Month: August 2015

Is this push toward virtualization preparing us for terminal servers in an a la cart setting via Microsoft cloud computing?

Sorry had to put this in here. Hope it loads consistently and if it doesnt here is the link becuase you for sure want to expereince this awesomeness.

Cluster aware updating, I really like this term but it doesn’t have anything to do with what this post is about. Just the concept of “cluster aware” anything indicates team work playing a more important role in the overall success of thing over the concept of the individual. Rolls right perfectly off the tongue, like idea that a group of computers where the functional level of band that understood how to play off each other. What a neat concept for VMs or physical host machines for that matter but we are going to talk about VMs cause I like talking about VMs I supposes and theoretically if I was tested on the matter it shouldn’t be any different. Anyway, since VMs are interesting these days and the concept of architecturing a data center or enterprise network around them is a fascinating concept/experiment I have to ask myself what would be the need for so many virtualized machines? Well, being that im out of work I should probably take the more labor intensive work equals more jobs but Im of the persuasion that the industry as a whole is more important that I am as an individual. Perhaps there is a correlation or relationship between the two things but we are going to talk about the technology since we are pretty sure bad unionized politics won’t be on an exam. Since I’ve never actually built a dada center or configured Hyper-V machines within an instance of Server I truly have no idea. Coming from a background of working in business support/analytics roles I have to consider my limited personal experience theory’s and try and visualize the way that data would flow when it comes to terms of dollars spent. As I go through this process come back to the same ideas of supporting a failover cluster with scalability availability based on the obvious factors. If you think about it logically VMs in theory shouldn’t reduce the footprint of actual physical hardware because now you just have more powerful servers running more copies of an OS with both hard and soft networking to support so why couldn’t physical instances of windows support all of the services and programs that you need to run/host? Hosting more virtualized instances of an operating system should actually reduce efficiency terms of actual hard disk storage space. From a stand point of actual failure and having to use backups then comparing server state backups to Hyper-V replicas the Hyper-V replicas could be more efficient in terms of the time that it takes to get them running because a physical machine isn’t down hard in this instance. However if a solid failover cluster of parent machines is in place it should be transparent to end users in a production environment. Is it more efficient in terms of power consumption or physical space, I wouldn’t assume that either. It seems like if you host each major service or program on a separate physical machine you would take them down at separate times in case of a major software patch for either the service/program that you’re supporting or for a Microsoft patch. This has been the standard operating procedure for many years. I suppose that it seems easier to deal with restarting a VM with just a few clicks when updating but you still have to deal with the parent or host machine. So again why not just have separate physical servers instead of one giant server with 4 million cores and 90 billion gigs of ram or whatever? Real east cost could play a factor in overcoming utility costs extremely large scale deployments. I suppose in these terms finding efficiency is a much of an art as it is an exact science. So if I understand anything about how real world business application works and that decision makers study these sorts of cost efficiency measures I’m betting that there are fairly easy to find resources on the matter. Turns out the R&D info provided by 3rd party virtualization says I’m wrong and that is indeed at least somewhat more efficient:

Results of this study: The customers profiled in this study reduced their server TCO by 74% on average and realized an ROI of over 300% within the first six months of deploying VMware virtualization software. Although the sample size in this study is too small to make significant generalizations of TCO savings by industry or across types of businesses, the findings from the three customers studied in this paper are consistent with VMware experiences with other customers.

However this is a pretty small study and I still feel like at current level of technology finding a balance is possible and it is more art than science due to individual network/business personalities. These types of business efficiency questions are certainly not going to be CBT Nuggets but understanding the history of a product, the reasons for its implementation and the best uses of a technology product may help us to uncover the truth of the reason why things work the way they do. These are also the sort of real world questions you may have to answer when running an IT department while forecasting yearly budget plans that Microsoft is not exactly able to test on. In addition to real world working cost knowledge, understanding the philosophy of a thing is to understand a thing and that knowledge is true clout my friends. I think virtualization is absolutely phenomenal, for developers and students who are constantly breaking things and having to rebuild them because the rebuild time is at least in theory significantly reduced with virtualization but it comes at the price of increased storage space. However if your running stable production code your environment shouldn’t demand anything more than updates and launch patches that have been tested in a dev environment. It seems like there was a reason that we moved away from the concept of terminal computing and now we are in theory returning to it by hosting a million instances of server. So given that virtualization seems to be most suitable for dev environments and limited production use for non-critical systems why the push to learn so much Hyper-V? Not really sure to be honest, it’s like training construction workers to build highly effective sandboxes. At least from my current observations and pervious experience but don’t trust me because I don’t study to tests. So this won’t help me get that high paying admin job I’ve been after in terms of on paper qualifications. Bummer. However these are the questions I will continue to ask of any system whether it’s an operating system, a business practice regardless of it being in my personal best interest because global efficiency’s play a factor and are more important in these sorts of things. Maybe that’s kind of a cheesy Three Musketeers type of philosophy but at the end of the day the ability to place strictly capitalist economic theories on these sorts of backend technology’s would most likely prove to be very foolish. When it comes to creating front in consumer facing technologies such as cell phones and the need to create jobs on a large scale I think we may find our robotic desire for physical efficiency may find us in a state of economic failure.

