Tag Archives: Server Core

Connecting to Active-Directory on Windows 2008 Server Core R2

Posted on by
1

PowerShell doesn’t have any built in CmdLet for working with Active-Directory. Quest has put togheter a couple of real nice Active-Directory CmdLets that automate Active-Directory tasks. Anyway, I’m going to do a couple of posts on managing Active-Directory on a Server Core, through the DirectoryEntryAdapter. First off, let’s take a quick look at my dev Active-Directory.

servercore-02

Nothing strange here, Domain name is APA.CORP and the server is called Server1

Lets connect to the Active-Directory through PowerShell. First we create a connection string.


PS > $Connection = "LDAP://DC=APA,DC=CORP"

Next, we connect to Active-Directory through [adsi]


PS > $AD = [adsi] $Connection
PS > $AD


distinguishedName : {DC=APA,DC=CORP}
Path              : LDAP://Server1/DC=APA,DC=CORP

If you have alot of domain controllers in your farm you can specify which DC you want to connect to and also specify the LDAP port 389 in the connectionstring:


PS > $Connect = LDAP://Server1:389/DC=APA,DC=CORP
PS > $AD = [adsi] $Connection

If we want to explore our AD through PowerShell, we can use PsBase.Children to retrieve its children.


PS > $AD.PsBase.Children


distinguishedName : {CN=Builtin,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Builtin,DC=APA,DC=CORP

distinguishedName : {CN=Computers,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Computers,DC=APA,DC=CORP

distinguishedName : {OU=Domain Controllers,DC=APA,DC=CORP}
Path              : LDAP://Server1/OU=Domain Controllers,DC=APA,DC=CORP

distinguishedName : {CN=ForeignSecurityPrincipals,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=ForeignSecurityPrincipals,DC=APA,DC=CORP

distinguishedName : {CN=Infrastructure,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Infrastructure,DC=APA,DC=CORP

distinguishedName : {CN=LostAndFound,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=LostAndFound,DC=APA,DC=CORP

distinguishedName : {CN=Managed Service Accounts,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Managed Service Accounts,DC=APA,DC=CORP

distinguishedName : {CN=NTDS Quotas,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=NTDS Quotas,DC=APA,DC=CORP

distinguishedName : {CN=Program Data,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Program Data,DC=APA,DC=CORP

distinguishedName : {CN=System,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=System,DC=APA,DC=CORP

distinguishedName : {CN=Users,DC=APA,DC=CORP}
Path              : LDAP://Server1/CN=Users,DC=APA,DC=CORP

It’s also possible to list all properties through the Format-List CmdLet.


PS > $AD | Format-List *


objectClass                      : {top, domain, domainDNS}
distinguishedName                : {DC=APA,DC=CORP}
instanceType                     : {5}
whenCreated                      : {1/17/2009 6:29:21 AM}
whenChanged                      : {1/17/2009 6:33:07 AM}
subRefs                          : {DC=ForestDnsZones,DC=APA,DC=CORP, DC=Domain
                                   DnsZones,DC=APA,DC=CORP, CN=Configuration,DC
                                   =APA,DC=CORP}
uSNCreated                       : {System.__ComObject}
uSNChanged                       : {System.__ComObject}
name                             : {APA}
objectGUID                       : {164 249 62 250 183 125 32 74 162 127 129 25
                                   5 219 196 229 116}
creationTime                     : {System.__ComObject}
forceLogoff                      : {System.__ComObject}
lockoutDuration                  : {System.__ComObject}
lockOutObservationWindow         : {System.__ComObject}
lockoutThreshold                 : {0}
maxPwdAge                        : {System.__ComObject}
minPwdAge                        : {System.__ComObject}
minPwdLength                     : {7}
modifiedCountAtLastProm          : {System.__ComObject}
nextRid                          : {1000}
pwdProperties                    : {1}
pwdHistoryLength                 : {24}
objectSid                        : {1 4 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63
                                    138 126 92 158 59 183 83}
serverState                      : {1}
uASCompat                        : {1}
modifiedCount                    : {System.__ComObject}
auditingPolicy                   : {0 1}
nTMixedDomain                    : {0}
rIDManagerReference              : {CN=RID Manager$,CN=System,DC=APA,DC=CORP}
fSMORoleOwner                    : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
systemFlags                      : {-1946157056}
wellKnownObjects                 : {System.__ComObject, System.__ComObject, Sys
                                   tem.__ComObject, System.__ComObject...}
objectCategory                   : {CN=Domain-DNS,CN=Schema,CN=Configuration,DC
                                   =APA,DC=CORP}
isCriticalSystemObject           : {True}
gPLink                           : {[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB
                                   984F9},CN=Policies,CN=System,DC=APA,DC=CORP;
                                   0]}
dSCorePropagationData            : {1/17/2009 6:30:55 AM, 1/1/1601 12:00:04 AM}
otherWellKnownObjects            : {System.__ComObject}
masteredBy                       : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
ms-DS-MachineAccountQuota        : {10}
msDS-Behavior-Version            : {2}
msDS-PerUserTrustQuota           : {1}
msDS-AllUsersTrustQuota          : {1000}
msDS-PerUserTrustTombstonesQuota : {10}
msDs-masteredBy                  : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
msDS-IsDomainFor                 : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
                                   efault-First-Site-Name,CN=Sites,CN=Configura
                                   tion,DC=APA,DC=CORP}
msDS-NcType                      : {0}
dc                               : {APA}
nTSecurityDescriptor             : {System.__ComObject}
AuthenticationType               : Secure
Children                         : {Builtin, Computers, Domain Controllers, For
                                   eignSecurityPrincipals...}
Guid                             : a4f93efab77d204aa27f81ffdbc4e574
ObjectSecurity                   : System.DirectoryServices.ActiveDirectorySecu
                                   rity
NativeGuid                       : a4f93efab77d204aa27f81ffdbc4e574
NativeObject                     : System.__ComObject
Parent                           : LDAP://Server1/DC=CORP
Password                         :
Path                             : LDAP://Server1/DC=APA,DC=CORP
Properties                       : {objectClass, distinguishedName, instanceTyp
                                   e, whenCreated...}
SchemaClassName                  : domainDNS
SchemaEntry                      : System.DirectoryServices.DirectoryEntry
UsePropertyCache                 : True
Username                         :
Options                          : {}
Site                             :
Container                        :

