Oct 22 2015

HOWTO: Reusable Template with Windows Server Trial

This HOWTO covers how use the free 180 trial version of Windows Server 2012 R2 to build a reusable template for lab and development purposes.
The objective of the steps below are as follows:

  • Ensure that whenever we need to deploy a new Windows Server for testing, it will always have the latest updates and customizations
  • Each deployment will be sysprepped ensuring there are no SID conflicts when using multiple machines
  • Allow for the latest updates and new customizations to be be added in the future without impacting already deployed test machines
  • New Server 2012 R2 VMs including fresh domain controllers and domain joined member servers must be spun up as quickly as possible with as little user intervention as possible
  • The process must allow for an unlimited number of Syspreps to take place
  • This entire guide must be repeated every 6 months as we are using the free trial version of Windows Server 2012 R2
  • Any machines deployed during the 6 month trial period will reset and start from their own 180 day counter independent of the source
  • The implement will leverage the linked clone snapshot feature found in VMware Workstation

 

Overview

The idea behind this build is to provide the fastest possible way to build new Windows 2012 R2 Active Directory lab environments.
I’m aware there are other solutions available but I wanted to see what I could accomplish using nothing more than the 180 day trial ISO, VMware Workstation and PowerShell.
The configuration may seem a little complex but once these steps are in place, it becomes hilariously easy and fast to deploy new test servers at home for testing.
The idea is to build out a new VM using the trial, snapshot it, sysprep it and then use PowerShell scripts to automatically build new Domain controllers and join to the domain using Desired State Configuration.

Read the rest of this entry »

Sep 28 2015

HOWTO: Desired State Configuration (DSC) Overview

I found myself curious if I could get my entire lab environment to build itself from scratch in a 100% automated fashion including deploying and configuring Active Directory.

All of the cmdlets to perform these tasks already exist in PowerShell and are trivial to perform individually.  But what happens if you want to combine them together?  In order to do that, you have to be able to manage restarts and be able to continue your script where it left off.  That turns out to be a non-trivial problem for traditional PowerShell scripts.  As I was researching how I might accomplish this, I stumbled across something called “Desired State Configuration” or DSC.  I’ve heard it talked about constantly over the last year or two and all of the major PowerShell bloggers have stated that it is the concept to learn after you’ve got the basics of PowerShell down.  I’ve never had a reason to look into it though… until now.

The first thing I did was start watching the Microsoft JumpStart series on DSC.  I just assumed it would be a module’s length but to my shock and surprise, Microsoft created an entire course on just DSC and that course is 2 full days – equal to that of the JumpStart for PowerShell itself!  The next thing that jumped out at me is that at the beginning of the video series, one of the hosts and inventor of PowerShell, Jeffrey Snover said:

“DSC is not just a priority at Microsoft, it is THE priority at Microsoft.”  That may sound like hyperbole coming from most people but remember that Jeffrey Snover is now the Technical Lead Architect for Windows Server.  So even accepting he probably meant his team specifically, that’s still a big deal for those working in IT as most of our time is spent with the products he is responsible for.

With that backstory out of the way, what exactly is Desired State Configuration and why should you care?  Here is what I’ve been able to piece together so far.  DSC is a mechanism for you to define how a server or servers should be configured.  Notice I did not say how specifically to configure them.  This is the first thing that took me a while to wrap my head around.  In DSC, you never define HOW to configure a server, only WHAT you want the final product to look like.  Think of DSC more as a manager than a programmer.

The way this is accomplished is Microsoft (and others) create something called “resources” which are effectively large, complex PowerShell modules that are written by professional programmers that contain all of the logic and error handling and dependency management that is almost always missing from amateur scripts.  You then use a special subset syntax of PowerShell to declare what you want and PowerShell will go out and do it for you.

Read the rest of this entry »

Sep 06 2015

Why are people on Kijiji like this?

I’ve recently put up several items on Kijiji and in doing so received a number of interested replies.  Unfortunately, many of those replies are practically unintelligible.

Why is this?  At first I thought that many of them are some kind of bot or automated software that intentionally uses exceptionally poor grammar but I couldn’t think a reason anyone would benefit from this since the people on the other end are already willing to provide you details and meet you.  So these replies must be from actual human beings.

Is our Education system really that bad?  Could it be that they are all non-native English speakers?  I’ve been in enough countries and met enough non-native English speakers to know that it’s not that.  ESL writers can come across as having poor English certainly, but it’s… different.  You can spot the mix up of language structures or at the very least identify that some modicum of effort was put into the writing.