I know I’m kind of repeating myself here so I guess I could start a new thought process and ask my next question, is Hyper-V preparing the world for a fully cloud based server solution provided by Microsoft and their backend hardware vendor of choice? Given that this is really leaning into Apple’s business philosophy territory and that I doubt it would be feasible solution for large scale environments I kind of doubt it. It does however have the potential to be a phenomenal a la cart type of product for smaller business environments with less than 200 users and given that it’s a line of business outside of being a technology vendor or some sort. That said even with this scenario there is the very obvious caveat of data transfer/latency as well as actual profitability concerns from Microsoft. If the Microsoft’s small business clients are paying for Google fiber or some other high end data transfer service will the speed be effective enough to reduce latency to an acceptable level? That’s a fairly large question that would need to be answered because that has the potential for massive failure leading us back to square one with having at least one onsite physical DC connected to Azure or whatever they decided to call it. However it does kind of cut out the middle men and lead to a standard per user pricing for the little guys similar to what we see with consumer cellphone usage today and cell phone companies seem to be profitable in a very respectful fashion however they are not exactly targeting their product at a niche market.

So what about the networking benefits and the layers of virtualized networking and switches? Is this going to increase efficiency or provide one more layer of potential failure? I feel certain that im not the first person to think about this stuff. BRB gonna see whats up on google, techtarget will not do, how about this Toms Hardware situation, I like these dudes and once again we see the sandbox analogy in place but we don’t see anything about reliability. I want to know if these things are Hondas, vintage jaguars or somewhere in the middle like a Volkswagen. Turns out there’s lots of articles on the topic and it depends on which one your using. I guess that makes sense. Overall it doesn’t really speak to the reliability of widespread implementation of virtualization.

Ok so Ive drawn some conclusions here and im finding my self wondering why on earth did I write something about economic theory’s because there’s probably a whole lot of people that are like a bazillion times smarter than me that work in marketing departments and sit on boards? Because there are also a whole lot of people out there that is a whole lot smarter than me that are writing tech blogs. Also, If there’s only one person writing things ideas don’t get passed around and that is boring or and stale and maybe writing/considering these sorts of things is like jogging for your brain.

0

Using Active Directory Admin tools (in PowerShell) Part 2

Create or manage groups

This is pretty straight forward activity that we can find a lot of info about online. I feel like at this point we basically understand how PowerShell works and the lab environs are not exactly helpful so we may come back to this and add screen shots after we get back into a working test environment at CED Solutions, fingers crossed that that actually happens. Also instead of listing the full syntax for the cmdlets I’ve simply posted the links to the TechNet articles which I did less of last time so you can check that out for yourself!

So the first thing when trying to answer any question is clearly to do a search for the answer. So I searched for “create a group PowerShell” and came up with an interesting post. This is lifted from a blog and it’s pretty basic straight forward helpful info for someone such as my nubbins self that’s trying to learn this stuff: Create an Active Directory Group with PowerShell

In Windows Server 2012 R2 or Windows Server 2008 R2, use the New-ADGroup cmdlet.To create a new global group in the default Users folder of Active Directory called “Finance”:NEW-ADGroup -name “Finance” -groupscope Global If it needs to exist in different path in Active Directory, specify the path by its distinguished name:NEW-ADGroup -name “Finance” -groupscope Global -path “OU=Offices,DC=Contoso,DC=local”

However there’s more on this topic that I’m aware of so ill add links to the TechNet articles of some of the cmdlets listed in case we want more info on the full syntax of the cmdlets discussed. Using these commands in context and in order should provide for a more complete understanding of the given topic in PowerShell as well. Hard to tell if these will work without testing tho

  • New-AdGroup
  • New-AdGroup -name “McNubbinzzfailsauce” -Groupscope Global

  • Add-AdGroupmember
  • At this point I’m starting to wonder if there a shorter version/alias or like abberviations for some of these. There doesn’t appear to be any reference articles pointing to that but there is a great thread about this if you don’t mind cussing 🙂 Help on Add-Groupmember

  • Add-AdGroupmember -identity McNubbinzzfailsauce -Members RODC
  • Remove-AdGroupmember
  • Remove-AdGroupmember -identity McNubbinzzfailsauce -members RODC

  • Remove-AdGroup
  • Remove-AdGroup -identity McNubbinzzfailsauce

Create or manage computer accounts

This is basically the same as creating user accounts like we did in the previous post so the screen shot there is still applicable but its robots instead of actual human users. However sometimes computers do use user accounts for services and so forth so what evs, you get the idea. Also some of these have potential prompt for credential sets in the syntax but I’m not good enough at reading the TechNet articles to know if its required without actually trying it however if it does I’m assuming that it will look exactly like the credential prompt show in screen shot shown in the last post.

So this is basic creation of accounts sort of thing. What about managing and viewing computer accounts? What if we want to see all the accounts listed in our directory and then pipe them to a webpage? Well we would use get-adcomputer and then spell it out from there. Note that this would be kind of harmful if you were to run this in an enterprise environment with lots of computer accounts because duh there’s lots of them and it’s not a prepopulated csv or database, your actually pulling on a harddrive your actually querying against a live database. So what I’m saying is probably don’t do this during regular business hours unless you’re playing Chaos Monkey

  • Get-AdComputer

  • Get-AdComputer | ConvertTo-html | out-file C:usersadministratordesktopgertallsuprcompootrs111onnetwrk.htm

Ok so that’s that we should now have a locally hosted website that shows all of the computers on our network that if needed could be placed in a shared file for network users to view or actually hosted in proper format for web viewing. Also I’m pretty sure that syntax should work but you know, testing probs. So let’s dig around and see what all is out there as far as information on viewing computer info besides what we already know that was displayed in the videos mentioned previously. So I came across this little ditty on a hardware vendors website/forums and I found it quite confusing as get-Qadcomputer doesn’t seem to be a built in PowerShell command so maybe it’s an add on software package from the hardware vendor? It seems to come up quite often. Interesting, but not important cause it’s not on the test right? Here’s an example of a complete syntax displayed on the sites

Get-QADComputer | Get-Member Remove-ADComputer

Create or manage organizational units and containers

Ok cool, so wtf is an OU and how is it different than a group? Well according to Someolddude1’s internet blog it’s something like this:

Groups have SIDs, can be placed on access control lists, and can contain other groups (even the same type of group referred to as group nesting). Organizational units do not have SIDs, can’t be placed on an access control list, and cannot be placed into a group. Instead, organizational units are used to organize users, groups, and computers within Active Directory. This organization is used to grant delegation and deploy configuration and security settings through group policy. Moving forward it is ideal to use the best practice for group nesting, as it is easiest to manage and provides the best security environment for Active Directory. Of course organizational units can be nested into other organizational units and often are. Just remember the two main reasons for organizational units and the design and deployment of them will be clear.

