(Mandatory=$true,Position=0)]
        [String]$NewName,
        [Parameter(Mandatory=$false,Position=1)]
        [String]$Domain = "TreyResearch.net"
       )

$myCred = Get-Credential -UserName "$Domain\Charlie" `
                         -Message "Enter the Domain password for Charlie."

if ($ENV:COMPUTERNAME -ne $NewName ) {
   Add-Computer -DomainName $Domain -Credential $myCred -NewName $NewName -restart
} else {
   Add-Computer -DomainName $Domain -Credential $myCred -Restart
}

After the server restarts, log in with your domain credentials, not as “Administrator”.  The account you logon with should be at least Domain Admin or equivalent, since you’re going to be adding DHCP to the server and promoting it to be a domain controller.

To add the necessary roles to the server, use:

Install-WindowsFeature -Name DHCP,AD-Domain-Services `
                       -IncludeAllSubFeature `
                       -IncludeManagementTools

Next, download updated Get-Help files with Update-Help. Once you’ve got those, go ahead and restart the server, and when it comes back up, we’ll do the base configuration for DHCP to enable it in the domain, and create the necessary accounts. Creating scopes, etc., is the topic of another day. Probably as part of my Lab series.

First, enable the DHCP server in AD (this assumes the $NewName from earlier was ‘trey-core-03’. )

Add-DhcpServerInDC -DnsName 'trey-core-03' -PassThru

And, finally, create the necessary local groups:

# Create local groups for DHCP
# The WinNT in the following IS CASE SENSITIVE
$connection = [ADSI]"WinNT://trey-core-03"
$lGroup = $connection.Create("Group","DHCP Administrators")
$lGroup.SetInfo()
$lGroup = $connection.Create("Group","DHCP Users")
$lGroup.SetInfo()

This uses ADSI to create a local group, since there’s no good way built into base PowerShell to do it except through ADSI.

Finally, we’ll use my Promote-myDC.ps1 script to promote the server to domain controller. Again, I could easily do this by hand, but I’m building and rebuilding labs often enough that I scripted it. I’m lazy! Do it once, use the PowerShell interactive command line. Do it twice? Write a script!

<#
.Synopsis
Tests a candidate domain controller, and then promotes it to DC.
.Description
Promote-myDC first tests if a domain controller can be successfully promoted,
and, if the user confirms that the test was successful, completes the
promotion and restarts the new domain controller.
.Example
Promote-myDC -Domain TreyResearch.net

Tests if the local server can be promoted to domain controller for the
domain TreyResearch.net. The user is prompted after the test completes
and must press the Y key to continue the promotion.
.Parameter Domain
The domain to which the server will be promoted to domain controller.
.Inputs
[string]
.Notes
    Author: Charlie Russel
 Copyright: 2017 by Charlie Russel
          : Permission to use is granted but attribution is appreciated
   Initial: 05/14/2016 (cpr)
   ModHist: 02/14/2017 (cpr) Default the domain name for standard lab builds
          :
#>
[CmdletBinding()]
Param(
     [Parameter(Mandatory=$False,Position=0)]
     [string]$Domain = 'TreyResearch.net'
     )

Write-Verbose "Testing if ADDSDeployment module is available"
If ( (Get-WindowsFeature -Name AD-Domain-Services).InstallState -ne "Installed" ) {
   Write-Verbose "Installing the ActiveDirectory Windows Feature, since you seem to have forgotten that."
   Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
   Write-Host ""
}

If ( (Get-WindowsFeature -Name AD-Domain-Services).InstallState -ne "Installed" ) {
   throw "Failed to install the ActiveDirectory Windows Feature."
}

Write-Verbose "Testing if server $env:computername can be promoted to DC in the $Domain domain"
Write-Host ""
Test-ADDSDomainControllerInstallation `
         -NoGlobalCatalog:$false `
         -CreateDnsDelegation:$false `
         -CriticalReplicationOnly:$false `
         -DatabasePath "C:\Windows\NTDS" `
         -DomainName $Domain `
         -LogPath "C:\Windows\NTDS" `
         -NoRebootOnCompletion:$false `
         -SiteName "Default-First-Site-Name" `
         -SysvolPath "C:\Windows\SYSVOL" `
         -InstallDns:$true `
         -Force
Write-Host ""
Write-Host ""
Write-Host ""

Write-Host -NoNewLine "If the above looks correct, press Y to continue...  "
$Key = [console]::ReadKey($true)
$sKey = $key.key

