Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Windows Server 2012 Automation with PowerShell Cookbook
Windows Server 2012 Automation with PowerShell Cookbook

Windows Server 2012 Automation with PowerShell Cookbook: If you work on a daily basis with Windows Server 2012, this book will make life easier by teaching you the skills to automate server tasks with PowerShell scripts, all delivered in recipe form for rapid implementation.

Arrow left icon
Profile Icon EDRICK GOAD
Arrow right icon
S$45.99 S$65.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (11 Ratings)
eBook Mar 2013 372 pages 1st Edition
eBook
S$45.99 S$65.99
Paperback
S$82.99
Subscription
Free Trial
Arrow left icon
Profile Icon EDRICK GOAD
Arrow right icon
S$45.99 S$65.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3 (11 Ratings)
eBook Mar 2013 372 pages 1st Edition
eBook
S$45.99 S$65.99
Paperback
S$82.99
Subscription
Free Trial
eBook
S$45.99 S$65.99
Paperback
S$82.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Windows Server 2012 Automation with PowerShell Cookbook

Chapter 2. Managing Windows Network Services with PowerShell

In this chapter we will cover the following recipes:

  • Configuring static networking

  • Installing domain controllers

  • Configuring zones in DNS

  • Configuring DHCP scopes

  • Configuring DHCP server failover

  • Converting DHCP addresses to static

  • Building out a PKI environment

  • Creating AD users

  • Searching for and reporting on AD users

  • Finding expired computers in AD

  • Creating and e-mailing a superuser report

Introduction


Setting up a new Active Directory environment can be either exciting or boring. If you have rarely built out new domain and networking environments, the process is probably new and very exciting. However, if you are constantly building out new environments for test labs or other business needs, the process can be fairly long and drawn out. Instead, you are mostly interested in automating the process to require minimal user input and maintain consistency between builds.

This chapter covers the installation and configuration of Active Directory, DNS, DHCP, and Certificate Services. This chapter should cover everything necessary to prepare an environment as a fully functioning Active Directory domain for use in labs or new domain environments.

Configuring static networking


TCP/IP is the primary technology used for communicating between computers today. When first building out an environment, one of the first items to accomplish is to define and apply an IP addressing scheme. Once the addressing scheme is defined, we can create static addresses for our first servers. Later, we will configure DHCP in case static addressing is not desired for all of the systems in your environment.

Getting ready

From the following diagram we can see that we have already defined our addressing scheme using both IPv4 and IPv6. At the start of our network, we have a router acting as a default gateway, and we will configure two servers in preparation for becoming domain controllers. The default gateway router is already statically assigned with IPv4 and IPv6 addresses:

All three of these components are connected to a common Ethernet segment to communicate with each other.

Note

Before defining any networking configuration, we should confirm that our addresses...

Installing domain controllers


Once the TCP/IP networking is set up and working, the next step to tackle is installing the domain controllers. In a Windows Active Directory domain, the domain controllers can be viewed as the core of the network. Domain controllers provide user authentication, group policy information, time synchronization, and access to Active Directory objects. Additionally, domain controllers often provide several network services such as DNS, DHCP, certificate services, and more.

This recipe will set up and install the first domain controller, creating a new domain in a new forest. Once completed, the second domain controller will be remotely installed and promoted. Additionally, we will install DNS on both domain controllers to provide name resolution services.

Getting ready

This recipe assumes a server and networking configuration setup similar to the prior recipe. We will be working with newly installed servers without any additional roles or software installed. To complete...

Configuring zones in DNS


Windows domains rely heavily on DNS for name resolution and for finding appropriate resources. DNS is composed primarily of zones, each of which contains records. These zones and records provide name to address and address to name resolution for clients.

Here we will install and configure the DNS service and configure zones for servicing clients.

Getting ready

This recipe assumes a server and networking configuration similar to what is created inthe first recipe. For DNS services to operate, the server does not need to be a member of an Active Directory domain, and in some scenarios, such as internet facing systems, Active Directory membership is discouraged.

We will be configuring our DNS servers with the following zones:

Zone

Type

corp.contoso.com

AD integrated

10.10.10.in-addr.arpa

AD integrated reverse lookup

20.168.192.in-add.arpa

AD integrated reverse lookup

contoso.com

Standard primary

fabrkam.com

Conditional forwarder to 192.168.99.1

corp...

Configuring DHCP scopes


As an alternative to statically assigned TCP/IP addresses, Windows supports the Dynamic Host Configuration Protocol (DHCP). This service allows for provisioning of IP addresses, default gateways, DNS information, and even more advanced information such as boot servers.

This recipe will set up the basic DHCP features on a domain controller and configure an initial DHCP scope.

Getting ready

This recipe assumes a server, networking, and domain configuration similar to what is created in the Installing domain controllers recipe.

How to do it...