Still doesn’t make sense to me. Why do I care if something has a SID (security identifier), what’s an access control list, and why would I not want something placed into a group or are groups inside of OU’s? Also so I can’t put a group into an OU and it acquires these things? I’m lost at this point and I’m not going to lie about it because it’s better to ask questions and figure it out rather than try to be the cool pretentious kid that doesn’t figure it out cause he’s too busy pretending to know everything.

Well there’s also this TechNet article and after reading it I think what I’m understanding here is that groups are placed into OUs which are created to organize sites or different lines of business and then groups are placed inside of them? Maybe this is correct. Hard to be sure. I suppose we could ask the question on TechNet forums but someone has already done that too. This is more helpful info which seems to tell me my assumption is correct. So I can link GPs to groups within OUs but not to the OUs themselves. Not sure why this is designed this way but whatever.

This also brings up another interesting question. What about the default user’s container that’s built into AD that you can’t attach GPO’s to. What’s that called and is it an OU, a group or neither? I feel like this is really basic stuff that I should know by now that I don’t. I asked someone that past the 70-410 test in class and they didn’t really seem to know either. It was in the middle of trying out some stuff listed on a Toms Hardware article about PowerShell, which is a fantastic reference by the way. I cant seem to find this information any where. Some one should really consider creating a table that shows an AD tree and has names boxed in with arrows pointing to the folders in the tree so you can get a better idea of WTF is going on with all that. As soon as I figure it out ill let you know. : )

Connect to one or several domains or domain controllers in the same instance of ADAC

This is actually really easy to do using PowerShell and we are going to dip into some things we learned in the PowerShell tutorials from Microsoft on this one as well as the next one. However the books descriptor is kind of vague so we are going to explore a couple of options as to how we might do this. The GUI method is fairly straight forward. You simply right click in the management console and go. You can also open a local PowerShell session and if you just want to run a PowerShell prompt so you can use a PowerShell on a machine in a local type of fashion use the command

  • Enter-PsSession

  • Enter-pssession RODC

    This takes us directly to whatever machine we named RODC and if you type hostname at the prompt you should see the name of the computer you connected to returned.

  • Or if you want to run code on your machine and send to a computer you use the -computername switch if it’s available with the cmdlet you’re using and for more info on this switch check out this article about the ComputerName switch

    You could also use these to query any computer or targeted computers on your domain

  • Get-AdComputer The syntax below should get you any computer on the network running bits or if you target specific machines it will do that as well. Again use caution running this against every computer on an enterprise domain. Also throwing in a new command in here with the Get-Service cmdlet. The filter switch in the case below is going to search all computers. If you used the -identity switch you could simply target computers. So the compound |’d structure works like this, you all the computers, you have that data then it searches each of those computers for the service name bits or in the second case you should get a really huge list of every service running on every AD computer sorted by name and status then you could out put it to html if you wanted. #epic haha

    • Get-AdComputer -filter * |get-service -name bits
    • Get-AdComputer -filter * |get-service | select -property name, status

    Filter active directory data

The most obvious source of “active directory data” kind of vague term as active directory is nothing but data is the event log. If you’ve ever worked in support, development, walked through an IT department, pushed a computer and then expected it to work your probably familiar with this thing called an event log that tells you where shit went wrong. After you know what went wrong then you can figure out how to fix it. Yay! This really is a pretty critical part of an operating system as far as anyone in the field is concerned. Obviously a standard computer user has no need to dive into an event log but we are not average users are we? Cool. Now that that’s established.

  • Get-Eventlog

  • Get-eventlog -logname system (-newest 5) |convertto-html| out-file c:usersadministratordesktopbooyatribsorgserverprobs.htm
  • Ahhh sukisuki now we got a website called booyatribsorgserverprobs with our recent eventlog errors. Hopefully we can take a look at those and get our stuff togeather.

  • So this is also kind of cool, we can sort
  • Get-eventlog -logname system newest 5 |select -property event ID, timewritten, message | Sort -timewritten -descending

  • We could also use Get-GPO to output some or all of our GPOs since this is also “active directory data” that is obviously filterable and you can also do whatever you want in terms of |ing this data to a location or file type as previously discussed. While its not really applicable to this section I suppose you could also write a “what if script” and see what would happen if you applied certain GPOs to users/computers and then send that to website…..but that’s outside of our scope? So maybe we should stick with some thing basic that pulls all GPO’s
  • Get-GPO -all -Domain contoso.org
0

Using active directory Admin tools (in powershell) Part 1

Ok so this is from the book and it tells you how to do it
using the GUI starting on page 126 but that’s boring and old hat stuff that
frankly any one going out for this MCSA situation should know any way. So where
going to see what we can cook up by learning how to do this in powershell
again, cause were over achievers that actually want to figure out what we are
doing.

