IPAM overview

    After you finish the initial IPAM setup procedure you are free to start using the feature and exploring what it can do for you. In this post I will try to give you an overview of some of the features IP Address Management provides.

    IPAM does not have a console or managing it. It’s features can be accessed from the IPAM role tab in the Server Manager. When you open it, you will be in the Overview menu. This shows you some basic information about your IPAM deployment and also the state of the scheduled tasks. You cannot do any configuration from here.

IPAM Overview screen
IPAM Overview screen

    Let’s move down one menu to the Server Inventory. You will be able to manage the status of your infrastructure from here. This means you can see all managed and unmanaged DHCP, DNS and DC servers, set a server to be managed or not, view the firewall access status for your managed servers, trigger the data retrieval tasks and more.

IPAM Overview: Server Inventory
IPAM Overview: Server Inventory

    In the next part we start to see some interesting information. IP Address Space has 3 submenus from which you can obtain info about your IP address utilization by scopes, by network, see individual IP addresses and much more. Let’s first talk about 2 concepts that IPAM uses to show the address space: IP Address Blocks and IP Address Ranges.

    IP Address Blocks are the biggest unit of classification for address space. Usually an address block corresponds to a network like for  example 10.0.0.0/8. Blocks contain one or more IP Address Ranges. Blocks have to be created manually from the IPAM console.

    IP Address Ranges represent smaller chunks of address space that make up an address block. A range might be a DHCP scope or just a chunk of addresses assigned statically. Ranges that correspond to DHCP scopes are created automatically after a data collection task finishes.

    The IP address Blocks submenu actually shows more than address blocks. You can change what information is shown by using the Current View drop down menu and selecting one of the 4 choices: IP Address Ranges, IP Addresses, IP Address Blocks and IP Address Subnets.

IPAM Overview: Address Space choices
IPAM Overview: Address Space choices

    Since blocks have to be created manually, let’s take a look at IP Address Ranges.

IPAM Overview: IP Address Ranges
IPAM Overview: IP Address Ranges

    My test lab has 2 networks: 192.168.1.0/24 and 192.168.2.0/24 but only one DHCP scope for the first network. The scope can be seen in the above image. You cannot configure a range from here if it corresponds to a DHCP scope.

    Note: IP address leases and reservations from DHCP are not imported in the IPAM database by default so you won’t see anything in the IP Addresses tab at first. To import this data from DHCP we will need to set up a custom scheduled task. I will go into this in a later post.

    The other 2 tabs in the Address Space menu have the same info as the first one but different default views so let’s go down to Monitor and Manage. The 3 important sub menus from here are: DNS and DHCP Servers, DHCP Scopes and DNS Zones.

    In DNS and DHCP Servers you will see all your managed servers grouped by the services. This means that if a server has both DNS and DHCP installed it will be present 2 times in this view. This is because you can manage each individual service from here. You can view the service status, configure server wide service properties, launch the specific MMC, create DHCP scopes/DNS zones, retrieve data from the server and much more.

IPAM Overview: DHCP server options
IPAM Overview: DHCP server options
IPAM Overview: DNS server options
IPAM Overview: DNS server options

    In the DHCP Scopes menu you, of course, can manage and see all the scopes. There really are a lot of options here like editing a scope, duplicating it, configuring DHCP failover, adding reservations etc.

IPAM Overview: DHCP scopes menu
IPAM Overview: DHCP scopes menu

    You can see details about each scope from the lower panels. Here is an example:

IPAM Overview: Scope properties
IPAM Overview: Scope properties

    The DNS Zones menu is similar to the DHCP one: you can view and edit DNS zones. The default view is for forward lookup zones but using the menu on the lower left you can see also the reverse lookup zones.

IPAM Overview: DNS zones
IPAM Overview: DNS zones

    The next menu is the Event Catalog. From here you will be able to see events related to IPAM configuration changes, DHCP configuration changes and the most interesting ones are the IP address tracking events. The latter shows you when an IP address was assigned. You can get this info by different criteria like host name, user name, IP address and client ID. Here is an example of getting IP tracking events for 192.168.2.20 from the 1st of December to the 2nd of December:

IPAM Overview: Events
IPAM Overview: Events

    The last IPAM configuration menu is Access Control. This lets you view the predefined roles a user can have, create roles and grant users those roles. I will cover this part in a later post.