Write-Verbose "The $sKey key was pressed."
Write-Host ""
Write-Host ""
If ( $sKey -eq "Y" ) {
   Write-Host "The $sKey key was pressed, so proceeding with promotion of $env:computername to domain controller."
   Write-Host ""
   sleep 5
   Install-ADDSDomainController `
              -SkipPreChecks `
              -NoGlobalCatalog:$false `
              -CreateDnsDelegation:$false `
              -CriticalReplicationOnly:$false `
              -DatabasePath "C:\Windows\NTDS" `
              -DomainName $Domain `
              -InstallDns:$true `
              -LogPath "C:\Windows\NTDS" `
              -NoRebootOnCompletion:$false `
              -SiteName "Default-First-Site-Name" `
              -SysvolPath "C:\Windows\SYSVOL" `
              -Force:$true
} else {
   Write-Host "The $sKey key was pressed, exiting to allow you to fix the problem."
   Write-Host ""
   Write-Host ""
}

This uses a little trick I haven’t talked about before –

$Key = [console]::ReadKey($true)
$sKey = $key.key

This reads in a single keystroke and gets the value of the key. Because of the way this works, “Y” and “y” are equivalent. Useful to give yourself a last chance out if something doesn’t look right, though obviously you’ll want to remove those bits if you’re creating a script that needs to run without interactive input.

Beginning in Windows 8.1, you could set the Windows PowerUser menu (right-click on the Start button, or Win-X key) to show Windows PowerShell and Windows PowerShell (Admin) on the menu instead of Command Prompt and Command Prompt (Admin). But every single new machine you log on to, you had to change that. A nuisance, at least. So, I created a Group Policy Preference to set the registry key for this, and linked this to the Default Domain Policy.

Apparently, Microsoft is finally catching up, and this is going to be the default on Windows 10 beginning with the build that’s coming down today. About time!

For those of you who are not on the Fast Ring of Windows Insider builds, the registry key you need to set is:

HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontUsePowerShellOnWinX=0

To set that with Windows PowerShell, use:

Set-ItemProperty HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced `
                -Name DontUsePowerShellOnWinX `
                -Value 0 `
                -Type DWord

You can also use Group Policy Preferences to set that as part of a Group Policy Object (GPO).

1. Open the Group Policy Management Console (gpmc.msc)
2. Right-click the GPO you want to modify (I chose the Default Domain Policy for my domain)
3. Select Edit from the right-click menu to open the Group Policy Editor
4. Expand the User Configuration container, then Preferences and select Registry in the left pane.
5. Right-click in the Registry details pane and select Registry Item from the New menu:

Add a new registry item to Group Policy Preferences

6. In the New Registry Properties dialog, select Update for the Action, HKEY_CURRENT_USER for the Hive, and a Key Path of  \Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.

Set PowerShell as the WinX default

7. The Value Name is DontUsePowerShellOnWinX, with a Value Type of REG_DWORD and a Value Data of 0, as shown below.

8. Click OK, and then close GPEdit. The Group Policy will be applied to following the next reboot and logon of each user to whom the GPO applies.

For those of you who insist that they really want CMD instead of PowerShell, you can simply set the value of that registry item to one (1) instead of zero (0). Or let users manually control it. But as I’ve been saying for years: “Death to CMD“. :)

As I described in my previous post, I always open both an admin and non-admin PowerShell window when I log on to a computer. To tell the two apart, I set the background colour of the Admin window to dark red, with white text, and the non-admin window to a white background with dark blue text. The result is clearly and immediately different, warning me when I’m running as an administrator. To do that, I use the following:

$id = [System.Security.Principal.WindowsIdentity]::GetCurrent() 
$p = New-Object system.security.principal.windowsprincipal($id)

# Find out if we're running as admin (IsInRole). 
# If we are, set $Admin = $True. 
if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)){ 
   $Admin = $True 
} else { 
   $Admin = $False 
}

if ($Admin) { 
      $effectivename = "Administrator" 
      $host.UI.RawUI.Backgroundcolor="DarkRed" 
      $host.UI.RawUI.Foregroundcolor="White" 
      clear-host 
   } else { 
      $effectivename = $id.name 
      $host.UI.RawUI.Backgroundcolor="White" 
      $host.UI.RawUI.Foregroundcolor="DarkBlue" 
      clear-host 
}

 

That works great for older versions of the Windows PowerShell console, but starting with PowerShell v5, that can have an unintended side effect. In PowerShell v5, we now have PSReadLine that does context sensitive colouration of the command line. But the default PowerShell console has a dark blue background, with white text. And when I changed the background colour of my non-admin PowerShell window to white, it gets a little hard to read!! So, to fix that, I use Set-PSReadLineOption to change the various kinds of context sensitive colour changes to something that works with a light background. We don’t want to do that for the dark red background of the Admin window, so we’ll need to check which colour we are and adjust accordingly.