  • Reset user password

    Ok
    this one is easy enough and amazingly easy using server gui, users and
    computers, find the account right click, reset password. Well lets see what we
    have to do in powershell. So google gives us the following info from this TechNet
    article: https://technet.microsoft.com/en-us/library/Ee617261.aspx

      • Set-adaccountpassword  tammywynet -newpassword Password1
      • Uha that don’t work let’s try something else
      • Ok this is working but its asking me for her
        current password and I don’t know what it is. She forgot it. Dang it Tammy. Why
        you wana go and make me learn. And this isn’t in the book at all. 😦
      • Google is no more help. Can this be done in
        powershell? Its looking like unless you’ve just mass created a bunch of users
        or just created an account through powershell that has no password associated that’s
        a no. You could try enabling a locked account and pressing enter and not
        putting any thing in the password field but that doesn’t seem very secure or
        like something Microsoft would have overlooked since its so amazingly basic. I
        guess some things are better left to GUIs.
    • Create and manage user accounts
      • Ok creating a user account this shouldn’t be too
        hard, lets use are friend google and see what we can dig up in TechNet to do to
        create a user account. https://technet.microsoft.com/en-us/library/Ee617253.aspx
        • Ok so New-ADUser and what’s the syntax?
        • Uha yeah this is a lot                                   New-ADUser
          [-Name] <string> [-AccountExpirationDate
          <System.Nullable[System.DateTime]>] [-AccountNotDelegated
          <System.Nullable[bool]>] [-AccountPassword <SecureString>]
          [-AllowReversiblePasswordEncryption <System.Nullable[bool]>] [-AuthType
          {<Negotiate> | <Basic>}] [-CannotChangePassword
          <System.Nullable[bool]>] [-Certificates <X509Certificate[]>] [-ChangePasswordAtLogon
          <System.Nullable[bool]>] [-City <string>] [-Company <string>]
          [-Country <string>] [-Credential <PSCredential>] [-Department
          <string>] [-Description <string>] [-DisplayName <string>]
          [-Division <string>] [-EmailAddress <string>] [-EmployeeID
          <string>] [-EmployeeNumber <string>] [-Enabled
          <System.Nullable[bool]>] [-Fax <string>] [-GivenName
          <string>] [-HomeDirectory <string>] [-HomeDrive <string>]
          [-HomePage <string>] [-HomePhone <string>] [-Initials
          <string>] [-Instance <ADUser>] [-LogonWorkstations <string>]
          [-Manager <ADUser>] [-MobilePhone <string>] [-Office
          <string>] [-OfficePhone <string>] [-Organization <string>]
          [-OtherAttributes <hashtable>] [-OtherName <string>] [-PassThru
          <switch>] [-PasswordNeverExpires <System.Nullable[bool]>]
          [-PasswordNotRequired <System.Nullable[bool]>] [-Path <string>]
          [-POBox <string>] [-PostalCode <string>] [-ProfilePath
          <string>] [-SamAccountName <string>] [-ScriptPath <string>]
          [-Server <string>] [-ServicePrincipalNames <string[]>] [-SmartcardLogonRequired
          <System.Nullable[bool]>] [-State <string>] [-StreetAddress
          <string>] [-Surname <string>] [-Title <string>]
          [-TrustedForDelegation <System.Nullable[bool]>] [-Type <string>]
          [-UserPrincipalName <string>] [-Confirm] [-WhatIf] [<CommonParameters>]
        • Well its really not that much, its just all the fields
          that you can populate to describe a user. We don’t need to do all that atm so
          where going to keep it basic. new-aduser -name RODC -displayname RODC -givenname
          Br0no -Surname Tosaurus
        • Hey it worked! We now have an RODC account with
          a funny user name. Let’s try to set this password because it shouldn’t have one
          since we didn’t use the switch to give it a password. Lets try that command
          from the first bullet.
        • So in this instance set-adaccountpassword rodc
          works but we still need to enable the account. Again, no idea so lets hit TechNet
          up again.
        • Perfect https://technet.microsoft.com/en-us/library/Ee617200.aspx
        • enable-adaccount -identity rodc works great
        • lets verify this, not sure how. Well if I google
          “verifying enabled ad account powershell” it takes me to some long page about a
          script but I have a feeling I can use the basic cmdlet from the first line in
          the script which is get-aduser. So lets try that.
        • Well it initially takes us to a 2008 article so
          lets add 2012 and find the right article: https://technet.microsoft.com/en-us/%5Clibrary/Hh852208(v=WPS.630).aspx
        • Theres a long string in here but I think we just
          need the basics which looks like: Get-aduser -identity rodc
        • As to why some require the switch identity and
          why some don’t is beyond me but whatever it worked. Now this whole string looks
          like this, ignore the part where I was renaming a server. I was attempting to
          create an RODC in powershell but we will get to that later just not on these
          test environs

    photo creating AD account and renaming server_zpsfkg1arha.jpg

0

Breaking stuff, fixing stuff and exporting results

Ok so in the next instructional video after the help info we
move on to learning the exciting ways that powershell can quickly output data
to useful formats and we learn about some neat switches. I’ve worked with
massive amounts of data before so I know how much of pain staking experience it
can be to move data around and output the data into a useful dashboard. Granted
most of we are moving in these examples isn’t what I would call huge data but
it is a pain to read in an organized/comparative fashion in powershell. However
we are given some amazing ways to process the data by creating quick html
files, CSV’s and XML files. We also learn about ways to verify that our
processes actually ran and shown a switch that prompts for conformation (this
switch is –confirm which I decided not to use in testing for some reason).
Normally if you run a command involving stopping or starting a service or some
similar action powershell just does it, doesn’t ask if you are sure you want to
proceed no matter how drastic the action is and doesn’t confirm the action was
done other than not showing an error. If you want to confirm that service has
been stopped and you didn’t use the –passthru
switch you would have to run the get-service command again to verify that the
service is stopped. So its kind of give and take far as efficiency goes on
typing out –passthru or using get-service goes.
I’m going to take this as a learn as you go and use your best judgment
type of scenario.