Configure networking with Powershell

    Since Windows Server 2012 some interesting commands have been added that allow us to configure elements related to networking with Powershell. There are a couple of modules with which we can manage network adapters from the hardware level, set or reset things like IP addresses or DNS servers, receive information in a detailed view and more.

    In this post I will cover some very basic tasks that for sure you need to perform somewhat often. Why not try them from Powershell and forget the GUI? For the example I am using Windows Server 2016.

    Managing network adapters

    Let’s look at what info we can gather about the NICs attached to our system. In this case I am not talking about the logical settings like addresses or DNS servers, but the hardware part like status, offloading and more. The CmdLets we will use for this part are found in the NetAdapter Powershell module. Here is how to list all of them:

Networking with Powershell: List netadapter commands
Networking with Powershell: List netadapter commands

    You will get a big list. Don’t be scared. Let’s first find out some basic info about our NICs.

Networking with Powershell: Get adapter info
Networking with Powershell: Get adapter info

Get-NetAdapter

    We just got some very basic info like the adapter name and index which we can use when referencing it, the MAC address and the Connection Status. You can see that in my case it is Disconnected because the NIC is not placed in a Hyper-V switch. When you need to see more info just run the following command to get all of the adapter’s properties:


Get-NetAdapter | fl *

    Another thing we can obtain which might be useful is the list of bindings for a network adapter. The bindings are all the components like IPv4, IPv6, QoS etc. Use the following command to do this:

Networking with Powershell: Get NIC bindings
Networking with Powershell: Get NIC bindings

Get-NetAdapterBinding -Name Ethernet

   When you work with network adapters you for sure need to Disable one, or Enable it or maybe just Reset it. We can perform these 3 tasks from Powershell with 3 simple commands. For a disable/enable cycle just run:

Restrt a NIC
Restart a NIC

    The other 2 tasks are just as simple. When you disable a NIC you can use -Confirm:$false so Powershell will not ask you to validate the action.

Networking with Powershell: Disable and Enable NIC
Networking with Powershell: Disable and Enable NIC

   I will not talk about the rest of the commands from this module. In case you need to enable or disable any offloading features or other hardware related settings, check the help online. 

    Making logical configurations to NICs

    We are done with the hardware part. Now I want to have a look at tasks like setting IPs, configuring DNS servers and more. We will use 2 modules to configure and view these settings because DNS specific things are separated. To get a list of commands for the 2 modules just run:


Get-Command -Module NetTCPIP

Get-Command -Module DnsClient

   Let’s start running commands. First I want to get IP address info about my network adapter with index 2. By running the CmdLet with only the -Index parameter we will receive IPv4 and IPv6 information.

Networking with Powershell: Get IP info
Networking with Powershell: Get IP info

    The address was obtained from a DHCP server as can be seen. In case you want to set a static address you have to use the New-NetIPAddress CmdLet:

Set an IP address
Set an IP address

New-NetIPAddress -IPAddress 192.168.1.6 -DefaultGateway 192.168.1.254 -AddressFamily IPv4 -PrefixLength 24 -InterfaceIndex 2

    In order to finish the configuration we should also add at least a DNS server. If you look right now at the DNS settings for the NIC you will see there is no server present; just the IPv6 autoconfigured ones.

Networking with Powershell: Get DNS serves
Networking with Powershell: Get DNS serves

    Here is how to set 2 DNS servers on the NIC:

Set DNS servers
Set DNS servers

    In case you have problems with this command because of the autoconfigured IPv6 servers just run this CmdLet:


Set-DnsClientServerAddress -InterfaceIndex 2 -ResetServerAddresses

    At one point you may need to set a specific interface on DHCP. You can do this easily also. Like or the static address, when setting a NIC on DHCP we have to reset the static DNS servers. First set the address to DHCP.

Set NIC on DHCP
Set NIC on DHCP

    Once we ran this command 3 things happened:

  • We managed to set the address,mask and gateway on DHCP
  • We left the DNS settings intact
  • The system did not query a DHCP server for an address

    I did not manage to find a way to make the system query a DHCP server using a Powershell command. For this task let’s rely on the trusty ipconfig /renew trick.

