Install AD-Domain-Services And Configure A New Domain On Windows Server 2016

#Install AD-Domain-Services And Configure A New Domain On Windows Server 2016

#This is to install and configure a new Active Directory domain called domain.winrollup.int with a short name of domain. You will be disconnected from Microsoft PowerShell at the end of the procedure if you are connected via WinRM or PowerShell Direct. You’ll need to restart the server and login with domain\username credentials when you reconnect. 

#Just the code:


#The Longer Story…

#This is just to install a single domain on Windows Server 2016 using PowerShell commands.

#Install AD-Domain-Services feature in Windows Server 2016 using PowerShell Direct

#Import the ADDSDeployment module that contains Install-ADDSForest

#Create domain and forest

#-DomainMode 7 and -ForestMode 7 are for Server 2016 domain and forest mode. These settings should be modified if compatibility for previous Active Directory domain and forest mode support is needed. I do not see these settings on the Microsoft help page for Install-ADDSDeployment but if you use the GUI wizard method then Server 2016 mode is the default used there and this will be added when they update the Install-ADDSDeployment TechNet page past Server 2012 R2.

#The -DomainNetbiosName is different from a Netbios Computer Name and is what is used when logging in so domain\administrator is as valid as logging into domain.winrollup.int\administrator.

 

#Full Output of Install-ADDSForest:

#Restart the server.

#Reconnect to PowerShell Direct using the DOMAIN\administrator account after reboot from Install-ADDSForest is complete.

Manage Active Directory Users And Computers Using Windows 10 In PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#Manage Active Directory Users And Computers Using Windows 10 in PowerShell Direct Without CredSSP Or “Second-Hop” Issues

#When connecting to a virtual machine using PowerShell Remoting, enabling CredSSP (Credential Security Support Provider) is essential to avoid “Second-Hop” or “Multi-Hop” issues when managing Active Directory objects. CredSSP is particularly necessary when connecting to physical machines, as PowerShell Direct only functions when connecting directly from the host computer to a virtual machine.

#PowerShell Direct does not encounter the “Second-Hop” problem when managing Windows Server 2016 from a Windows 10 virtual machine running Hyper-V. Since I have enabled the Hyper-V role on my Windows 10 Professional system and my physical machine is not part of a domain, the Windows 10 virtual machine must be joined to the Active Directory domain that I intend to manage. This setup avoids additional configuration changes related to workgroup settings.


#The Longer Story…

#Create a new Organizational Unit in PowerShell Remote using just the computer name

#Without CredSSP enabled this command fails in PowerShell Remote which is initiated by using-ComputerName with Enter-PSSession

#Create a new Organizational Unit in PowerShell Direct using just the virtual machine name

#Just using OU=Test as an example to show how this command doesn’t fail in PowerShell Direct using -VMName like it did in the previous example using -ComputerName.

#Set –ProtectedFromAccidentalDeletion to $false on OU=Test so it can be deleted

#This needs to be done to allow the OU to be deleted.

#Delete OU=Test from -Server KERMIT.

#KERMIT is the NetBIOS computer name of my domain controller and not the domain NetBIOS name. They are different things.

 

Join Windows 10 Professional To An Active Directory Domain Using PowerShell Direct

#Join Windows 10 Professional To An Active Directory Domain Using PowerShell Direct

#These are the commands to rename a Windows 10 client computer to GONZO and add that computer to a domain called domain.winrollup.int


#The Longer Story…

#Your computer may not need to be renamed so skip that if needed. Also the Add-Computer command sends your newly added computers to the Computers container by default unless you specify an -OUPath when running Add-Computer.

#Rename computer before joining your domain if your computer name doesn’t comply with server standards. Restart required.

#Join a domain called domain.winrollup.int. Restart required.

#You need to change the -DomainName from domain.win1rollup.int to what you call your domain. Use -Restart at the end of the Add-Computer command to automatically restart.


#A Bit More

#Specify a preconfigured Organizational Unit path when joining domain

#My domain is simple and this is not needed for me at this time. I don’t have multiple Organizational Units yet and I don’t need any Group Policies affecting this PC since I’m working with my Windows 10 management PC. I’m able to specify the -OUPath shown below, once I complete the step below to create an OU called ServerAdmins. This command adds the computer to OU=ServerAdmins.

#You are not able to specify another container besides the default Computers container, but there is a way to change the default container if you don’t specify an OU. I definitely don’t want my computers added to the default OU which is OU=Domain Controllers, so I don’t use this command switch unless I have created a new OU first. It has been suggested to create the OU and computer object prior to joining the domain, but I don’t need to do that at this point.

#The command below is used to specify an Organizational Unit when joining a domain, if needed.

#Create a new Organizational Unit on the server (Needs to be run on Windows Server 2019 with the Active Directory role installed and configured)

#If you preconfigure an alternative Organizational Unit on Windows Server 2019 then you can add your computers directly to that OU by specifying a -OUPath when running Add-Computer.

Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Virtual Hard Drive In Hyper-V

#Automatically Determine Unallocated Space And Expand Drive C In PowerShell After Expanding Drive In Hyper-V

#Code to automatically determine unallocated space and expand boot drive C.