Ok on to notes and screen shots, this one is not quite as
substantial as the help info but it is very useful in learning to navigate the
blank piece of paper known as powershell. Also this is neat, you can launch
apps right from powershell simply by typing the name. Also prt scr and paint
leads to what seem like higher resolution images and no annoying red bars
around images.

open paint photo paint_zps1s3zel6r.jpg

Get-service  –name
bits :this shows what’s currently happening with the bits service (or whatever
service you target after the –name switch) and since we are overachievers that
want to actually learn ever thing that’s going on with this where first going
to try to mash togeather some commands and then were going to hop over to the
TechNet article about Get-service to try and understand the full syntax so that
the next time we read a TechNet article about powershell syntax maybe we can
know wtf is going on with it. As you can see in the example I tried some
different things to see what the outcome would be..

start service -passthru photo start service bits_zpspwvebnhw.jpg

So here’s the TechNet help info on get-service. At this
point it looks a little less complicated than Aramaic to me but not by much.

Parameter Set: Default

Get-Service [[-Name] <String[]> ] [-ComputerName <String[]>
] [-DependentServices] [-Exclude <String[]> ] [-Include <String[]>
] [-RequiredServices] [ <CommonParameters>]

Parameter Set: DisplayName

Get-Service -DisplayName <String[]> [-ComputerName
<String[]> ] [-DependentServices] [-Exclude <String[]> ] [-Include
<String[]> ] [-RequiredServices] [ <CommonParameters>]

Parameter Set: InputObject

Get-Service [-ComputerName <String[]> ] [-DependentServices]
[-Exclude <String[]> ] [-Include <String[]> ] [-InputObject
<ServiceController[]> ] [-RequiredServices] [ <CommonParameters>]

Ok So we see the name, that makes sense and since its listed
inside one of [ these we also know that we don’t have to give a name and if we
do that it will list all services currently running. So we could potentially
target a specific service and a specific machine. That’s helpful info and I
think we are getting somewhere with our basic understanding. The second one
differentiates the service name with the display name, I understand that in
theory but is the BITS display name not just Bits? Is there some sort of short
hand for some services where display name would come in handy? Also the third
set here input object well this is actually starting to make sense to because
its telling us that we can just type get-service and target a specific machine
using the same info as listed in the first string. Slightly redundant which
leads to a little intimidation factor for new guys such as myself but the more
im learning here the more I’m finding these strings of help to be useful in
considering full powershell syntax for more complicated commands in that you
can mix up places on some of these parameters and they will still work. So they
are also giving names to these things as if they are separate entities but I
don’t really think powershell is putting these strings into separate containers
for some reason and was you can see in this example where first I run
get-service –computername  <x> then
target a specific service using the –name switch:

photo get-service target computer name bits_zpsaacwc0hr.jpg

 

Ok so now that that’s out of the way we can talk about all
the switches they are not telling us about in this TechNet article. Like what
to do with this data and then when we figure that out let’s try out some more
scenarios. So we’ve loaded are data into a CSV file but we don’t have anything that’s
great to read CSV files with so it looks like a notepad document and if you
have ever tried to read CSV in a notepad format you know it’s very confusing.
If this was dumping into excel or something it could be really cool. The
command we used to do that was:

get-service |export-CSV –path c:usersadministratordesktopservice.csv

Fairly simple. Ok let’s try the same thing only this time
dump it into an XML document and open it in a web browser. This has the same info
but the format is possibly somewhat easier to read buy human standards.

create an xml photo export to xml_zpshc57bxry.jpg

Lets try the same thing and this time dump it to an HTML
file and then open the html file in powershell. Ok so apparently we have to use
some different commands according the video and how the data stays cached in
what they are referring to as the pipeline is affected. Ok, lets try this, cool
it works!

Get-service |convertto-html –property name, status |
out-file  –path c:usersadministratordesktopwerbsyte.htm

drop to html open html photo results to html_zpspdep9rjy.jpg

Cool, now we know what to do with data and we’ve learned a
little about powershell syntax. Lets try to break some stuff and then restart a
server then compare the services on the working server against the server we
broke. First things first, lets use this cool Whatif command they give us and
as you can see in the screen shot this looks like it would break some shit in a
live environment:

So get-service |stop-service  -whatif

-whatif photo stop service what if_zps3vqz541l.jpg

Well if we do this on a local machine it’s going to crash
and become unresponsive so we can do that. So were going to pick on server1 and
were not sure if its going to tell us what’s going on so where going to use the
-passthru switch to make sure it tells us and it looks like its saying its
unhappy, not sure though. The full command (displayed after the results of
running the command) is:  get-service –computername
server1 | stop-service –passthru

photo stop all services target machine_zpsoh6nagko.jpg

Well now server1 is totally unresponsive after we try to
just restart the services:

photo restart server after service stop_zpsayqf6jfz.jpg

and we are going to have to do some thing
about that. So we google remotely restarting a machine via powershell and it
takes us to this TechNet article https://technet.microsoft.com/en-us/library/Hh849837.aspx

Easy enough, looks like its just:  restart-computer -computername

Now we are going to compare server 1 with dc 1 as mentioned
in the video and export the text to a html document so we can visually compare and
make sure that the same services are running on both machines.