Networking with Powershell: renew address
Networking with Powershell: renew address

    In order to make the DNS server part of the IP settings take info from DHCP also just remove the servers configured previously.


Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses ""

    Now the interface is on DHCP. One last command I want to show you is used to give you an ipconfig type look at the IP settings. Here it is:

View IP settings
View IP settings

    In this post I showed you just a few simple and useful commands to configure networking on a Windows machine.

Install and set up IPAM

    In this post I will cover how to install and set up IPAM. In my test infrastructure I am using only 1 IPAM server for the whole infrastructure.

    Install IPAM

    The actual installation is very simple. You just need to open Server Manager, go to install roles and features and advance to the features tab. Scroll down to IP Address Management (IPAM) Server and select it. Accept the installation of the extra features that IPAM needs, finish the wizard and you are done.

Install IPAM
Install IPAM

    Set up IPAM

    You can set up IPAM directly from the Server Manager as it does not have a separate console for set up and administration. After the feature installation we have to make a primary configuration of the IPAM infrastructure. This initial set up has a couple of steps:

  1.     Connect to the IPAM server
  2.     Provision the IPAM server
  3.     Configure server discovery
  4.     Start the server discovery
  5.     Select servers to be managed
  6.     Retrieve server data

    Let’s go over each of these steps and see what each one means.

    1. Connect to the IPAM server

    For this step just open server manager, find the IPAM feature on the left pane and select it. On the Overview page click on Connect to IPAM Server. In the pop up you will see a list of IPAM servers to connect to. Since there is only one let’s select it. Now that we are connected, let’s set up IPAM.

Set up IPAM: Connect to server
Set up IPAM: Connect to server
Set up IPAM: Select server
Set up IPAM: Select server

    2. Provision the IPAM server

    You can start configuring the provisioning method by clicking on it from the IPAM overview.

Set up IPAM: Open provisioning
Set up IPAM: Open provisioning

    The first thing to configure is the database to use. In this case you have 2 choices: Windows Internal Database and SQL Server. If you choose SQL then you first need to install and configure a database and IPAM will configure the tables itself. If you choose WID it is a lot easier: just select the folder where it should be kept.

    In case you want to install IPAM in a big infrastructure with a lot of DHCP,DNS servers it might be a good idea to consider the SQL Server option. In our case , since we are just testing the solution, it makes sense to select Windows Internal Database.

Set up IPAM: Select database option
Set up IPAM: Select database option

    The next and also last thing we need to configure is the provisioning method. This means that we must select the way the firewall settings on the managed servers are set up in order for the IPAM server to connect and collect data. The 2 options are Manual and Group Policy. If you choose Manual then you will have to enable all Firewall rules needed on all managed servers; I am pretty sure you don’t want to do this. The Group Policy method creates 3 GPOs which wil be linked to the domain and apply to the managed servers.

    I will go with the Group Policy method. Enter a prefix which will be placed at the beginning of each GPOs name. 3 objects will be created and in my case their names will be: ipam1_DNS, ipam1_DC_NPS, ipam1_DHCP

Set up IPAM: Select provisioning method
Set up IPAM: Select provisioning method

    After you complete the wizard one thing to keep in mind is that the GPOs are only created, not linked to anything. In order to link them to a domain we will run a Powershell command. Make sure the user running the command has rights to link Group Policy Objects to the domain. Here is the command for my environment:

 Invoke-IpamGpoProvisioning -Domain adfirm.local -GpoPrefixName ipam1 -IpamServerFqdn IPAM-SRV1.adfirm.local 

    Just replace the domain, the prefix and, of course, the IPAM server with what you need and you are good to go.

Set up IPAM: Run provisioning command
Set up IPAM: Run provisioning command

    If it ran successfully you should see the GPOs linked to your domain in the Group Policy Management console:

GPOs linked to the domain
GPOs linked to the domain

    3. Configure server discovery

    In this step we will be selecting the forest or domain in which IPAM will discover servers. We can also select the services we are interested in from these 3: DNS, DHP and Domain Controller. Just click on Configure server discovery to start the configuration wizard.

