| 
WinRM - Microsoft's implementation of WS-Management protocols - The WS* Standards - A Primer
- Web service-based APIs
- enabled by default in Server 2012
- winrm qc < quick config / enable (WinRM for Win2k3/XP - WS-Management v1.1)
- winrm get winrm/config < get winrm config
- winrs command
- PowerShell - invoke-command
NIC Teaming - Windows Server 2012 NIC Teaming (LBFO) Deployment and Management
PS> get-command -module netlbfo to get all PowerShell commands for Load Balancing/Failover
Automating same role / feature installation
- click Export configuration settings
- save XML file
- run PS> Install-WindowsFeature -ConfigurationFilePath <exported.xml>
- when you run "dcpromo" wizard, you can also view / save PS script for future use
Expand virtual disk - run diskpart
- list volume, select volume, extend
Command line:
- netdom renamecomputer %computername% /newname:<newcomputer>
- netdom /j %computername% /domain:<domain_name> /userd:<user> /passwordd:*
Active Directory Recycle Bin - been around since 2008 R2(PowerShell Access only), but 2k12 has got GUI
- once enabled, cannot be disabled
- FFL / DFL (forest/domain functional level) needs to be 2008 R2 or higher
- can see Deleted Objects (Recycle Bin) in Active Directory Administrative Center
- deleted objects do NOT stay around forever, subject to a Deleted Object Lifetime. Unless configured otherwise, this is usually the same as the tombstone lifetime of 180 Days. Once a deleted object has exceeded this threshold, the object and all its attributes will be marked as unrecoverable and therefore subjected to normal object tombstoning, ultimately resulting in physical object removal from the Active Directory Database.
Active Directory Domain Services
- install through Server Manager or PowerShell (dcpromo is deprecated, whole process is handled with PS v3)
- FGPP - Fine grained password policies (since win2k8)
- ADBA - Active Directory Based Activation
- Install-WindowsFeature -name AD-Domain-Services
- Install-ADDSForest / Install-ADDSDomain
- Install-ADDSDomainController -domainname "xyz.com" (can be done with Invoke-Command)
- Invoke-Command -computername S01 -scriptblock {InstallWindowsFeture -name AD-Domain-Services}
- Install from media - NTDSUTIL to create media NTDS.DIT + SYSVOL (customizable)
Install from media - IFM
- run ntdsutil on exsiting DC to get a copy of AD
- activate instance ntds
- ifm
- create <mode> c:\media (<mode> = full, rodc,sysvol full,sysvol rodc)
- on destination server run PS> Install-ADDSDomainController -InstallationMediaPath \\dc\path_to_media
Upgrading DCs to Windows Server 2012
- supported direct (in-place) - Win2k8 x64 & Win2k8 R2 x64 (NOT Win2k3, this to upgrade to Win2k8 first)
- before upgrading Win2k8 DC we must run: (tool is on Win2k12 media)
The Global Catalog - AD Partition that contains data about all AD objects
- most important in multi domain forests
- Traffic runs on TCP 3268/3269
- Extensible - consider impact on AD repication traffic
Troubleshooting AD DS - Review log files
- %systemroot%\debug\dcpromoui.log or dcpromo.log
- Event view
- SRV DNS records - NSLOOKUP
- Other Tools: dcdiag, repadmin, BPA (Best Practises Analyzer)
Universal Group Membership Caching (UGMC) - During user logon, the DC must query the GC to obtain a list of UG memberships
- see Global Catalog Server Requirement for User and Computer Logon
- UGMC caches (with 8h refresh) UG membership on each domain controller (max lifetime 7 days)
Global Catalog - Enabled in the AD Sites & Services MMC or PowerShell
- Planning Operations Master Role Placement
Domain Controller Cloning (Hyper-V VMs only)
- create DCCloneConfig.xm w PowerShell
- take VM offline and export (=save as)
- create a new VM by importing the exported VM
Virtual Domain Controller Cloning in Windows Server 2012
