How to: Deploy Microsoft LAPS and Windows LAPS

We’ve all heard of Microsoft LAPS. This stands for Local Administrator Password Solution and is already available from Windows Server 2008 R2. With Microsoft LAPS it is possible to periodically and fully automatically change the password of the local administrator account.

Microsoft recently launched Windows LAPS, as a successor to Microsoft LAPS. A number of new functionalities have been added and it is now also part of the Windows Server operating system (from Server 2019 April Update) and Windows 10 and 11.

Continue reading “How to: Deploy Microsoft LAPS and Windows LAPS”

Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)

A question I often get is ‘why should I use Windows Server Core edition’? This is difficult to manage and I do not like a server without a graphical interface.

The first thing I always tell you is, you DON’T HAVE to do anything, but my advice is to do it. Especially for a number of crucial server roles.

Some advantages of Windows Server Core edition at a glance:

Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 2)”

Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)

Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.

I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.

Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)”

How to: Install Exchange 2019 on Windows Server 2019 Core Edition

In this blogpost I’m going to show you the steps to install Microsoft Exchange Server 2019 on Windows Server 2019 Core Edition. When you’re working with Windows Server Core the first time, it’s a little different then managing Windows with a GUI (Graphical User Interface).

Windows Server Core is just a command line interface, that’s all. There’re many advantages of using Windows Server Core edition, for example:

* Small footprint
* Less Windows Updates to install
* Less reboots needed after Windows Updates
* Reduced attack surface
* Less disk space required
* Reduced management

With the release of Exchange Server 2019, Windows Server Core is also supported!! YEAH!!!

Install Windows Server 2019 Core Edition

This step is really easy. Just hit next, next, next and finish!

image

Hit CTRL+ALT+DELETE, type the local administrator password and login to your server. After this, you can start configuring the server using SCONFIG.

image 

Network settings

Configure the network configuration using SCONFIG or Powershell.

Assign a static IP:

New-NetIPAddress -InterfaceIndex 6 -IPAddress 172.16.1.100 -PrefixLength 16 -DefaultGateway 172.16.1.101



Configure a DNS Server:

Set-DNSClientServerAddress -InterfaceIndex 6 -ServerAddress "172.16.1.100"



Enable Remote Desktop:

cscript C:\Windows\System32\Scregedit.wsf /ar 0

 

Windows features

Use the following PowerShell command to install the OS component required for Microsoft UCMA 4.0 and the OS component required for Active Directory Preparation.

Don’t forget to switch to powershell

Install-WindowsFeature Server-Media-Foundation, RSAT-ADDS


image

image

Download necessary software

From an admin workstation, download the following software and copy it over to the Server Core we are preparing for the Exchange installation (for example C:\_Install)

* Visual C++ Redistributable Packages for Visual Studio 2013

image

image

Install UCMA (Microsoft Unified Communications Managed API 4.0)

image

image

The UCMA installable is present on the Exchange Server 2019 media itself. Use the following PowerShell command to mount the Exchange Server media:

The UCMA installable is located under the “UCMARedist” folder on the Exchange Server 2019 .ISO. Start the UCMA installation:

Do not reboot the server just yet; join the computer to an AD domain and then reboot it.

Joining the computer to AD domain

* Rename the computer to 2019-EX01

* Add the computer to domain homelab.local

image

Add-Computer -DomainName homelab.local -NewName 2019-EX01 -DomainCredential homelab\administrator

Restart the server

Use the following PowerShell command to restart the computer:

Restart-Computer –Force

Exchange installation

After rebooting the server mount the Exchange .ISO image.

Use the following command to start Exchange Server installation. The PowerShell command will also install the required OS components for Exchange:

image    image

image    imageimage    image image   image image   image image   image image   image

image

.\Setup.exe /m:install /roles:m /IAcceptExchangeServerLicenseTerms /InstallWindowsComponents

Once Exchange is installed, you can launch the Exchange Management Shell using LaunchEMS command from the command line.

