Note: I will assume that you do not have your servers connected to the internet and also that you want to configure the newly created repository source on all your servers via scripting so the method I am presenting has this in mind.
In case you have a lot of Powershell modules created by you and your team or you get them from external sources and want to deploy these modules in a much nicer way than copy/paste, you may want to use a Powershell Module repository. One more thing you may need is to have the repository internal to your company and not a public one like Powershell Gallery. Well, then you will find out how to create one in this post.
You can host a repo like PS Gallery but you have a lot of configuration to do and if your goal is just to have the files somewhere and install them on your servers a file share based repository will work just fine.
To make such a repository on a server you will need to do the following:
Install NuGet provider (this part must be done also on the clients that will connect to the repo to download modules)
Create the repository folder and share it
Configure the repository
After the steps above are done you will have to perform the first step on the servers that will act as clients and also register the repo on them.
Install NuGet provider
For this part you will need an internet connected machine just for the first time in order to get the files in question (Windows 10 works also). So on the chosen computer just run the following Powershell command and press Y when prompted:
The NuGet provider folder will be placed in: C:\Program Files\PackageManagement\ProviderAssemblies. This has to be copied to the repository server and on all the clients that will access the repo.
This file is needed just on the Powershell Module repository server in order to be able to publish modules to it. To get it just go to the following link and download the latest recommended version.
Place the NuGet.exe file in C:\ProgramData\Microsoft\Windows\Powershell\PowershellGet. If any of the folders from the path are missing just create them yourself.
Create the repository folder and share it
Almost done! Now let’s create the actual path where the modules will be kept. I will make a folder C:\Repo and leave the default security permissions on it. For a production case you have to think which users will need Read access to be able to install modules and which ones will need Write access to publish modules. Also important if you use DSC to install modules and do not connect to the repo as a user is to put the computer accounts with Read permissions.
The folder has to be shared to register it on the other clients. I set Administrators with Full Control and Everyone with Read.
Now go on a client and try to find and install it:
I did not specify the repository because, since my machines have not been connected to the internet this is the only repo I have registered on them and also it would have been the default because it is the lates registered one.
Now you can also test to change the version of the module in the PSD1 file and register it. Both versions are available and they can be seen either on the server in the folder or by adding -AllVersions to Find-Module.
There you have it! A quick look at building the simplest Powershell Module repository server.
Starting with Windows Server 2012 Microsoft introduced a new technology (for them) into the OS: data deduplication. This feature is very useful for freeing up space on a volume by splitting files into smaller bits, finding the common ones, pointing the original file location to these bits and deleting the repeated ones. Depending on the workload, you will see variable percentanges of deduplication rates. Speaking of deduplication rates, you do not have to enable this feature just to see how much space you will save for a specific volume. Microsoft has a tool named DDPEval.exe that will approximate the space savings data deduplication will offer.
Using DDPEval before enabling deduplication
This tool is very useful for generating reports about what data deduplication can achieve if enabled on a specific volume. It has a couple of switches which let you specify that the tool should evaluate files in use or the amount of CPU to use when running. Keep in mind that the values you will get from this tool are not 100% accurate and most probably you will see differences when actually enabling dedup.
In my case I have a 50GB partition on which there are a couple of ISO images (no duplicates) and some videos. These files total 22.07 GB in size and DDPEval says that after deduplication they will take up 16.79 GB.
Here is an output from my test run of DDPEval:
The /P switch lets the tool know to also evaluate files in use which in my case did not count because I had nothing open when running it.
Enable Data deduplication
If you are happy with what DDPEval returned then the next step is to actually enable data deduplication. The first thing to do is to install it either from Server Manager or using Powershell. Let’s see the second option:
Easy enough. Now comes the interesting part: enable and configure data deduplication. This can also be done either from Server Manager or from Powershell. Installing the feature also installs a cool module for managing dedup. Here is how to find it and see the CmdLets that it offers:
Now we enable data deduplication for the D: volume (this is where I have my test data). Let’s switch it up and do it from Server Manager. Just go to the volumes view, right click on the desired item and select “Configure Data Deduplication..”.
