Archive | Windows Server 2012

Windows Server 2012 & Features on Demand

If you’re anything like me, typing at a keyboard all day is about all the exercise you get.  I’ll admit it, over the last couple months I’ve packed on a couple pounds.  I just told myself, woman love the stellar I.T. body look.  A gut almost touching the edge of the desk, the hump in the back from bending over the keyboard all day.  The none stop drinking of caffeinated soda.  So how’s a guy like me suppose to drop some weight?  Exercise!  Ha, yeah that’s not going to happen, but I wonder how much liposuction costs?

It’s easy for humans, hook up a hose, and suck out all the fat.  But what about your servers?  Gigs, and gigs of data are taking up hard drive space, and as time goes by, the plumper your server will become.  Soon you’ll be left with barely any free space.  Now what if I told you there is something you can do?  A sort of liposuction for your server.  Thanks to Windows Server 2012 Features on Demand , it’s now possible.

With Windows Server, we have what’s called the WinSxS (Windows Side By Side) folder.   This folder is located in the Windows directory.  (C:\Windows\WinSxS)  The folder contains all the files that are required for a Windows installation of a feature or role.  The advantage of this folder is you can install a role, or enable a feature without the source media.  The disadvantage of this folder is, it makes your server fat!  I’m talking Gigabytes of data just sitting there waiting for the day you install a new role.  But what if that day never comes?  All that good hard drive space going to waste.  Luckily with Windows Server 2012 you can now reclaim that space with PowerShell.

Features on Demand

In Windows Server 2012, you can minimize the footprint of your installation by uninstalling the files from your WinSxS folder.  This ability is called Features on Demand.  The only catch is, if you ever would want to install a feature you removed, then you would need to access the Windows Server 2012 source files.  Okay, lets put our server on a diet.

It’s a fairly simple process to uninstall these roles or features files from disk.

1. Open Windows PowerShell as Administrator.

2. Type the following: Uninstall-WindowsFeature –Name <feature_name> –Remove

3. That’s it!

Okay so for example I would run the following command to remove DHCP WinSxS files.

 Uninstall-WindowsFeature –Name DHCP –Remove 

image

Run the following, if you would like to remove all the role and feature files that currently are not installed on the local server.

 Get-WindowsFeature | Where-Object -FilterScript { $_.Installed -Eq $FALSE } | Uninstall-WindowsFeature –Remove 

image

Don’t worry, you can reinstall these feature files at any point.  To do so, run the following PowerShell command.

 Install-WindowsFeature <featurename> -Source wim:<path>:<index> 

How do you know what index number to use?  Simple.

 Get-windowsimage –imagepath <path to wim>\sources\install.wim 

image

I’m running Windows Server 2012 Datacenter, so I selected “index 4”.  Now if I wanted to reinstall DHCP onto this server I would type the following command:

 Install-WindowsFeature DHCP -Source wim:d:\sources\install.wim:4 

image

You can alternatively reinstall a feature by using Server Manager. Run the Add Roles and Features Wizard, select what you want to install, and then at the Confirmation screen “specify an alternate source path”.

image

The –Source option can access the files in there different ways.

  1. Searching the location you specified during either your PowerShell command or during the Wizard.
  2. Group Policy Settings: Computer Configuration\Administrative Templates\System\Specify settings for optional component installation and component repair.
  3. Searching Windows Update

Create a Feature File Store

Before we end, I would also recommend setting up a feature file store.  Instead of searching for the media disk, just copy the Sources\SxS folder from your Windows Server 2012 installation media to a network share.  For example, \\network\share\sxs.  Then when you want to reinstall a feature, just point the –Source to your new network share.

Hopefully you now have a leaner server.  Man, all this weight lost talk has gotten me hungry.  I think its time for a Baconator!