Set up IPAM: Start configuring server discovery
Set up IPAM: Start configuring server discovery

    I only have one forest with one domain so I can choose the forest directly. If your case is different just select what works for you. As far as the services go, we usually want to select all 3 of them. If you are not interested in Domain Controller data like user logons just keep only the DNS and DHCP roles selected.

Set up IPAM: Configure discovery
Set up IPAM: Configure discovery

    4. Start the server discovery

    This is the easiest step. To start the server discovery click on Start server discovery from the IPAM Overview pane. A scheduled task will start which scans the forest/domain selected in the previous step for servers with the roles you want.

Set up IPAM: Start server discovery
Set up IPAM: Start server discovery

    5. Select servers to be managed

    Wait for the discovery task to finish and after that you will be able to view all the found servers. Now that we have our server list, we need to make sure we can manage them. This means that we have to add them to the security filters of the GPOs created earlier. If this step is not performed then the Firewall settings will not be applied to these machines and te IPAM server will not try and probably not be able to get data from them.

     First click on the Select or add servers to manage and verify IPAM access to open the configuration wizard for this step.

Set up IPAM: Open select mnaged servers
Set up IPAM: Open select mnaged servers

    You will see that the servers found have the Manageability Status set to Unspecified. This means that IPAM is not managing them. What we need to do is to set this status to Managed.

Set up IPAM: View server list
Set up IPAM: View server list

    Right lick on each server to set it’s status to Managed and also to select what server type it is (DC, DNS, DHCP, NPS). These check boxes determine in which GPO’s security list the machine will be placed so the firewall rules will be applied.

Set up IPAM: Manage server
Set up IPAM: Manage server

    After you finish this part go to Group Policy Management and look at your 3 GPOs. Are their security filters correctly populated? Here is how my DNS GPO looks like:

Check the GPO security filter
Check the GPO security filter

    Now you can see that the servers are managed but the IPAM Access is blocked. This means that they do not have the firewall configured correctly to permit the IPAM server to collect data. In order to remediate this you first have to wait some time for the GPOs to apply or force this step by running gpupdate /force on them. In either case, after the firewall is configured just right click on the serves and select Refresh Server Access Status.

Set up IPAM: Refresh server access status
Set up IPAM: Refresh server access status

    If you did everything correctly here is how the server list should look like:

Unblocked servers
Unblocked servers

    6. Retrieve server data

    In the last step we will run a task that collects data from the managed servers. You can do this from the Overview page, Tasks menu in the upper right. Just click on Retrieve All Server Data. After the task is finished you can check out all the different menus to see what info has been collected.

Set up IPAM: Retrieve server data
Set up IPAM: Retrieve server data

    From this point you have a configured IPAM server that gets data from managed DNS, DHCP and DC servers. As a note: all things IPAM does, like discovery and data collection is done through scheduled tasks. If you want to see the list of tasks that IPAM has, open Task Scheduler and navigate to Microsoft/Windows/IPAM.

IPAM scheduled tasks
IPAM scheduled tasks

    Next we will have a look at the different data you can see and configure from IPAM.

Set up IPAM test lab

    In this post I will cover the infrastructure that I put together in order to create an IPAM test lab. This is only to try out some of the more simple things that this feature has. More VMs can be added if you want to expand your testing.

    In short I made 2 domain controllers each in its own site and with its own subnet. Both domain controllers have the DNS role installed but only one has DHCP at first. For linking the 2 sites I installed a virtual machine with Linux that has the purpose of passing traffic from one network to the other. IPAM is installed on a server found in the first Active Directory site. In order to test the allocation of IPs I used 2 machines, one in each site. At first I joined only the first one to the domain (the one that has the DHCP server in its site). All Windows systems have Windows Server 2016 installed. Here is a diagram of my IPAM test lab:

IPAM tets lab inrastructure disgram
IPAM tets lab inrastructure diagram

    In order to make this work you will also need to create 2 private switches. I have a series that explains everything about creating a test lab including making a VM act as a router. Here is the link to the articles.

    And here is how the virtual machines for the IPAM test lab look in Hyper-V. All VMs except the router have Windows Server 2016 installed:

VMs or the IPAM test lab
VMs or the IPAM test lab

    Let’s see how each VM is configured.