Next select the deduplicated workload. There are 3 pre-configured options:
General purpose file server
These 3 options are dedup policies which set a couple of options for deduplication like file type exclusions or the age of files to be deduplicated. Select the workload you will use, add whatever modifications you need like file or folder exclusions and click OK.
In case you want to use Powershell to enable dedup just use Enable-DedupVolume:
Enabe-DedupVolume -Volume D:\ -UsageType Default
Configure Data Deduplication
When you enable deduplication you are not actually running anything but actually configuring scheduled tasks that will execute different dedup jobs. The scheduled tasks can of course also be run on demand and you can also execute the different deduplication jobs directly using Powershell.
There are 4 data deduplication job types:
Optimization (check files, create chunks, put them in the chunk store and create reparse points)
Garbage collection (reclaim space by deleting chunks that do not point to any file)
Integrity scrubbing (scans for corruption in the chunk store and repairs errors if possible)
Unoptimization (disables deduplication for the specified volume)
To get a list of the running jobs just use:
Out of the 4 jobs only the first 3 are executed on a schedule using Task Scheduler, while the forth has to be run manually since it is used to undedup a volume. You can see the 3 tasks in the Deduplication section of the Task Scheduler console.
Use the following command to get the list with Powershell:
Before I show you how to run the optimization job, just one tip: By default, deduplication will optimize files older than a specific number of days so if you want to test it after it is enabled you might think it did not work or it did not do a good job as some files might be newer than the minimum age. To set a file age use the following command (0 means deduplicate all files even if they are 1 minute old):
Set-DedupVolume -Volume D: -MinimumFileAgeDays 0
Now we are all set. To deduplicate a volume on demand just start the dedup job either with the Start-DedupJob CmdLet or with the Start-ScheduledTask CmdLet. Check the volume status with Get-DedupVolume.
Note: This works only on Windows Server 2012 and Windows Server 2012 R2
In case you still have 2012 or 2012 R2 and need to re-enable the GUI on a server core installation or, why not, transform a GUI version into server core then you may find this useful. The extent of the post will cover going from a Server Core only installation (server never had the GUI part installed or it was removed permanently) to GUI. Going back is simple as it takes just a Powershell CmdLet and switching from Server Core to GUI with the graphic components already on the server also requires just a CmdLet.
Starting with Server Core and going to GUI
If you install a Windows Server as server core you do not have the graphical components included in the installation so you will need them from an installation media. Try running Get-WindowsFeature and you will see that the 3 features under User Interfaces and Infrastructure are Removed, not just Not installed.
In this case before trying to install the GUI features we must first get the components. These are located in the SxS folder that is in the install.wim file from the Windows Server 2012/2012 R2 ISO. In this example my ISO is mounted in D:\.
To get the SxS folder first we must get get the index list from the WIM to make sure we mount the SKU that contains GUI components. Just run the following:
Add -Remove to the command to permanently delete the graphical components. If you do this and want to enable the GUI later just use the method I showed in this post. The WinSxS folder can be placed in a shared folder to make things easier.
As you probably have heard, there are a lot of problems with the October 2018 update of Windows 10. One of the most known and the one Microsoft used for a reason for pulling the update is the ‘File deletion problem’ for users that are upgrading from a previous build. How such a problem escaped from the eye of the QA team and the persons curating the bugs signaled by Insiders is unimaginable for me but here we are.
The sad thing is that not only Windows 10 1809 is the victim of carelessness on Microsoft’s part but also Windows Server 1809 and Windows Server 2019 (the long awaited Windows Server 2019 for people not buying in the Semi-Annual Channel movement or the ones that like to click from time to time on C:\ rather than always typing dir C:\).
You may be wondering why was also the server OS removed from the official MS download sites? Well Windows Server 2019 and Windows 10 have more than the Windows name in common; they actually share a lot of code between them and it’s normal that this version would also be pulled as MS needs to merge the fixed code and reintegrate everything so we get a new, maybe working, final build of client and server. “But I never update my server OS, I always install it from scratch!” you say. Maybe you do it but there could be other admins/organizations that use the update method (supported by Microsoft with a maximum of 2 earlier versions). One other reason is this: do you really believe that the update is the only thing that does not work in the new build? For sure not, in my opinion so it is better to wait and be safe (think of the time you were a teenager).