Installing a 2012 Domain Controller with PowerShell

If you didn’t know, the default installation for Server 2012 is Server Core.  You can still install the GUI, but if possible 2012 Core should be considered.  Server Core has come along way, and is a no brainer if you want to use less of the system processor, and less memory.  Without the GUI, your servers are also less of a target to attacks.  Less code means, less vulnerabilities.  So how are you going to take care of your Core Servers?  PowerShell of course!

In today’s article, we will be promoting a Windows 2012 server to a Domain Controller with PowerShell.  Exciting right!  Well maybe not, but you still need to know how to do it.  Okay, lets get started.

Just like in my pervious post, the first thing we will need to do is install the Active Directory Domain Service Role.

AD DS Role Installation:

PS C:\> Get-WindowsFeature AD-Doamin-Services

image

PS C:\> Get-WindowsFeature AD-Domain-Services | Install-WindowsFeature

image

Just like with the GUI, we will need to do the prerequisite checks.  The Prerequisites Check is a new feature in AD DS 2012 domain configuration.  These checks will alert you with suggested repair options, and inform you of new security changes that will affect older operating systems.  These test’s will also run during the installation process of a Domain Controller, so they don’t have to be run separately.  However for todays tutorial, we will run them.

Note: The domain controller promotion process cannot continue until all prerequisite tests pass.

 PS C:\> Test-ADDSForestInstallation

You will be prompted for your Domain Name, and the Safe Mode Administrator Password.

image

PS C:\> Test-ADDSDomainInstallation

image

Test-ADDSDomainControllerInstallation

image

AD Forest …Check

AD Domain…Check

DC…Check.

Mission Control, we are a GO…

Domain Controller Promotion:

If you haven’t already imported the ADDS Deployment module, we will have to do that first.

PS C:\> Import-Module ADDSDeployment

If you want all the defaults and quickly add a new Domain Controller to your environment just type the following.

PS C:\> Install-ADDSDomainController

Now since that won’t work for 99% of you, lets take a closer look at this cmdlet.  By default, the cmdlet “Install-ADDSDomainController” will configure your Domain Controller with the following settings:

  • Read-only Domain Controller: No
  • Global Catalog: Yes
  • DNS Server: Yes*
  • Database Folder: C:\Windows\NTDS
  • Log File Folder: C:\Windows\NTDS
  • SYSVOL Folder: C:\Windows\SYSVOL

*DNS Server

1. New forest: always install DNS
2. New child or new tree domain: if the parent/tree domain hosts DNS, install DNS
3. Replica: if the current domain hosts DNS, install DNS

Unless those settings work for you, I always recommend installing your Domain Controllers by a script.  This will allow a consistency throughout your environment, and make your life easier.

The Script

The script is fairly simple.  Just fill in and configure your settings.  You will also need to set the execution policy on the server before you can run any scripts on it.  I’m going to use “Remote Signed”.

 Set-ExecutionPolicy RemoteSigned

########################################
# PowerShell Script to Install Domain Controllers #
########################################

Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-InstallDns:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-LogPath "C:\Windows\NTDS" `
-SysvolPath "C:\Windows\SYSVOL" `
-DomainName "contoso.local" `
-NoRebootOnCompletion:$false `
-SiteName "SiteName" `
-Force:$true

As you see from the script above, I will be configuring the server with these settings.

  • Read-only Domain Controller: No
  • Global Catalog: No
  • DNS Server: No
  • Create Dns Delegation: No
  • Database Folder: C:\Windows\NTDS
  • Log File Folder: C:\Windows\NTDS
  • SYSVOL Folder: C:\Windows\SYSVOL
  • No Reboot On Completion: No
  • Site Name: Name of site
  • For a full list of switches and settings, review this TechNet article.

Now that we have the script configured, save it as a “.ps1” file and run it.  Since we didn’t specify the “Safe Mode Administrator Password”, you will have to enter it in manually.  To fully automate this process just add the following argument “-safemodeadministratorpassword”, and password.

image

That’s it.  Go get a cup of coffee, or take the afternoon off.  When you get back, you should have a brand new 2012 Domain Controller.