#NOTE: I am not responsible if you muck everything up. I am working in a lab under optimal conditions. Always backup your critical data before messing with your hard drives and virtual machines. BACKUP BACKUP BACKUP!!! if you are doing this in a production environment. At least create a checkpoint in Hyper-V so you can go back if needed. I am not responsible for random code snippets I wrote or posted here. You choose what to run on your computers and I am not part of that decision or any undesired consequences. Ok then, moving on…

#Change $Drive2Expand = 'C' to whatever other drive you wish to expand but be aware that I am running Get-Disk with the IsBoot parameter equal to Yes. If you change $Drive2Expand to a non-boot drive these commands with fail.

#Just the code:


#The longer story…

#This used to be done with diskpart but PowerShell can get the job done without launching an application and is much more easily scripted.

#Run Get-Disk to get the disk number

#? is an alias to the where command. You can change IsBoot to any parameter or value listed with the Format-List command or fl in the code I type. I am basing this on working with virtual hard drives in Hyper-V but these command can be modified to address the same issues with physical drives.

#Run Get-Partition on -DriveLetter C to get drive C configuration information

#Note the PartitionNumber in the command output as that will be needed for the rest of the commands. Change -DriveLetter to whatever drive you wish to expand.

#Another option is to get only the PartitionNumber value instead of the standard output.

#Check minimum and maximum supported sizes for the partition

#Use Resize-Partition to use the maximum size available to expand –PartitionNumber 4.

#I just copied and pasted the SizeMax number from above to the command below. I can’t screenshot this command at the moment since my drive is fully expanded but I update with screenshot soon.

#SCREENSHOT PLACEHOLDER#

 

 

#Get free space on drive C

#The following commands are  to get the free space on drive C and display it in a friendly manor. This code is just for fun.  It is not really needed. Is just to show how to manipulate number results in PowerShell by converting the free space on drive C to a easily readable format. Many of the principles below can be applied to the results of the above commands.

Update Path Environment Variable Using PowerShell In Windows 10

#Update Path Environment Variable Using PowerShell In Windows 10

#These are the two PowerShell commands you need to permanently update the Path environment variable in Windows 10.  If that is all you want to do then you do not need to read further than the following two commands. These commands all work in both PowerShell and PowerShell Direct.


#The Longer Story…

#Setx is the old way to modify registry entries and set environment variables. It still works if needed but PowerShell commands are all I am attempting to use at this point.

#Check mounted drives and filesystems

#You do not need to run the command below. Is just to prove a point about accessing different mount points.

#Run Get-PSDrive to see the drives available in PowerShell.

#▲You will see Env listed under the Name column and Provider is Environment meaning that the environment variables are an actual mounted file system to PowerShell and the same commands you use to manage other filesystems will work when modifying or adding environment variables manually.

#Add c:\Important Executables to the existing environment path for the current session only.

#Disconnecting your PowerShell session loses these changes when you reconnect to a new session. You instead need to update the registry to make the change permanent. There is no output for the following command but you would need to change c:\Important Executables to the directory you would like to include in your system path. This command has no results or confirmation.

#Check current permanent Path variable

#Check the registry key value for the Path variable to see what it is currently set to.  Any changes so far are still not there after running the last command. The path will revert to the results of the command below once you disconnect and reconnect your PowerShell session.

#▲Get-ItemProperty before updating the registry value.

#▲Get-ItemProperty after updating the registry value.

#Use Get-Item Env:Path  to get the currently loaded Path environment variable value

#▲$Env:Path also works as a shortcut for Get-Item Env:Path

#▲$Env:Path after exiting PowerShell and reconnecting again.

#Perserve old path to $Old_Path and a new path to the existing path

#To save the current registry value for combining with the new path or at least have the original value stored in case you screw something up by typing:

#Set registry key to the old registry value combined with the new directory

#Modify HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment|Path properties to include a new directory.

#Delete Environment Variables

#Setting a variable = to an empty string will remove it completely.

#Default Path In Windows 10 Creators Edition

#For reference in case something gets screwed up. This is not a commnad
C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\

Enable File And Printer Sharing In Windows 10 Creators Edition Without Using The netsh Command In PowerShell

#Enable File And Printer Sharing In Windows 10 Without Using The netsh Command in PowerShell

#It is as simple as enabling  the pre-configured rule in Windows Firewall to enable File and Printer Sharing in Windows 10 but using netsh is the old fashion way.

#Run this command in an elevated PowerShell prompt and you are done.


#The Long Story…

#Allow File and Printer Sharing services through the Windows Firewall to access shared information and to share information of your own. These commands all work in both in PowerShell and PowerShell Direct.

#Get Firewall rules for File and Printer Sharing

#This command shows the individual rules and the network connection profiles that  are explicitly enabled and disabled for the File and Printer Sharing services.

#Enable File and Printer Sharing for Private and Domain network profiles

#Enable the  File and Printer Sharing services for the Private and Domain network connection profiles by applying the preconfigured Windows Firewall group rule called File and Printer Sharing by typing this:

#▲That is what it looks like under Advanced Sharing Settings when the File and Printer Sharing firewall rule is enabled.

#Set Network Connection Profile to Private.

#I set the variable $InterfaceAlias to automatically query my primary network interface or NIC. The -NlMtuBytes 1500 switch is what makes it work. If you have changed the Maximum Transmission Unit (MTU) from the defaults then this command will need to be modified:

#Disable File and Printer Sharing on all network profiles

#▲It will look like this when File and Printer Sharing is disabled.