My opinion on the latest Microsoft blunder
I think that we get such issues at every build release (at least Windows 10 builds) because of Microsoft’s new direction to force everyone to update at their pace (which it seems they also cannot keep up with). Even though they loosened up a little with the new fall update 30 month support they are still bent on releasing 2 builds per year and it seems it is overwhelming even for them. For IT pros in companies, the promise of easy upgrades seems further and further with each build Microsoft releases.
The sad thing is that now also the server OS is dragged in this situation and it is pretty bad. On one hand MS says ‘We released 2019. Upgrade now!’ and on the other they pull the download a couple of days after that because of problems. How am I supposed to trust them with my production workload when this happens?
In the end I hope this is a lesson for Microsoft either to not rush releases just to meet self imposed deadlines or to lessen up this policy of Update! Update! Update! Let’s see…
Note: The Windows version used in this article was Windows 10 Enterprise 1809 but installing Ubuntu or other supported Linux distros should work the same at least for 1803 and 1709.
Note2: This is just one method for installing a Linux distribution in WSL. There is also the possibility to get a distro from the Microsoft Store if available.
In case you work in a diverse environment where you don’t manage only Windows then you may have come across the need to have a Windows client and a Linux client, or at least some tools from each OS. Microsoft tried to solve this situation by introducing WSL on Windows 10 (and Windows Server).
WSL stands for Windows Services for Linux and it is actually a distribution that runs on top of Windows 10.
In order to have WSL on Windows 10 with a specific Linux distribution follow these steps:
– Enable the WSL feature
– Download a distribution
– Install the distribution in WSL
Enable the WSL feature
This can be done with a powershell command and requires a restart before continuing.
The appx file will be saved in the current directory where the powershell prompt is located.
Install the distribution in WSL
Installing the desired distro is fairly simple. The appx file is actually an archive so all is needed is to extract the contents in a folder from where the Linux distribution will run from now on and to initialize it with a username and password.
To extract the archive contents just replace the appx with zip:
Navigate with Powershell to the folder where the distro should run from (the package should also be there), replace appx with zip and extract the archive. A folder named Ubuntu should now be created and in it there should be a file named ubuntu1803.exe. This exe should be executed to initialize the current distribution and to execute the Linux prompt from now on.
Before executing the exe make sure Powershell (or cmd) is executed as Administrator. A username and password will be required; do not forget the password as it will be needed anytime you run an elevated command with sudo.
Run the Linux shell
To open the shell just use one of the following commands from cmd or Powershell:
The third interesting thing we can do in the IPAM console is to view Events of different types. Just click on EVENT CATALOG and you will see the 3 categories of events in the lower menu pane.
The 3 event types are:
IPAM Configuration Events: You can see what configuration chages have been done to the IPAM server and also events related to IP addresses.
DHCP Configuration Events: In this pane you will be able to see what changes have been made to the DHCP servers like scopes, configurations, reservations and more
IP Address Tracking: You will see events about IP addresses selected by IP, MAC and host name. This pane contains events that show logons searchable by user name
IPAM Configuation Events
You wil be able to see events related to configurations applied to the IPAM servers. This includes adding address ranges, scopes, changing settings, adding addresses, and much more. Let’s look at some examples.
You can see events related to server management and discovery:
Adding address blocks creates also events. The same goes for creating addresses.
Updates you make to DHCP from IPAM are also logged.
In case you want to find an event from a specific category then you can filter them. Just expand the main pane to reveal the Add criteria button.
Expand the criteria list and choose one or more. Let’s pick Task Category and enter for example Multi-Server Management in the text box. After you click search the events have been filtered.
DHCP Configuration Events
The events you can find in this part are all about DHCP. When you create a scope or change a setting an event is created with what was done. For example setting the lease duration creates an event with the exact information that was changed.
Of course you can filter these events also in the same way as the previous category.