Note, the passthru command does not work when trying to
restart a server. I tried it again later just to find out. It would appear that
any command will work for testing this such as ping <computername>

Ok server1 is back up and running. And some things going on
with my keyboard so we have to switch instances, fun. Why is this typing in all
caps? No idea. Google was of no avail but the scenario was easy enough to
recreate so for some reason this instance has a start button on the DC and as
you can see we have put the services running on the two machines into a separate
html files and opened them, they work great but there are some differences so
if we run into trouble we should be able to figure out why..

compairing services on two boxes via html photo compairing services on two boxes via html_zpsi0r7us5i.jpg

YAY! HAPPY FUN TIME

Thank u MSFT for test invirons, they are much fun!

0

Powershell not s parte 1

So I watched these MSFT videos, here https://www.microsoftvirtualacademy.com/en-us/training-courses/getting-started-with-powershell-3-0-jump-start-8276
, that where so helpful in understanding powershell. Much better than most reference
book that I’ve used and if you pair some of this info with the Virtual Academy
lab environments you might just learn a very small amount of powershell without
actually working on a real working server environment. The first time I watched
the help video I was like omg holy shit this is amazing and took absolutely no
notes what so ever. A few days later I opened a powershell prompt in the MSFT
lab environment and just sort of stared at like “woah scope that arrow >”
and couldn’t remember anything these dudes where talking about. So I decided to
watch it again and write down everything they were saying. Turns out this info
is generally more helpful than any book ive seen see far. So maybe this exists
out there somewhere in internet land but here’s some powershell notes for
idiots like me.

Note:I do apologize for any incoveninece my typos my cause,
I was drinking beer and listening to style of hip-hop known as krunk. Some
examples of krunk are the Yin-Yang Twins known for there hit single “Salt Shaker”
and the artist Trick Daddy. You may recall Trick Daddys 1998 hit single “Nann”
from his album www.thug.com which has an
image on the cover of a website created around the time of its release. Im sure
that the website was hosted on a windows advanced server NT 4.0  machine running IIS however there is a
possibility that it was a Unix box hosting it that was powered by Apaceh.
Either way it was a real website currently it appears to have some sort of
alias record directing you to some label page. Boring.

Update-help
-force  :this command will
download the latest help file info

Using the up errow will legt you scroll through the history
of commands you have typed.

The tab key is also extremely useful in that it will let you
scroll through possible commands, in this screen shot I just typed get help and
the pressed tab and space a few times to see what the results would be. I don’t
think this would display a functional output but you get the idea.

tab key photo get-help tab key_zpsz3zfz1c0.jpg

The typical Copy and paste cntrl C cntrl V does not work
however highlighting text very carefully and then rich clicking  then scrolling down to the next input space
and right clicking does work

Get-help  
“command” or cmdlet a little confused on terminology here  :basic powershell help
parameter, an example of a “command” would be add-windowsfeature as you can see
it doesn’t like install-service  This
looks like:

get-help basic photo get-help basic_zps6sdvk70i.jpg

Help “command” :shows more information that simply using
get-help, the output of this command looks like this and as you can see it does
not require a -:

help basic photo help basic_zps8kjymglv.jpg

Man “command”  :also a more prolific version of the get-help
command, the output of this command looks like this and as you can see with
this being done on the MSFT free test lab environment we run into a few issues
as the update-help command doesn’t seem work:

man photo man basic_zps6gtxecsd.jpg

Get-help *service* :in this example these dudes are using
what amounts to a search parameter to search for anything that has the word
service in the name. This looks like this:

*service* photo get-help start service._zps5shvgjod.jpg

Get-help  g*service* :
this will narrow the list and pull any commands that have a g and service for
example get-service. The output of this command looks like this:

get-help g*service* photo get-help gstar service_zpstqwakzmw.jpg

Get-verb : this will show all the verbs used in powershell
and instead of listing all the verbs ive shown that the location of the asterisk
character matters. If you do a search with *R it will display everything that
ends with the letter R if you use R* it will show any thing that starts with
the letter R.

get-verb photo get-verb_zpsslyyex8m.jpg

Get-verb |measure :this will give a number of returned
options. This is the first time we have seen the | command show up but it’s a
very powerful tool that you can use add addendum to powershell commands. More
on this whole | in later posts. Now it feels like where getting somewhere and
learning out how organize and display information in powershell!

get-verb pipe measure photo get verb pipe measure_zpslvsxlliq.jpg

-detailed :this switch lists all the help for the command. It’s
fairly extensive and this point is worth noting what all the [,][<[] things
mean. At first I was mega confused by this because im not a coder. But basically
it goes like this, if the syntax starts with a [ then a command inside of that
then it requires no additional switches to run, however if it doesn’t start
with that you have to give some more description. If you see additional []
things inside of a [ after describing a switch you can use multiple variables. Hopefully
that makes sense and it looks something like this:

detailed switch photo detailed switch_zpsldibjm4e.jpg

-full :this switch basically the same as using the –detailed
command however there is some more info about additional paramaters and im not
sure that I fully understand that yet so after I get some more info I may
discuss this more. Also its worth noting here that I picked the add-dnsserverconditionalforwarderzone
cmdlet because DNS is somewhat confusing to me and a global sense and I just
used the Tab key to find it:

full switch photo full switch_zpsfyzuwx0i.jpg

Get-help get -service –online :the online switch takes you
to the TechNet article on the requested topic. Also you can see that we start running
into problems with using the free labs again. Im assuming they don’t have an
internal internet connection which would make sense because I could see people
using these as a proxy server of sorts being a problem.

examples/limitations photo examples limitations_zpseuzdn6ig.jpg

Get-help get-service –examples :this examples switch is
where they keep the good stuff. The get-help is absolutely useless unless you
understand the code and all the brackets and all that stuff that’s obviously
super confusing. The –examples parm displays an exact line that you can type to
get what you’re looking for. And as you can see in the previous example we are
little limited here as well

Get-help get-service –showinwindow :this is amazing and it works great in the video. The show
in window switch shows the help file that was just pulled in a separate pop
window. Like omg a GUI in a dos type inviroment. My favorite part of this, as
if this wasn’t enough to spin your command line clues brain into a spin you can
also select check boxes to figure out/drill down to specifics so you can figure
out exactly how to talk to this thing. However it doesn’t work in the test environment.