First, get the current colour:

$pData = (Get-Host).PrivateData 
$curForeground = [console]::ForegroundColor 
$curBackground = [console]::BackgroundColor

You’ll only want to configure the context sensitive colouring options if you’re running on Windows 10 or Server 2016. Prior versions of Windows didn’t have the new system console that comes with Windows 10. So you’ll want to check that the build number is > 10240

$Build = (Get-WmiObject Win32_OperatingSystem).BuildNumber

If $Build -ge 10240, then set the various context sensitive tokens to work with the colour we have.

# PowerShell v5 uses PSReadLineOptions to do syntax highlighting. 
# Base the color scheme on the background color 
If ( $curBackground -eq "White" ) { 
      Set-PSReadLineOption -TokenKind None      -ForegroundColor DarkBlue  -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Comment   -ForegroundColor DarkGray  -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Keyword   -ForegroundColor DarkGreen -BackgroundColor White 
      Set-PSReadLineOption -TokenKind String    -ForegroundColor Blue      -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Operator  -ForegroundColor Black     -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Variable  -ForegroundColor DarkCyan  -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Command   -ForegroundColor DarkRed   -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Parameter -ForegroundColor DarkGray  -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Type      -ForegroundColor DarkGray  -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Number    -ForegroundColor Red       -BackgroundColor White 
      Set-PSReadLineOption -TokenKind Member    -ForegroundColor DarkBlue  -BackgroundColor White 
      $pData.ErrorForegroundColor   = "Red" 
      $pData.ErrorBackgroundColor   = "Gray" 
      $pData.WarningForegroundColor = "DarkMagenta" 
      $pData.WarningBackgroundColor = "White" 
      $pData.VerboseForegroundColor = "DarkYellow" 
      $pData.VerboseBackgroundColor = "DarkCyan" 
   } elseif ($curBackground -eq "DarkRed") { 
      Set-PSReadLineOption -TokenKind None      -ForegroundColor White    -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Comment   -ForegroundColor Gray     -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Keyword   -ForegroundColor Yellow   -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind String    -ForegroundColor Cyan     -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Operator  -ForegroundColor White    -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Variable  -ForegroundColor Green    -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Command   -ForegroundColor White    -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Parameter -ForegroundColor Gray     -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Type      -ForegroundColor Magenta  -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Number    -ForegroundColor Yellow   -BackgroundColor DarkRed 
      Set-PSReadLineOption -TokenKind Member    -ForegroundColor White    -BackgroundColor DarkRed 
      $pData.ErrorForegroundColor   = "Yellow" 
      $pData.ErrorBackgroundColor   = "DarkRed" 
      $pData.WarningForegroundColor = "Magenta" 
      $pData.WarningBackgroundColor = "DarkRed" 
      $pData.VerboseForegroundColor = "Cyan" 
      $pData.VerboseBackgroundColor = "DarkRed" 
   } 
}

Finally, let’s make sure that console window is the right size, and while we’re at it, set the window title. (This is a workaround for a PITA bug in recent builds of Windows 10/Server 2016 that seems to have problems setting the console window size and keeping it!)

$host.ui.rawui.WindowTitle = $effectivename + "@" + $HostName +" >" 
$Host.UI.RawUI.WindowSize = New-Object System.Management.Automation.Host.Size(120,40)

Now, with all of this, you have effective, context-sensitive, command-line colouring of your PowerShell windows.

ETA: The Console as we know it is completely broken in recent builds of Windows 10. As of August, 2018, you can’t effectively set the background color of the console and have it stick, plus they completely changed the behaviour of Set-PSReadlineOption by changing the parameters, and removing support for -TokenKind with FG/BG colors to totally break this script. Sigh.

One of those annoyances that sometimes happen with the new Network Location in Windows 8.x and Windows 10 is that the network gets mis-identified as Public when it should be Private, or the other way around. Changing this in the GUI is certainly possible, but annoying, so let’s take advantage of the improved Windows PowerShell support in Windows 8.1 (and later) and do it quickly and easily. First, let’s open up an elevated PowerShell window from our limited user session:

PSH> Start-Process WindowsPowerShell.exe -verb RunAs

Now, in that window, let’s find out what our current network location is set to:

PSH> Get-NetConnectionProfile

...<snip>...

Name : Unidentified network
InterfaceAlias : vEthernet (Local-10)
InterfaceIndex : 18
NetworkCategory : Public
IPv4Connectivity : LocalNetwork
IPv6Connectivity : LocalNetwork

From this, we see that the problem interface has an Interface Index of 18, so:

PSH> Set-NetConnectionProfile  -InterfaceIndex 18 -NetworkCategory Private

And we’re done.

ETA, 3 August, 2016 — this same problem exists in Windows 10/Server 2016. And the solution is the same. Set-NetConnectionProfile is your friend!