    Router is a Linux box with 2 NICs that has IP forward activated so traffic can pass through it. Info about installing and configuring it can be found in the link above.

    IPAM-DC1 is the first domain controller in the Active Directory domain. I placed it in the HQ AD site and installed DNS and DHCP on it. For some time it will be the only DHCP server in the infrastructure so I also created a scope for 192.168.1.0 with the range between 192.168.1.20 and 192.168.1.100. 

    IPAM-DC2 is the second domain controller. For now we will install only DNS as an extra role on it and place it in a second site with the 192.168.2.0/24 subnet.

    IPAM-SRV1 is the server on which we will install the IPAM feature.

    IPAM-CLIENT1 is just a machine that I use to obtain an IP address from the DHCP server. I placed it in the 192.168.1.0 network and joined it to the domain. It does not matter what OS you install on it.

    IPAM-CLIENT2 will be joined to the domain at a later time after IPAM-DC2 will have the DHCP role. For now just install it and set the NIC to be part of the 192.168.2.0 network. The OS is also not important.

    Now that we covered the IPAM test lab infrastructure we can begin installing and configuring it.

IPAM Introduction

    IPAM or IP Address Management is a solution introduced by Microsoft to Windows Server starting with 2012 which lets administrators manage their DHCP and DNS servers from a single console. Now that is a very simple explanation of the concept; IPAM can do a little more than just manage the servers like find available free addresses, view the address spaces from a single place, track an IP’s allocation by date and much more.

    This first post in the IPAM series will cover some basic topics regarding the product. In the next posts we will be installing it, configuring it and looking at some features. I am using Windows Server 2016 for the installation but most of the things are the same for 2012 and 2012 R2.

    IPAM Overview

    Microsoft’s IP Address Management solution first appeared on Windows Server 2012. This was a really needed and requested feature as the management of DHCP scopes would become really hard as the number of DHCP servers would increase in a company. IPAM provides a single console from where all DHCP and DNS servers can be seen and, especially for DHCP servers, can be managed. Domain Controllers are also indexed in the console but you cannot manage them. Besides seeing the actual servers, the IPAM console also presents all DHCP scopes in a separate tab, it shows the IP ranges, individual IP addresses and a lot of event logs like which IP was assigned to which PC at a point in time. The console also permits the creation, edit and deletion of DHCP scopes, reservations and much more.

    All info collected is stored in a database and the gathering of the information is done using scheduled tasks. There are tasks that find new servers, collect event logs, check server and service status etc. The tasks are created when installing IPAM and the schedule can be changed to any other value if needed.

    All managed servers can be configured to allow access for the gathering of the info and management by applying some group policies on them. IPAM can do this automatically so you don’t need to worry about it.

    IPAM infrastructure

    As far as deploying the solution there are 3 ways:

  • Distributed
  • Centralized
  • Hybrid

    The distributed infrastructure deployment uses an IPAM server for every site in the infrastructure. A very important note is that the servers do not communicate with each other so each one’s database has info about the servers it manages and nothing more.

    The centralized deployment means that a single IPAM server manages all sites. If the infrastructure is very big and wide spread geographically this might not be the best solution because of the network traffic being made.

    Hybrid deployment uses a central IPAM server and also one for each site. The central server still does not communicate with the other servers.

    The lowest version of operating system that can be managed is Windows Server 2008. This means that if you still have 2008 R2 DNS or DHCP servers you are safe for now. The actual IPAM server has to be installed on at least Windows Server 2012 and multiple OS versions can exist in the infrastructure if a Hybrid or Distributed deployment is used.

    In the next part we will install and configure IPAM so get ready…

Running Powershell on Linux

    Powershell on Linux? No way…

    You read correctly: Powershell on Linux is now a reality. The Powershell team just released a version of their magnificent shell on a limited number (for now) of Linux distributions and also on Mac OS X. And that’s not all: Powershell is also open sourced now so the community can join in and bring it’s contribution to the code. Now for those that listened to Mr. Snover’s talks from the last year this is not really a surprise as he said that this would happen. Even with this in mind, having a Linux box and being able to get the process list with Get-Process as opposed to just hearing about it is something else.