Carry out the following steps to configure DHCP scopes:

  1. Install DHCP and management tools:

    Get-WindowsFeature | Where-Object Name -like *dhcp*
    Install-WindowsFeature DHCP -IncludeManagementTools
  2. Create a DHCP scope

    Add-DhcpServerv4Scope -Name "Corpnet" -StartRange 10.10.10.100 -EndRange 10.10.10.200 -SubnetMask 255.255.255.0
  3. Set DHCP options

    Set-DhcpServerv4OptionValue -DnsDomain corp.contoso.com -DnsServer 10.10.10.10 -Router 10.10.10.1
  4. Activate...

Configuring DHCP server failover


Prior to Server 2012, there were limited methods of ensuring DHCP was redundant and always available to service requests. One of the most common methods was to split DHCP scopes between multiple servers, with each server providing a subset of the scope. If one system was unavailable, the other system was still able to provide a subset of addresses. However, this caused problems because if a DHCP server was unavailable, there may not be enough addresses available to service all of your clients. Other redundancy options involved clustering or other expensive technologies that were difficult to manage.

In Server 2012 DHCP server failover is a built-in feature. This feature allows servers to share a common DHCP database to provide leases and provide redundancy. To use DHCP failover, the DHCP feature just needs to be installed and configured across servers. This recipe will walk through the configuration of DHCP failover.

Getting ready

This recipe assumes a server...

Converting DHCP addresses to static


While DHCP is an easy way to manage network addresses, especially, in dynamic environments, it does have its drawbacks. If something happens on your physical network or to your DHCP server, clients may not be able to receive or renew their addresses. And due to the dynamic nature of DHCP, addresses may change, causing issues with firewalls and DNS records.

This is normally fine for desktop environments, but in server environments, we want to minimize any possibility for an outage. As such, at some point you may want to convert your dynamically addressed hosts to use static addresses.

Getting ready

This recipe assumes a basic server configuration with a single interface using a single IP address via DHCP. The script works best when run locally on the target server.

How to do it...

Log on to the target server interactively and execute the following script:

# Identify all adapters that recieved an address via DHCP
$adapters = Get-WmiObject -Class Win32_NetworkAdapterConfiguration...

Building out a PKI environment


Windows Active Directory domains are a great way to authenticate users and computers. Using a central store of accounts and passwords, requests can be easily authenticated, and accounts can be quickly added, updated, or removed as needed. While this is a great method for authentication within the domain, it does not work as well outside of the domain. Situations, where the domain controller may not be accessible, where the authority of the domain controller is in question, or when accessing resources outside of a domain, call for alternative authentication methods.

Certificates allow for creation of an authentication infrastructure by using a series of trusts. Instead of joining a domain, and thereby trusting the domain controllers, you trust a Certificate Authority (CA). The CA is responsible for handing out certificates that authenticate the user or computer. By trusting the CA, you implicitly trust the certificates it produces.

Windows server has the ability...

Creating AD users


When working in a test or lab environment, it is useful to have a number of test accounts to use. These accounts can have different access permissions and simulate different types of users doing specific tasks. These AD users are normally made up of simple accounts with a common password.

Additionally, when setting up a new production environment, it may be necessary to populate users into AD. These usernames and e-mail addresses are predefined and the passwords must be unique.

In this recipe we will use a PowerShell script to create both types of users.

Getting ready

To use this recipe properly, you need an AD environment with credentials capable of creating user accounts. Additionally, if you want to create specific users, you will need a CSV file with headers of LastName,FirstName as shown in the following screenshot that contains the users to create:

How to do it...

Carry out the following steps to create AD users:

  1. To create a single Active Directory user account, use the...

Searching for and reporting on AD users


Once your AD environment has existed for some time, finding and changing settings in your environment can become difficult. For example, let's say when the domain was first created, all the users had the same logon script named logon.bat. Over time, specific needs arose that caused the creation of logon2.bat, and new_logon.bat, and testlogon.bat, with different users assigned to each script.

As an administrator, you want to consolidate all these logon scripts into one, but you need to know what this will impact. You need to know which logon scripts are being used, who is using which ones, and why the different scripts exist. Thanks to the capabilities of AD and PowerShell queries, these items can easily be found.

In this recipe we will perform multiple queries against Active Directory. We will be returning different information.

How to do it...

Carry out the following steps to search for and report on AD users:

  1. To report on all users and their logon scripts...

Finding expired computers in AD


As domains grow and change, one of the largest polluters of AD is expired machine accounts. Whenever a computer is joined to the domain, a machine account is created. However, when a machine is retired, the machine account is often left. There are no built-in tools to remove these machine accounts from the domain, and unlike user accounts, they are rarely audited. This becomes a problem as the environment grows, and auditing of the computer accounts becomes difficult.

This recipe will show how to search AD for expired, or nearly expired, machine accounts.

How to do it...

Carry out the following steps to find expired computers in AD:

  1. To find recently aged accounts execute the following code:

    $30Days = (Get-Date).AddDays(-30)
    Get-ADComputer -Properties lastLogonDate -Filter 'lastLogonDate -lt $30Days' | Format-Table Name, LastLogonDate 
  2. To find older accounts execute the following code:

    $60Days = (Get-Date).AddDays(-60)
    Get-ADComputer -Properties lastLogonDate -Filter...