Below is the complete code used in this example


$Connection = "LDAP://DC=BPA,DC=CORP"

$AD = [adsi] $Connection
$AD

$AD.PsBase.Children

$AD | Format-List *

Rating 3.00 out of 5
[?]

Installing Active-Directory on Windows 2008 Server Core R2

Posted on by
1

Server Core is a scaled back installation of Windows Server 2008 where no Windows Explorer is installed. The configuration is done entirly through the Command-Line interface, or by connecting remote using MMC.

All examples regarding Server Core will be done using the Windows Server 2008 R2 Beta edition, available at MSDN.

Starting off, since this is a PowerShell blog, we’ll start with installing PowerShell.


C:>start /w ocsetup MicrosoftWindowsPowerShell

After PowerShell is installed, browse to the PowerShell installation folder and start powershell.exe.


C:>%WINDIR%System32WindowsPowerShellv1.0powershell.exe

Next, we want to configure the Network Adapter Settings. this can be done either from the netsh or through WMI. In this example I’ll describe how to do it through WMI.

First we create a variable that contains information regarding our Network Adapter Configuration. To ensure that we connect to the correct Adapter, we use the Where-Object CmdLet to specify which Adapter we want to use. If you have two enabled Network Adapters it might be a good idea to have two criterias.


PS > $NetworkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration
PS > $NetworkConfig | Where {$_.IPEnabled -eq $true -and $_.Description -match "Intel"}

Now that we have pinpointed our Network Adapter, we can prepare the settings that we want.


PS > $IP = "10.0.0.2"
PS > $SubNet = "255.0.0.0"
PS > $Gateway = "10.0.0.1"
PS > $Metric = [int32]1

And finally, we can update the Network Adapter Configuration with our custom settings.


PS > $NetworkConfig.EnableStatic($IP,$SubNet)
PS > $NetworkConfig.SetGateWays($Gateway,$Metric)

Changing the computername might also be a good idea. The computername can be changed through the netdom command or through wmi as the example below shows.


PS > $Computer = Get-WmiObject Win32_ComputerSystem
PS > $Computer.Rename("Server1","Password1,"Administrator")

The Server requires a Reboot before the computername changes.


PS > shutdown /r /t 0

The Active-Directory Role is added through the dcpromo command. The command takes arguments that specify the type of AD you want to setup. It’s also possible to create a list contining the information and run dcpromo with the unattend switch.

Here is an example of the list I used in my test domain. A complete description of available switches are available on TechNet

[DCINSTALL]
ReplicaOrNewDomain=Domain
NewDomain=Forest
NewDomainDNSName=APA.CORP
DomainNetBiosName=APA
InstallDNS=yes
RebootOnCompletion=Yes
SafeModeAdminPassword=Password1

Save the list in a txt file, then run dcpromo with the unattend switch and specify the path to the txt file.


PS > dcpromo /unattend:C:DCINSTALL.txt

Restart the Client and when the login screen appears, you will be able to Log on to your New Domain.

servercore-01

Below is the code used in this post:


start /w ocsetup MicrosoftWindowsPowerShell

%WINDIR%System32WindowsPowerShellv1.0powershell.exe

$NetworkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration
$NetworkConfig | Where {$_.IPEnabled -eq $true -and $_.Description -match "Intel"}

$IP = "10.0.0.2"
$SubNet = "255.0.0.0"
$Gateway = "10.0.0.1"
$Metric = [int32]1

$NetworkConfig.EnableStatic($IP,$SubNet)
$NetworkConfig.SetGateWays($Gateway,$Metric)

$Computer = Get-WmiObject Win32_ComputerSystem
$Computer.Rename("Server1","Password1,"Administrator")

shutdown /r /t 0

dcpromo /unattend:C:DCINSTALL.txt

Rating 3.00 out of 5
[?]