-showinwindow photo showinwindow_zpsnskugamn.jpg

There’s also an interesting bit in the video about finding
things out by using bad switches/parameters after cmdlets in hopes of getting
some information in the returned error. I didn’t exactly find that helpful but
its displayed in the next image any way.

The event log search and pull tool however is amazing. Everyone
that’s ever had to search through an event log to figure out what was going on
knows how awful it is. Powershell just makes this a non issue. You can target
specific machines, types of errors, whatever you want and then output it to an
html file and have a nice little browser display of exactly what you’re looking
for. Here’s a basic example of that, obviously there’s not a lot of event log
info on freshly created test environments.

event log/bad parm photo event log and bad parm_zpsecwh9ev0.jpg

So hopefully this helps a little with a basic understanding of powershell. Like the time that some one explained how a mouse operated when you first sat down at a computer. 

Also heres some tumblrs that have scripts on them:

http://powershell.tumblr.com/

http://pwscripts.tumblr.com/

.

0

Failover Clustering. Why arent you important?

Failover
Clustering has been a major part of designing and supporting an effective architecturally
sound high availability environment for a long time and from what I understand it’s
not a large part of the MCSA testing. However that fact is somewhat irrelevant to
me, being a seeker of knowledge and skills rather than simply obtaining certificates.
Thus the concept of learning to design and
implement technology that is a large part of a real world application of
Windows Server 2012 is very appealing to me. I realize this may seem silly as
im unemployed and hoping to possibly get a job at some point and that
certifications certainly do improve the odds of that. But whatever I’m a scholar
yo.

If
you have never heard of Failover Clustering you may be wondering what the basic
premise of the technology is. A failover cluster is a group of independent
computers (known as nodes for our purposes) that work together to increase
availability and scalability of clustered roles (https://technet.microsoft.com/en-us/library/Hh831579.aspx).  We (implying both IT professionals and desktop
users in corporate environments, well really even Google users) rely on FoC for
high availability for almost any critical applications such as Exchange Server
and Sql that require connections to non-local information systems (meaning not
stored on the local machines hard disk). In the past we used multiple physical
servers usually connected to a single storage unit that was also disk fault
tolerant using a raid array and SCSI connected hard disks. There have not been
many updates to this basic premise however the technology is now easier to use
than ever thanks to technology known as virtualization and branded by Microsoft
as Hyper-V. Now we have physical hard disks configured in fault tolerant arrays
hosting virtualized hard disk’s known as VHD or VHDx files that are also set up
in a fault tolerant array. This provides for two layers of information fail
over support, if a physical hard disk crashes we have a physical back up of the
data and if a virtual disk becomes corrupt we also have a failover copy of that
information as well.  This allows
administrators to provide uptimes approaching 99.99% for critical applications
in order to meet the high standards of today’s business needs.      

Basic
clustering configurations:

Fig 1.

image

Fig 2.

image

*from
https://technet.microsoft.com/en-us/library/Cc785197(v=WS.10).aspx

Clustered nodes can be connected using physical hardware or
virtualized hardware. A basic example (fig.1) would include three computers
each with 3 NIC cards, one talking to the other nodes in the cluster, one to
the database known as a cluster shared volume or CSV for short or the quorum
resource) containing the information about the cluster configuration (and one
taking incoming traffic from the network. One downside to this model was that
if the quorum disk failed, so did the cluster. A legacy two node cluster could
not function without it. So if just the disk failed but both nodes remained,
the cluster would cease to function.  The
data on the quorum resource (CSV) includes a set of cluster configuration
information plus records (Sometimes called checkpoints) of the most recent
changes made to that configuration. A node coming online after an outage can
use the quorum resource as the definitive source for recent changes in the
configuration. It is also possible to set up fail over nodes in a configuration
using multiple local volumes and skipping the CSV (fig. 2). This also has
benefits but requires more replication across servers to ensure that every node
has a similar database.  The point of  this being that in case one of the nodes fails
for some reason one of the other two nodes would notice a problem with the
faulty node and seamlessly pick up the role that node was hosting (which machine
picks it up is determined by using something called quorum votes, more on this
later).  This will obviously cause an
increase in network traffic to the node picking up the role which is certainly something
to consider when designing hardware specifications to ensure a functional level
of NLB (Network Load Balancing). However the node may or may not have been a
node that was previously hosting that role for the rest of the network and in
that case the hardware impact would be less critical. Clustered nodes should be
heavily monitored in a proactive fashion to verify that they are working and
general best practice is considered to be using a Microsoft product known as
System Center that alerts network administrators to any potential issues that
may occur resulting in a node fail over situation. However this product costs
as well so budget restraints could be a factor. If you are using System Center
and a node fails for some reason an administrator is automatically notified of
the failure while System Center attempts to resolve the issue (service is hung,
the machine freezes, ect.). If System Center fails to resolve the issue the
administrator can then machine can be restart, rebuild or take whatever action
is necessary to repair the node and as mentioned previously, the role will be
shifted to another node as long as the cluster is properly configured.