Creating and e-mailing a superuser report


One of the questions I receive every time there is a security audit or review is How many super users are there? To find this out, I have to manually open up Active Directory and look at the membership of Domain Admins and Enterprise Admins groups. Once I have identified the users, the security team then wants a documented list of who has superuser rights, when they got them, and why.

If your environment is anything like mine, looking at the Domain Admin group membership will be very surprising. Even though we work hard to limit who has access, more and more users creep into these groups throughout the year. By the time they are identified, finding out when, why, and how they were added can be exceedingly difficult. What is needed is a method of keeping up on the changes as they happen.

In this recipe we will create a superuser report that reports on membership of these critical groups. This report will show which accounts are in each group, and even...

Left arrow icon Right arrow icon

Key benefits

  • Extend the capabilities of your Windows environment
  • Improve the process reliability by using well defined PowerShell scripts
  • Full of examples, scripts, and real-world best practices

Description

Automating server tasks allows administrators to repeatedly perform the same, or similar, tasks over and over again. With PowerShell scripts, you can automate server tasks and reduce manual input, allowing you to focus on more important tasks. Windows Server 2012 Automation with PowerShell Cookbook will show several ways for a Windows administrator to automate and streamline his/her job. Learn how to automate server tasks to ease your day-to-day operations, generate performance and configuration reports, and troubleshoot and resolve critical problems. Windows Server 2012 Automation with PowerShell Cookbook will introduce you to the advantages of using Windows Server 2012 and PowerShell. Each recipe is a building block that can easily be combined to provide larger and more useful scripts to automate your systems. The recipes are packed with examples and real world experience to make the job of managing and administrating Windows servers easier. The book begins with automation of common Windows Networking components such as AD, DHCP, DNS, and PKI, managing Hyper-V, and backing up the server environment. By the end of the book you will be able to use PowerShell scripts to automate tasks such as performance monitoring, reporting, analyzing the environment to match best practices, and troubleshooting.

Who is this book for?

This book is written to assist the daily tasks for systems administrators, engineers, and architects working with Windows Server 2012.

What you will learn

  • Streamline routine administration processes
  • Automate the implementation of entire AD infrastructures
  • Generate automatic reports that highlight unexpected changes in your environment
  • Monitor performance and report on system utilization in detailed graphs and analysis
  • Create and manage a reliable and redundant Hyper-V environment
  • Utilize the Best Practices Analyzer from Microsoft to ensure your environment is configured optimally
  • Manage the patch level of your enterprise
  • Utilize multiple protocols to share information in a heterogeneous environment

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 26, 2013
Length: 372 pages
Edition : 1st
Language : English
ISBN-13 : 9781849689472
Vendor :
Microsoft

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Mar 26, 2013
Length: 372 pages
Edition : 1st
Language : English
ISBN-13 : 9781849689472
Vendor :
Microsoft

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total S$ 232.97
Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform
S$74.99
Windows Server 2012 Automation with PowerShell Cookbook
S$82.99
Windows Server 2012 Hyper-V Cookbook
S$74.99
Total S$ 232.97 Stars icon

Table of Contents

12 Chapters
Understanding PowerShell Scripting Chevron down icon Chevron up icon
Managing Windows Network Services with PowerShell Chevron down icon Chevron up icon
Managing IIS with PowerShell Chevron down icon Chevron up icon
Managing Hyper-V with PowerShell Chevron down icon Chevron up icon
Managing Storage with PowerShell Chevron down icon Chevron up icon
Managing Network Shares with PowerShell Chevron down icon Chevron up icon
Managing Windows Updates with PowerShell Chevron down icon Chevron up icon
Managing Printers with PowerShell Chevron down icon Chevron up icon
Troubleshooting Servers with PowerShell Chevron down icon Chevron up icon
Managing Performance with PowerShell Chevron down icon Chevron up icon
Inventorying Servers with PowerShell Chevron down icon Chevron up icon
Server Backup Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(11 Ratings)
5 star 54.5%
4 star 27.3%
3 star 9.1%
2 star 9.1%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Freon424 Jun 25, 2013
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This was hands down, one of the best powershell books I've ever read. I cannot recommend this publication highly enough.
Amazon Verified review Amazon
Tom Jul 20, 2013
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Not only does this book cover really practical use cases for automation with powershell, but it also gives some of the best insight into some of the new features of win 2012 server that I've seen, including BranchCache, Cifs high availability, new AD features, new file sharing features etc...Well worth a read!
Amazon Verified review Amazon
Michael Wharton Jul 04, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
good book
Amazon Verified review Amazon
Ed Williams Dec 03, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Just got the KINDLE version of this book, it's BEAUTIFUL. I can't tell you how many kindle books for the Kindle on PC have horrible black and white grainy pictures with too small print that you can't expand. This one has all the colors (including the different PowerShell colorings, vivid screen captures and all. The First Kindle book for PC that I actually like!
Amazon Verified review Amazon
mArs-kaOs Mar 25, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great book! Informative, practical guide, explicitly coded for real-world, administrative tasks!Would love to see same book updated for Windows Server 2012 R2 release!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.