Archive | Deployment

Windows Server 2012 & Features on Demand

If you’re anything like me, typing at a keyboard all day is about all the exercise you get.  I’ll admit it, over the last couple months I’ve packed on a couple pounds.  I just told myself, woman love the stellar I.T. body look.  A gut almost touching the edge of the desk, the hump in the back from bending over the keyboard all day.  The none stop drinking of caffeinated soda.  So how’s a guy like me suppose to drop some weight?  Exercise!  Ha, yeah that’s not going to happen, but I wonder how much liposuction costs?

It’s easy for humans, hook up a hose, and suck out all the fat.  But what about your servers?  Gigs, and gigs of data are taking up hard drive space, and as time goes by, the plumper your server will become.  Soon you’ll be left with barely any free space.  Now what if I told you there is something you can do?  A sort of liposuction for your server.  Thanks to Windows Server 2012 Features on Demand , it’s now possible.

With Windows Server, we have what’s called the WinSxS (Windows Side By Side) folder.   This folder is located in the Windows directory.  (C:\Windows\WinSxS)  The folder contains all the files that are required for a Windows installation of a feature or role.  The advantage of this folder is you can install a role, or enable a feature without the source media.  The disadvantage of this folder is, it makes your server fat!  I’m talking Gigabytes of data just sitting there waiting for the day you install a new role.  But what if that day never comes?  All that good hard drive space going to waste.  Luckily with Windows Server 2012 you can now reclaim that space with PowerShell.

Features on Demand

In Windows Server 2012, you can minimize the footprint of your installation by uninstalling the files from your WinSxS folder.  This ability is called Features on Demand.  The only catch is, if you ever would want to install a feature you removed, then you would need to access the Windows Server 2012 source files.  Okay, lets put our server on a diet.

It’s a fairly simple process to uninstall these roles or features files from disk.

1. Open Windows PowerShell as Administrator.

2. Type the following: Uninstall-WindowsFeature –Name <feature_name> –Remove

3. That’s it!

Okay so for example I would run the following command to remove DHCP WinSxS files.

 Uninstall-WindowsFeature –Name DHCP –Remove 

image

Run the following, if you would like to remove all the role and feature files that currently are not installed on the local server.

 Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $FALSE } | Uninstall-WindowsFeature –Remove 

image

Don’t worry, you can reinstall these feature files at any point.  To do so, run the following PowerShell command.

 Install-WindowsFeature <featurename> -Source wim:<path>:<index> 

How do you know what index number to use?  Simple.

 Get-windowsimage –imagepath <path to wim>\sources\install.wim 

image

I’m running Windows Server 2012 Datacenter, so I selected “index 4”.  Now if I wanted to reinstall DHCP onto this server I would type the following command:

 Install-WindowsFeature DHCP -Source wim:d:\sources\install.wim:4 

image

You can alternatively reinstall a feature by using Server Manager. Run the Add Roles and Features Wizard, select what you want to install, and then at the Confirmation screen “specify an alternate source path”.

image

The –Source option can access the files in there different ways.

  1. Searching the location you specified during either your PowerShell command or during the Wizard.
  2. Group Policy Settings: Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair.
  3. Searching Windows Update

Create a Feature File Store

Before we end, I would also recommend setting up a feature file store.  Instead of searching for the media disk, just copy the Sources\SxS folder from your Windows Server 2012 installation media to a network share.  For example, \\network\share\sxs.  Then when you want to reinstall a feature, just point the –Source to your new network share.

Hopefully you now have a leaner server.  Man, all this weight lost talk has gotten me hungry.  I think its time for a Baconator!

Deploying Domain Controllers with Install From Media (IFM)

What happens when you need to deploy a new Domain Controller in a different country, but your NTDS.DIT file is over 180 Gigabytes, and your WAN is as slow as your grandmother?  Well I don’t know what you call it, but I call it a perfect storm of failure.  This is the exact situation one of my customers was facing.  Waiting for 180 gigs of data to replicate around a SLOOOW WAN isn’t my idea of a fun time!  Instead we deployed the additional Domain Controller using the install from media (IFM) method.