    Operating Systems it is available on

    The version talked about is an alpha version of Powershell 6 so for now it is not officially available on a lot of Linux distributions. You can install it on CentOS 7, Ubuntu 14.04 and Ubuntu 16.04; this is all for the Linux distributions for now. It can also be installed on Mac OS 10.11, Windows Server 2016/Windows 10 and Windows Server 2012 R2/Windows 8.1. While Powershell on Linux is the main focus of the article, it is interesting that also Mac users get to enjoy the Microsoft shell.

    The source code, download links and more information can be found on the GitHub page: https://github.com/PowerShell/PowerShell. To download a specific version just find the table of operating systems and click on the install package extension. For example for the CentOS version click on .rpm.

Powershell on Linux, Mac and Windows
Powershell on Linux, Mac and Windows

    I think it is time to install Powershell and see some examples of it running on Linux.

    Installing and running Powershell on Linux

    In my examples I am using CentOS 7 installed with the GUI. Access the link above and download the Powershell version for your OS. A window should appear that asks you what to do. I opened the RPM directly and installed it.

Install Powershell on Linux
Install Powershell on Linux

    After the installation is finished just open a terminal and type the magic word: powershell. The prompt will change to something more familiar.

 

Running Powershell on Linux
Running Powershell on Linux

    Let’s see the version of Powershell we are using:

Powershell alpha version
Powershell alpha version

    From the output we can see that for now Powershell on Linux is an alpha version and it is not the current relase but the 6th version. With this in mind it is worth noting that there is still work to be done and not everything can bo done from Powershell for now as you can see from the list of modules available. Also interesting is that script modules are supported.

Powershell on Linux: Modules
Powershell on Linux: Modules

    If you are curious of the number of CmdLets you have at your disposal here is the command. The pipeline is also used in this one.

Powershell on Linux: Number of CmdLets
Powershell on Linux: Number of CmdLets

    I know that it is still hard to beleive that this is real so here is another screenshot that should eliminate any doubt. Let’s use Get-Member on a process list to see what methods and properties processes have.

Process details
Process details

    Speaking of the Get-Process command, it is not finished as not all fields have values right now. See for example getting all proccesses starting with hyperv:

Powershell on Linux: Getting processes
Powershell on Linux: Getting processes

    Let’s try running a script to see what happens. I made a simple one that checks for a folder and creates it if it is not available and then puts a file with the process list there after that. This is how it looks:

A simple Powershell script
A simple Powershell script

    As on Windows, scripts that run in Powershell have the .ps1 extension so save the file and run it like any normal script in PS.

Powershell on Linux: Running a script
Powershell on Linux: Running a script

    The last thing I want us to try is see how exit codes are captured from native Linux programs. The answer is of course the same as on Windows: just see what the $LASTEXITCODE variable contains after running an executable.

Powershell on Linux: Program exit codes
Powershell on Linux: Program exit codes

 

    So this was a first look at running Powershell on Linux. A lot of interesting thing will happen for sure as time goes on and people develop new thing like script modules and improvements to the code.

PXE on Gen 1 Hyper-V VMs

    If you use Hyper-V and still need to install a Windows 7 or Windows Server 2008 R2 OS then you need a Generation 1 virtual machine. If you do the installation via network boot you might find that, compared with Gen 2 VMs, there is a catch to make this procedure work.

    PXE on Gen 1 VMs is not possible with the default network adapter used when creating this type of machine. The reason is that this is a synthetic network adapter that does not have a boot ROM capable of taking an IP address from DHCP and downloading a boot file. PXE can be used by a Generation 1 virtual machine by means of the Legacy Network Adapter which is an emulated hardware device.

     So the solution to this problem is to just remove the default Network Adapter and add the legacy one.  This can be done from the Add hardware menu option.

Add Legacy Network Adapter for PXE
Add Legacy Network Adapter for PXE

    This is how such a network adapter look when configured:

Legacy Network Adapter
Legacy Network Adapter

    One thing to not forget is the boot order for the virtual machine. Set the Legacy Network Adapter first in case you need to (for example if you already have an OS installed and the HDD is first).