All
of this sounds very confusing for several reasons however a primary reason being
that there are two layers of technology involved, a virtualized layer, known as a guest cluster, that set
up almost exactly like a physical layer that’s sitting inside a server install that’s on a physical server. If
you’re like me you may need a more relatable explanation or visualization of
this. So here’s a picture (in-case you havent seen it) of something some genius programmer created. You can
play the video game Doom from a laptop while actually inside the videogame. So
its like playing doom doom. Maybe that helps? If your playing the game its
really obvious which layer of the game your interacting with. Like sitting at a
server interacting with Hyper-V machines that are essentially set up the same
way you would set up a physical machine.

image

So where kind of left with more than a few questions here
but me being a part of the omfg wtf r u doing here nubsauce train to fail town
users group and basically taking educated guesses as to how this technology
works only enables me to talk about a few things. Besides the fact that entire
technical manuals could be written on the subject not to mention the countless
technet articles and youtube videos on the subject. Maybe in the future I’ll add
addendums/updates to this post but for now we will ramble on as we can. One of
the obvious things is how the servers know that they are functioning? The most
basic way that the servers know that the other servers are still online is
through the use of something called a “heartbeart” the way that I understand
this technology is fairly basic. A server pings the other server on their
private network and says hey you still there and the server responds with something
like “yeah bro im still here stop buggin me bro”and this happens every second. If
this fails then the process of quorum voting comes into play. This seems like a
very mysterious process that involves a bunch of math and im not exactly sure
how the servers are self-aware (see HAL) enough to assume that they have the
extra processing power or know that another node would have enough processing
power but apparently they are able to do this without much trouble (aside from programmer
and technological explanation headaches). There is a default setting that Microsoft
has configured in Failover Cluster Manager as well as a few custom options
however the default is obviously recommended unless you’re a mathematician or
something because im convinced that the process involved in quorum voting is
nothing short of wizard magic, same for dns resolution.

So if your computational status is anything like my nubsauce
w/ x-tra Polynesian self and are convinced that computers are full of wizard
magic and mystery math then you’ll probably get really excited by the notion of
the appropriately named High Availability Wizard. This marvelous device will
help you set up and configure failover clustering as such:

In the High
Availability Wizard, you can choose from the generic options described in the
previous note, or you can choose from the following services and applications:

  • DFS Namespace Server:
        Provides a virtual view of shared folders in an organization. When a user
        views the namespace, the folders appear to reside on a single hard disk.
        Users can navigate the namespace without needing to know the server names
        or shared folders that are hosting the data.
  • DHCP Server:
        Automatically provides client computers and other TCP/IP-based network
        devices with valid IP addresses.
  • Distributed Transaction Coordinator (DTC): Supports distributed applications that perform
        transactions. A transaction is a set of related tasks, such as updates to
        databases, that either succeed or fail as a unit. 
  • File Server:
        Provides a central location on your network where you can store and share
        files with users.
  • Internet Storage Name Service (iSNS) Server: Provides a directory of iSCSI targets.
  • Message Queuing:
        Enables distributed applications that are running at different times to
        communicate across heterogeneous networks and with computers that may be
        offline. 
  • Other Server:
        Provides a client access point and storage only. Add an application after
        completing the wizard.
  • Print Server:
        Manages a queue of print jobs for a shared printer.
  • Remote Desktop Connection Broker (formerly TS Session Broker): Supports session
        load balancing and session reconnection in a load-balanced remote desktop
        server farm. RD Connection Broker is also used to provide users access to
        RemoteApp programs and virtual desktops through RemoteApp and Desktop
        Connection.
  • Virtual Machine:
        Runs on a physical computer as a virtualized computer system. Multiple
        virtual machines can run on one computer.
  • WINS Server:
        Enables users to access resources by a NetBIOS name instead of requiring
        them to use IP addresses that are difficult to recognize and remember

As noted in Technet article: https://technet.microsoft.com/en-us/library/Cc731960.aspx

There
are also a few youtube videos that display how to walk through this wizard but
some of them aren’t in English. If interested google is ur friend. But heres a
few that I liek any way.

https://www.youtube.com/watch?v=KY18hUS9kMQ
– good info, skip the 3rd party nonsense.

https://www.youtube.com/watch?v=eiEA9kBubDQ
– hommie sounds like the Pastor Rod Parsley and talks to the beat of Ghetto D so
if your into that and wana go to choych watch this. Also in a more serious
sense it was very helpful for understanding quorum voting.

 

And that friends, is the basic understanding of how ive
wasted time studying failover clustering. 15 pages of the book im cureently
reading  (http://www.barnesandnoble.com/p/mcsa-windows-server-2012-complete-study-guide-william-panek/1115083272/2691053148375?st=PLA&sid=BNB_DRS_Marketplace+Shopping+Books_00000000&2sid=Google_&sourceId=PLGoP4760&k_clickid=3×4760&kpid=2691053148375)
. Several days of actual studification of online resources.

Thanks.

Update: so this is cool but i cant get it to frame into this post correctly so click the link and figure out how to watch it if your interested

https://channel9.msdn.com/Shows/Edge/Edge-Show-36-High-Availability–Clustering-enhancement-in-Windows-Server-2012/player?format=flash

These guys really know what they are talking about they have a useful way of speaking, meaning its actually understandable. 

update 2: for more info on the fail over cluster wizard or check out some powershell commands regarding fail over clustering check out this page…..and this one for a great basic definition

Update 3: the more flashcards I make the more info I come across! good times any way. This is seems like some basic info from Microsoft with lots of info on fail over clustering. So far it doesnt seem as useful in a pratical sense as the powershell videos but proably worth watching none the less Server 2012 Jumpstart

0

Website Powered by WordPress.com.

Up ↑