Using the IFM method, you can dramatically reduce the amount of replication traffic that is introduced during the installation of an additional DC.  Only objects that were modified, added, or deleted since the installation media was created will be replicated.  This leads me to my next topic.

Deploy your additional Domain Controller ASAP from the date when you created your media.  The longer you wait, the more you will have to replicate.  You will also need to deploy your IFM media before the Tombstone Life Time (TSL) of your forest.  If you go pass the TSL, then the “DCPROMO” will fail.  Unless you changed it, your TSL is set by  the OS version you created your forest on.

Tombstone Life Time

  • Windows Server 2000 = 60 Days
  • Windows Server 2003 = 60 Days
  • Windows Server 2003 (SP1) = 180 Days
  • Windows Server 2003 R2 (SP1) = 60 Days
  • Windows Server 2003 R2 (SP2) = 180 Days
  • Windows Server 2008 / 2008 R2 = 180 Days

Personally, I would never deploy a Domain Controller from IFM older than 30 days.  I know in the retail space this happens all the time.  You ship out a  Domain Controller to a new store, and it sits in the backroom until the engineer arrives the night before the grand opening to install it.  The point is, try not to let this happen.  We want to save replication time, not add to it.

Okay enough talking, lets start IFM-ing!

Install From Media Creation

Starting in Windows Server 2008 R2 you can use “NTDSUTIL” to create your IFM media with SYSVOL.  There are four types of installation media.

  • Type 1: Full (writable) domain controller
    Creates installation media for a writable domain controller.
  • Type 2: RODC
    Creates installation media for an Read Only Domain Controller (RODC).
  • Type 3: Full (or writable) domain controller with SYSVOL
    Creates installation media for a writable domain controller with SYSVOL.
  • Type 4: RODC with SYSVOL
    Creates installation media for an Read Only Domain Controller (RODC) with SYSVOL.

For this tutorial, I’m going to use “Full (or writable) domain controller with SYSVOL”.  Doing so will copy my NTDS.DIT, and my SYSVOL for a writeable Domain Controller.

1. Open a command prompt (cmd.exe), and type “ntdsutil”.  Then hit ENTER.

image

2.  Type the following command “activate instance ntds”, and hit ENTER.  You will see the following response.

image

3. Type “IFM”, and hit ENTER.

image

4. Type “create sysvol full <Drive>: File Location“.

image

5.  Now copy the installation media you just created to the destination domain controller.

Promoting your new Domain Controller with IFM

I’ll be promoting a 2012 Domain Controller, but it’s the same idea in 2008.  In 2008, just make sure you select “Use advanced mode installation” after running DCPROMO.

1.  After you install the AD DS Role, select “Promote this server to a domain controller”.

101812_0209_Installingy9[1]

2.  Configure all the correct settings for all the screens until you get to the “Additional Options” screen.  Then select “Install from media”, and set your path.

image

3. Complete the remaining pages of the Active Directory Domain Services Installation Wizard.

4. After the promotion completes, reboot the server.  I also recommend removing the folder that contains the IFM media.

Things to remember

  • If you are deploying your first Domain Controller in the domain, you cannot use IFM.
  • If you are creating a DC that will be a Global Catalog Server, create your IFM on a Global Catalog Server.
  • If you are creating a DC that will be a DNS Server, create your IFM on a DNS Server.
  • If you want to copy the SYSVOL, the DC on which you generate the installation media and the new DC must be at least running Windows Server 2008 with Service Pack 2 or Windows Server 2008 R2.
  • Membership of the Domain Admins group, or the equivalent is the minimum required to install additional Domain Controllers using IFM.

I deliberately left out IFM for Windows Server 2003.  Hopefully you will be using this tutorial to promote new 2008 R2, or 2012 Domain Controllers in place of 2003 DC’s.  However, if you still have a need to deploy 2003 Domain Controllers, (God help your soul) follow this link.