IP Address and Logon Events
Probably the most interesting part of the events are the ones about IP Address tracking and also account logons. This means that you will be able to see which host got which IP and when a specific account authenticated to the domain.
There are 4 criteria usable to search for events:
Host ID (MAC Address)
If you need to search for events by IP address just click on that specific tab, enter the IP address and also a time interval. All events between the 2 periods and which are related to that IP will be found.
Searching by MAC or by Host name is exactly the same. Just put in the info and the events will be retrieved. Filterig by User name is done also in the same way but the interesting thing is that you will get events about Authentication on the domain for that user with date, time and host on which the event occured. Let’s try for Administrator:
Other types of events are also retrieved, of course, but I think these are the most interesting.
IPAM Events purge
In case you have IPAM installed on Windows Server 2016 you have the ability to delete old events directly from the IPAM interface. The older versions of Windows did not provide this functionality. This action is useful if the database gets too big and you need to delete some data.
I order to purge old events just select Purge event catalog data from the TASKS drop down, select the event types to target and set a date. All events older than or with the same date will be deleted.
After you do this task and check the IP Address tracking events everything older than that date should be gone.
In the last post we covered tasks related to IP address space that abstract the actual infrastructure like services and servers. In this post we will go a little deeper and see tasks related to services like DHCP and servers that host them. You can find the submenus which we will use under Monitor and Manage.
We will be looking at the first 3 menu items. From the last one you can configure the servers to be shown in groups based on different criteria. The first submenu you can see is DNS and DHCP Servers from where you will be able to configure settings related to the actual DNS and DHCP servers. In the next 2 submenus you will see your DNS zones and DHCP scopes and will be able to change settings and do different tasks.
IPAM tasks related to DNS and DHCP servers
After you click on the first submenu you will see a list of both DNS and DHCP servers along with some info about their state, time elapsed while in that state and more.
In case you want to see only DHCP servers for example just choose this option from the Server Type drop down. When only DHCP servers are selected you will have the option to choose different information that can be viewed by selecting it from the View drop down menu.
If you right click on one o the servers you will be able to see the options available. We can edit the DHCP server properties, add/delete DHCP server wide options, create a scope, add new user/vendor classes, launch the DHCP MMC connected to that server and more.
Server properties which can be edited are related to DNS Dynamic Updates, DNS Credentials for dynamic updates and also MAC Filters as you can see from the image below.
Adding or removing DHCP server wide options is very easy from the IPAM interface. Here is a screenshot with the dialog box for this task:
You can see a lot of info about the servers or services highlighted in the Details View. Here is an example of information about a DHCP server.
If you right click on a DNS server you will observer that the options are a little slimmer. We can open a DNS MMC, create a zone and create forwarders. Not too much to talk about here.
We can create a zone very easily from IPAM by just selecting the option on a speciic DNS server and completing the info like zoe name, type, category, where to store it and more.
IPAM tasks related to DHCP scopes
Let’s head over to the DHCP Scopes submenu. Here, of course, we will see a list of our DHCP scopes and some info about them like lease duration, prefix length, percent occupied and more.
Tasks that we can perform on scopes is edit them, duplicate them, create reservations, configure scopes for failover, deactivate them and more.
If you want to create a DHCP reservation it is very simple: just enter a name for it, an IP address and the MAC address of the client which will get the IP. DNS Dynamic Updats should be set to Yes if you want the client to have a DNS entry generated.
And here is how it looks in the DHCP console:
Reservations can also be viewed from the DHCP Scopes pane by setting Current View to Reservations. The one we created is Inactive because the MAC address that I used does not correspond to any of my clients.
IPAM tasks related to DNS zones
The last part we will cover in this post is the DNS Zones submenu. The info we see by default is a list of all forward lookup zones from the managed DNS servers with some information about them like Status, Primary Server and more. There are not a lot of tasks possible for DNS zoes as you can see:
Probably one of the most usual tasks you do regarding DNS is to add records. From IPAM you can do this really easy. Just select your zone and open the Add DNS resource record wizard. Select the resource type, specify the name, IP address and if a PTR record should be created in the reverse lookup zone. Add it to the list and finish the wizard.