- Web service-based APIs
- enabled by default in Server 2012
- winrm qc < quick config / enable (WinRM for Win2k3/XP - WS-Management v1.1)
- winrm get winrm/config < get winrm config
- winrs command
- PowerShell - invoke-command
NIC Teaming - Windows Server 2012 NIC Teaming (LBFO) Deployment and Management
PS> get-command -module netlbfo to get all PowerShell commands for Load Balancing/Failover
Automating same role / feature installation
- click Export configuration settings
- save XML file
- run PS> Install-WindowsFeature -ConfigurationFilePath <exported.xml>
- when you run "dcpromo" wizard, you can also view / save PS script for future use
Expand virtual disk - run diskpart
- list volume, select volume, extend
Command line:
- netdom renamecomputer %computername% /newname:<newcomputer>
- netdom /j %computername% /domain:<domain_name> /userd:<user> /passwordd:*
Active Directory Recycle Bin - been around since 2008 R2(PowerShell Access only), but 2k12 has got GUI
- once enabled, cannot be disabled
- FFL / DFL (forest/domain functional level) needs to be 2008 R2 or higher
- can see Deleted Objects (Recycle Bin) in Active Directory Administrative Center
- deleted objects do NOT stay around forever, subject to a Deleted Object Lifetime. Unless configured otherwise, this is usually the same as the tombstone lifetime of 180 Days. Once a deleted object has exceeded this threshold, the object and all its attributes will be marked as unrecoverable and therefore subjected to normal object tombstoning, ultimately resulting in physical object removal from the Active Directory Database.
Active Directory Domain Services
- install through Server Manager or PowerShell (dcpromo is deprecated, whole process is handled with PS v3)
- FGPP - Fine grained password policies (since win2k8)
- ADBA - Active Directory Based Activation
- Install-WindowsFeature -name AD-Domain-Services
- Install-ADDSForest / Install-ADDSDomain
- Install-ADDSDomainController -domainname "xyz.com" (can be done with Invoke-Command)
- Invoke-Command -computername S01 -scriptblock {InstallWindowsFeture -name AD-Domain-Services}
- Install from media - NTDSUTIL to create media NTDS.DIT + SYSVOL (customizable)
Install from media - IFM
- run ntdsutil on exsiting DC to get a copy of AD
- activate instance ntds
- ifm
- create <mode> c:\media (<mode> = full, rodc,sysvol full,sysvol rodc)
- on destination server run PS> Install-ADDSDomainController -InstallationMediaPath \\dc\path_to_media
Upgrading DCs to Windows Server 2012
- supported direct (in-place) - Win2k8 x64 & Win2k8 R2 x64 (NOT Win2k3, this to upgrade to Win2k8 first)
- before upgrading Win2k8 DC we must run: (tool is on Win2k12 media)
adprep / forest prep
adprep / domainprep
The Global Catalog - AD Partition that contains data about all AD objects
- most important in multi domain forests
- Traffic runs on TCP 3268/3269
- Extensible - consider impact on AD repication traffic
Troubleshooting AD DS - Review log files
- %systemroot%\debug\dcpromoui.log or dcpromo.log
- Event view
- SRV DNS records - NSLOOKUP
- Other Tools: dcdiag, repadmin, BPA (Best Practises Analyzer)
Universal Group Membership Caching (UGMC) - During user logon, the DC must query the GC to obtain a list of UG memberships
- see Global Catalog Server Requirement for User and Computer Logon
- UGMC caches (with 8h refresh) UG membership on each domain controller (max lifetime 7 days)
Global Catalog - Enabled in the AD Sites & Services MMC or PowerShell
- Planning Operations Master Role Placement
Domain Controller Cloning (Hyper-V VMs only)
- create DCCloneConfig.xm w PowerShell
- take VM offline and export (=save as)
- create a new VM by importing the exported VM
Virtual Domain Controller Cloning in Windows Server 2012