As a public service, I’d like to present two such replies I received from two different people and rewrite the sentences in a way that makes some better degree of sense.  Names and phone numbers are changed.

“evething is gor 100 , am poor woma but my son is crasy got one of thid box i cant buy it . but is it 100 i like to buy it gor him ,let mr know pleas thank you .5551234567 bob”

“Everything is for $100.00.  I am a poor woman but my son is crazy.  He wants one of those Xboxes but I cannot afford it.  But is it really $100?  I’d like to buy it for him.  Let me know please.  Thank you.  555-123-4567 – Bob”

“I'm interested of Xbox, can you send me, cll no. Then I ca pay the xbox”

“I am interested in your Xbox.  Can you send me your cell phone number?  Then I can pay you for the Xbox.”

Sep 05 2015

HOWTO: Stop VMs from locking when idle

Tell me if you’ve heard this one before.  You build a bunch of new VMs for your lab environment.  You have them all running but every time you switch back to a VM you find that it’s always locked and you  have to press Control-Alt-Delete and enter your password.  In a production environment, this is a great behavior but in a home lab it is maddening.  I finally sat down to try and fix this and it turns out it seems pretty simple.  Simply add the following two lines to your deployment script:

powercfg -change -monitor-timeout-ac 0
powercfg -change -standby-timeout-ac 0

What these commands do is change the following two properties (Turn off the display and Put the computer to sleep) for the currently active PowerPlan and sets them to Never.

image

Aug 26 2015

HOWTO: Build Tasklist for Studying for Microsoft Exams

This HOWTO is fairly specific to me but since I needed to document it anyway I figured I would share it in case in benefited others.
I have scheduled yet another Microsoft Exam for October.  One of the techniques I use during studying is to take the base “Skills Measured” list from Microsoft and build a checklist around it so I can keep track of what to review next.  To do this I traditionally copy and paste the list from the Microsoft exam site and painstakingly edit it to make it compatible with a commercial task tracking software I purchased called Swift To-Do List.  It’s mind-numbing repetitive work and I always tell myself I’m going to try and automate it but never do.  Well that ends today.

What am I talking about exactly?  Well let’s use an example.  I’m scheduled to write the 70-462 – Administering SQL 2012.  So I visit the site (https://www.microsoft.com/learning/en-ca/exam-70-462.aspx) and get something that looks like this:

image

There are a series of one level collapsible trees that contain all types of items on the exam.  The catch is rather than provide them in a list, the entries are separated by semi-colons.  What would be so much more useful is if I could transform that list into something like this:

image

Read the rest of this entry »

Aug 06 2015

HOWTO: Enable SharePoint Enabled Lists with Office 365

Imagine this scenario.  You have a SharePoint 2007/2010/2013 server in your environment along with an Exchange 2007/2010/2013 server.  You have configured email-enabled lists in your SharePoint environment by leveraging an SMTP server configured on your SharePoint server along with a send connector on your Exchange server.  Everything works great and people can email an address and have their content automatically added as a SharePoint list entry.

Then you migrate to Office 365 in a full cutover migration, obsoleting your Exchange on premises server.  Your email to list functionality breaks.  What now?

I found myself in this exact situation and had to come up with a solution.  Here is what I came up with.  I won’t be covering every step here and instead will only consider high level requirements.  If you need more specific detail, please ask in the comments.

First, if you have performed a cut over migration, you likely don’t need the firewall rule you had for port 25 to your Exchange server anymore.  So the first thing to do would be to modify that firewall rule and redirect traffic for it from your Exchange server to your SharePoint server.

From there, you can do the following:

1) Modify your existing Exchange contact that is used for email to list functionality.  Change the email address from [name]@sharepoint.domain.com to [name]@domain.com where domain.com matches your primary production domain.
Next, if you are using some type of Directory Synchronization tool, perform a sync to Office 365.

clip_image001

Read the rest of this entry »

Aug 05 2015

HOWTO: Clear all AD Attributes from Former OCS/Lync Deployment

Imagine for a moment you have just deployed Office 365 in your environment using a cutover migration.  Everything is working well and you’ve now decided to grant access for your users to use Skype for Business.  (I so hate that name).