And here it is in the DNS MMC console:
I advize you to try the features out for yourself in your test environment to get a real feel for the IPAM console.
Since we saw an overview of the IPAM console in the previous post, I think it’s time to go deeper in the IP address space tasks in this post. We will be looking into creating address blocks, adding addresses, finding available addresses and other tasks. We will do everything from the IP ADDRESS SPACE section of the IPAM console.
Address Space tasks related to Address Blocks
Address Blocks are the biggest unit of classification for address space. You would usually assign an address block to a network like 172.16.0.0/16, for example. You will have to create all your address blocks manually because IPAM does not do it by itself. Let’s create the block for 192.168.1.0/24.
From the Tasks menu in the upper right select Add P Address Block…
In IPAM all fields with a star in front of them are mandatory. Put in the Network ID 192.168.1.0, the Prefix Length 24 and, of course, 192.168.1.0 and 192.168.1.255 for the Start Address and End Address.
Now you can view the result. One interesting thing we can see is that the address utilization of a block’s ranges is displayed in the summary. Since in our case we have the DHCP server with only one IP used this is what we get in the output:
The other task we can do with blocks is to edit one. The edit screen looks exactly like the create screen; nothing special. Next up is IP Address Ranges.
IP Address Space tasks related to Address Ranges
We can divide an address block in multiple ranges. An address range might be for example a DHCP scope or just a division of a network with static addresses managed by IPAM. In the case of ranges that correspond to DHCP scopes we don’t have to do anything for them to show up in the database; they are imported automatically.
If you have your scope created this is what you should see when switching to the IP Address Ranges context menu in the upper left:
And here is what we can do with an address range:
We cannot edit most of the properties of a range that is imported from DHCP. From the second menu item we can associate the address range with a DNS reverse lookup zone.
One task that you probably do a lot of times is search for available IPs to allocate to devices. You can do this now using Find and Allocate Available IP Address… When you click it, IPAM will find an address, ping it, check if it is in DNS and permit you to use it in case it is vacant.
Since this is a DHCP related range it makes sense to create a reservation with the found address because DHCP is perfectly capable to find an IP address all by itself. So scroll down and let’s complete the information needed. In the first part you don’t have to do anything:
Now scroll down and let’s enter the next information. For the Client ID put the device MAC address without any separator character. You can also enter the MAC at the beginning and check the Associate MAC to Client ID checkbox. Select one of your DHCP servers for the Reservation Server Name and make sure everything else looks like in the screenshot.
We can also add the IP address in DNS in case the device cannot register itself. Just enter a name and select the forward and reverse lookup zone so an A and PTR record can be created. Check the checkbox also.
Click OK and wait. You should see a reservation on the DHCP server and records in the forward and reverse lookup zone.
One last task we can do is to reclaim addresses. Open the Reclaim IP Address wizard and let’s start.
From here select the address you want to reclaim and click OK. In case you want to delete the DNS and DHCP related data make sure you check the 2 boxes on the top of the window.
IP Address Space tasks related to IP Addresses
In the last part of the post we will see what we can do with individual addresses. The first task is to add one. We do this by opening Add IP Address… rom the TASKS menu. The wizard is the same like the one when we found an available address and used it. I will add my 2 domain controller addresses and choose IPAM for the Service.
One other way to add addresses (and not only) is to import them. You can make this task by creating a CSV file with the address info and selecting Import IP Addresses… from TASKS. Here is how the file looks when importing the IPAM-SRV1 address:
And in case you want to copy the text to try it for yourself:
IP address,managed by service,service instance,device type,ip address state,assignment type,device name
Copy the text, place it in a file and save it with the .CSV extension. You should have 3 addresses in the list:
As for tasks related to IPs: we can edit the info, create a DHP reservation, create DNS entries and delete the above mentioned.
Note: IPAM does not import IPs given by DHCP servers out of the box. A scheduled task has to be created in order to do this. Microsoft provides a Powershellmodule for this, which I will cover in a later post.
These have been some of the basic tasks we can do related to IP Address Management. Next we will look at managing servers and services.