Set Network Adapter first to PXE boot
Set Network Adapter first to PXE boot

    With this setting made now the virtual machine can receive boot images by PXE:

PXE booting
PXE booting

 

Run Powershell script from Scheduled Task

    Powershell is a very powerful automation engine that lets us do a lot of tasks that otherwise would take a long time. Sometimes it is also needed to do a task without admin interaction; maybe it is a recurrent task or a one time job done at a not so common working hour. In this case running a Powershell script from Scheduled Task comes in handy.

    This tip has been tested on Windows Server 2008 R2/Windows 7 up to Windows Server 2016/Windows 10 and it is working 100% on all operating systems.

    Set up task to run Powershell script

    First let’s write a smal script to test this action. In my example I am getting a list of processes and putting the text in a file. Just create a new text file, write the command below and save it as script.ps1 for example (the .ps1 is important). I put the script in a folder: C:\Task


Get-Process | Out-File C:\Task\out.txt

    Now just create a new Basic Task and set a cool name like PS Task:

Basic task to run a powershell script
Basic task to run a powershell script

    The schedule is not important because we will test the task manually anyway. Select “Start a program” as the action the task performs.

The action for the task
The action for the task

    Now comes the most important part. Let’s set the task to run our script. In the program field type powershell.exe. The arguments field should contain a minimum of 2 parameters: the ExecutionPolicy argument which is Bypass and File which is the path to the script; in my case it is C:\Task\script.ps1.


-ExecutionPolicy Bypass -File C:\Task\script.ps1

Code to run the powershell script from a scheduled task
Code to run the powershell script from a scheduled task

    This is all. Just finish the wizard and the task is ready to be run.

    Test the task

    To see if it is working we just need to run the task and check in the C:\Task folder if the out.txt file is created.

    And here it is:

Result of the powershell script
Result of the powershell script

 

 

Replace DISKPART with the Powershell Storage Module

    Introduction

    In the last years, since Windows Server 2012 and Windoes 8, Microsoft implemented a cool Powershell module used to manage storage. This module is called Storage and it’s CmdLets implement most of DISKPART’s features. Common tasks like initializing disks, creating partitions, formatting volumes, resizing partitions, assigning drive letters and more are very intuitive with Powershell’s verb-noun approach. You can get a list with all commands from this module by running:


Get-Command -Module Storage

List Storage CmdLets
List Storage CmdLets

    Getting info with the Storage Module

    I prepared a Windows Server 2012 R2 server with 3 disks: 1 is online and contains 1 partition with the OS and the other 2 are offline and uninitialized. Let’s see how to manipulate the disks with the Storage Powershell module.

Disk Manager Overview
Disk Manager Overview

    Let’s see how to get some basic information about our storage situation. First I want to see a list of all disks on my system (physical and virtual).


Get-Disk

Get a list of all disks
Get a list of all disks

    The output shows some interesting things like the disk number used to reffer to a specific disk when performing any action on it, operational status, total size and the partition style (GPT or MBR). More info about each disk is available but this is just a default view.

For a list of only the actual physical disks we need to run the following command:


Get-PhysicalDisk

Get a list of all physical disks
Get a list of all physical disks

    The number at the end of the friendly name corresponds to the disk number found in the previous output. Since the disks can be partitioned let’s get a list of all partitions. In my case only disk 0 is configured so it is the only one that has partitions.


Get-Partition

Obtain a list of partitions by disk
Obtain a list of partitions by disk

    Like with disks, partitions have numbers; the difference is that these numbers are local to each disk. This means that to alter the C partition we need to tell Powershell to find the partition number 4 on disk number 0. The last thing of interest to see is a list of volumes.


Get-Volume

Get a list of volumes from all disks
Get a list of volumes from all disks

    This CmdLet offers as info the size and remaining size of a volume and the file system with which it was formatted. Another useful thing is the File System Label and Drive Type.

    Making changes with the Storage Module

    It’s time now to create, resize and remove some partitions. Each disk needs to be initialized before being used. The initialization is the point in which you specify what partition style to use (GPT or MBR). Initialization is done with just a command and it’s very straight forward.


Initialize-Disk -Number 1 -PartitionStyle MBR

Initialize disk
Initialize disk

    In this example I initialized disk 1 and made the partition style MBR. The next logical thing to do is to partition the size (a partition is just a delimitation of space, it is not a formatted volume with a file system and used/free space). You can specify how big to make the partition and can assing it a drive letter or let the OS assing the next available one for you. Just to keep things simple I will use all the space available on the disk and let the OS give the partition a letter.