You find that some users are not appearing in the Skype For Business Users control panel.  You scratch your head and Google until you come across this excellent article:

http://blog.rickzeleznik.com/2014/07/29/issues-provisioning-lync-online-users-after-dirsync/

It basically tells you that at some point in the past, someone deployed either Office Communications Server or Lync server in your environment and the users that aren’t showing up have their msRTCSIP Active Directory attributes populated which is confusing Skype for Business.  The article goes on to show you how to clear the attributes.

Now imagine you test this process and it works and solves your problem.  But then you slink into your chair when you realize you may potentially have hundreds of users to update and each user has as many as 14 attributes each that need to be modified.

That’s the situation I found myself in.  If you’ve seen any other posts on this site, you already know how I solved this – PowerShell!

I figured I’d share my solution in the event anyone else is in this situation.  This is very rough code designed to solve the immediate problem and as a result I’d suggest that you have some comfort with PowerShell before attempting to use this code.

Read the rest of this entry »

Jul 23 2015

Windows 10 and the future of software installations

Windows 10 is nearly upon and one of the features I am looking forward to is PowerShell 5.  More specifically I am looking forward to the new PowerShellGet module.
This is effectively apt-get or yum for Windows and the implications for systems administrators are significant.  I just finished a quick test drive of the functionality in the Windows 10 Technical preview and wanted to share my findings.

Let’s start by finding the module.  We assume it has the word ‘get’ in it so we can do:

Get-Module *Get* –ListAvailable

image

We find a module called ‘PowerShellGet’.  Let’s see what commands it offers using Get-Command

Get-Command –Module PowerShellGet

image

Read the rest of this entry »

Jul 15 2015

HOWTO: Access Pleasant Password Server Passwords via RESTful API

If you use Pleasant Password Server, you may have a need to request passwords from a command line or automated process.  If you do, the script below should be very helpful.
It took me most of the evening to figure out how to request passwords using PowerShell and the RESTful API built into Pleasant Password Server (aka Keepass Server).

The vendor’s documentation is unfortunately very lacking.  Seriously, would it kill you to include some examples?  At any rate, the script below uses the Invoke-WebRequest cmdlet to access the RestfulAPI.

The key thing to note here is that the only way it seems to retrieve passwords is via their GUID.  Importantly, this is not the UUID that is displayed in the desktop client.
The only way I’ve found to identify the GUID is to access the desired password using the webclient and then press F12 in your browser to activate the debugging tools.
From there if you select the “Network” tab, you should see the GUID appended to the end of the URL for your password server site.

Read the rest of this entry »

Jun 22 2015

HOWTO: Implement PowerShell Certificates End-To-End

I needed to run a PowerShell script on a few dozen machines scattered across just as many disconnected networks. I wanted to ensure that if anyone in the future attempted to make changes to the script that it would no longer execute.  This means learning how to implement PowerShell certificates.  After much Googling I found that there was no good end-to-end guide on implementing certificates.  After much trial and error, I have figured out how to implement PowerShell certificates in such a way that you do NOT need to purchase a commercial certificate while still being able to run the script on remote systems.  I figured I would share the process in the hopes that I can save the next person the frustration I had.

Disclaimer:  These steps are presented without any warranty, express or implied.  As far as I have been able to determine, this process should drastically improve the security of your scripts without otherwise introducing any new security issues.  However as I am still learning about certificates, I may have missed something.  If you do find such a security concern, please let me know as I’d love to know what I missed!

Note: The commands below use the “pki” module for PowerShell 4 and therefore requires Windows 8.1 / Windows 2012

If a modern OS is not available, these same steps can be completed through a combination of legacy tools (makecert.exe and certmgr.msc)

Specific steps on completing this with a legacy OS are not covered in this document

How the Certificate Creation Script Works

  • Creates a custom self-signed certificate on the local machine where the script authoring takes place
  • The entire key (public+private) is exported for archival and safekeeping
  • The public key of this certificate is then exported and immediately reimported into both the Root and Trusted Publisher certificate stores on the authoring computer/user
    This makes this certificate implicitly trusted on the authoring computer which makes it eligible to be used to sign a PowerShell script
  • The newly created certificate is then used to sign a custom PowerShell script
  • The public certificate is then imported onto the target/remote system where the script is intended to be executed
    The target system is assumed to be running an ExecutionPolicy of “AllSigned” which requires that all scripts must be signed by an approved entity before it is executed

Read the rest of this entry »

Older posts «

» Newer posts