New-Partition -DiskNumber 1 -UseMaximumSize -AssignDriveLetter

Create a new partition
Create a new partition

    By now Windows for sure gave you the pop-up about formatting the new partition. Cancel it because we will do it next. When formatting you can now use the Drive Letter to refference the partition. Besides choosing a file system like NTFS, you can also specify a Label.


Format-Volume -DriveLetter E -FileSystem NTFS -NewFileSystemLabel "Data"

Format a volume
Format a volume

    A common operation is resizing partitions. This can also be done easily with the help of a CmdLet. When resizing just say the Disk Number and Partition Number and also the new size. Size is specified using a number followed by the unit size (MB, GB, TB).


Resize-Partition -DiskNumber 1 -PartitionNumber 1 -Size 5GB

Resize a partition
Resize a partition

    If you are really mad you can also remove the partition from the disk. I am pretty sure you already figured out what CmdLet we need for this task so let’s just do it.


Remove-Partition -DiskNumber 1 -PartitionNumber 1

Remove a partition
Remove a partition

    There is also the possibility to clean the whole disk. This means removing all it’s partitions and uninitializing it. You have to use the -RemoveData switch if you have partitions on it.


Clear-Disk -Number 1 -RemoveData

Clean the disk
Clean the disk

    And here is the result:

Cleaned disk
Cleaned disk

    One last thing I want to cover is how to make modifications like drive letter to a volume or partition. This is done using a combination of the Get CmdLets and the Set CmdLets. Let’s take for example changing the letter of a partition. Just get it and pipe it to the set command:


Get-Partition -DiskNumber 1 -PartitionNumber 2 | Set-Partition -NewDriveLetter G

Change drive letter of a partition
Change drive letter of a partition

    This was just a small intro to what can be done. Explore the CmdLets and see the rest of their functions; there are a lot.

 

 

Tip: Access Safe Mode in Windows Server 2012 and newer

    Where is the Safe Mode boot menu?

    Before Windows 8 and Windows Server 2012 you had the possibility to press F8 repeatedly at startup and a cool menu would pop up. This menu would let you boot Windows in Safe Mode to troubleshoot problems with the system like bad drivers or bad settings, into Safe Mode with Command Prompt that would not run the Windows Explorer and give you just a CMD and many more options to help you undo bad settings. With Windows 8/Windows Server 2012 this got a little harder: the F8 trick is disabled but the menu can still be accessed by other means.

    Using MSCONFIG to enter Safe Mode

    This cool program lets you specify in what mode Windows will load the next time it boots. You can find it from the search input on the start menu; just type msconfig.

Find msconfig
Find msconfig

    The boot options are located on the Boot tab, obviously.

Boot options in msconfig
Boot options in msconfig

    Now just check the Safe Boot option and select one of the 4 options. The meaning of these 4 radio boxes is:

  • Minimal represents the normal Safe Mode option
  • Alternate shell is Safe Mode without the GUI; just a CMD
  • Active Directory repair represents a mode that is meant for Domain Controllers in which the AD database is not mounted and objects can be restored from backups
  • Network is Safe Mode with networking
Enable safe mode boot
Enable safe mode boot

    After selecting an option just Apply and restart when prompted. You will be in the chosen mode. After you are done with what is needed just remember to run MSCONFIG again and disable the boot option otherwise the OS will not boot normally.

    Enable Safe Mode menu from CMD

    MSCONFIG is good but what if you are on Server Core or you really want to see that boot menu before starting Windows? Well there is a solution for this also. All newer Windows versions give us the possibility of restoring the F8 menu functionality. It can be done from CMD with BCDEDIT. Just run the following command to enable it:


Bcdedit /set {bootmgr} displaybootmenu yes

Enable the Safe Mode menu
Enable the Safe Mode menu

    Now every time the server is started up just press F8 repeatedly before Windows boots and the Advanced Boot options menu will appear.

Advanced Boot options menu
Advanced Boot options menu

    To disable the menu just replace the yes from the command with a no and you are done.