You can also start the Exchange Management Console from a different server using the URL below:

https://2019-EX01.homelab.local/ecp

image

Microsoft Ignite 2016 Slidedeck and Video downloader

MSIgnite_Atlanta_Skyline_Jan20_TW

Have you missed the Microsoft Ignite 2016 event…..no problem!! MVP Michel de Rooij has created a script to download all the content (videos and slidedecks). So you can watch all the content again.

This script will download all the Ignite 2016 slidedecks and videos that are available from Techcommunity via the OneDrive URL on the session page. Video downloads will leverage a utility which can be downloaded from https://yt-dl.org/latest/youtube-dl.exe, and put it in the same folder as the script. The script itself will try to download the utility when the utility is not present.

Special credits goes to:
Original scraper for slidedecks by Mattias Fors, http://deploywindows.info.
Adjusted for video downloading by Michel de Rooij, http://eightwone.com
Enhancements by Scott Ladewig http://ladewig.com

Download the script here.

2016-10-12_14h14_44

 

How to: Change computername in Windows Explorer on Windows Server 2012 R2

When you’re are using a lot of virtual machines or environments, it’s somethimes realy usefull to see in what environment or on what server you’re logged in. If created a really nice solution for my servers, basically Remote Desktop Services in different environments, that does exact my I need! I’ve changed the displayname in Windows Explorer to the value “user on server”, for example: “mark on prod-rds-01”.

You can set this new value with Group Policy Preferences or some other scripting.

1.) Create a new GPO in the Group Policy Management Console
2.) Navigate to “User Configuration / Preferences / Windows Settings / Registry
3.) Create a new registry item and browse to the following registry key:
HKCU/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID/{20D04FE0-3AEA-1069-A2D8-08002B30309D}
4.) Change the default REG_SZ value to “%username% on %computername%”
5.) Login to the specific server where you targeted the GPO and open Windows Explorer
6.) The name of your computer has changed to “username on computername”

2015-12-04_11h19_20    2015-12-04_11h20_16    2015-12-04_11h20_48

2015-12-04_11h21_11    2015-12-04_11h21_40    2015-12-04_11h37_48

How to: View configured mailbox quota’s in Exchange 2010/2013 using Out-GridView

When you’ve configured mailbox quota’s within your Exchange 2010/2013 environment, you’ve to check the configuration sometimes. Using Microsoft PowerShell, you can watch the current configuration within a few second, so this is extremely powerfull!! But, when you have to query for some specific user or result, it’s not that easy.

There’s a very usefull command within PowerShell that I’m using almost for all my scripts….Out-GridView. When using the parameter Out-GridView, the results are not showing within the PowerShell screen, but in a separate window! Within this window, you can very easy add some search criteria….for example: specific user, quota or an overview per database.

One requirement is that the Windows Feature “Windows PowerShell Integrated Scripting Environment (ISE)” is installed on the Exchange servers or mangement server from where you’re running the commands.

1.) Open the Exchange Management Shell (EMS)
2.) For an overview of the current mailbox quota, use the following command.
Get-Mailbox -Identity mswinkels | ft Name, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota
3.) The results of this command is shown within the PowerShell window
4.) Now we’re running the same command, but replace “ft” (format-table) with “select” and add the parameter “Out-GridView”
Get-Mailbox -Identity mswinkels | Select Name, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota | Out-GridView
5.) Now the results are in a separate window! Extreme usefull when you’ve have to search for a specific result or results.

25-06-2015 10-11-47    25-06-2015 10-13-47    25-06-2015 10-15-00

25-06-2015 10-16-22    25-06-2015 10-20-51    25-06-2015 10-21-12

How to: Deploy packages using collection variable with ConfigMgr 2012 R2

During a OS deployment you don’t want to deploy all your packages and software to every workstation. You can deploy the software after a full OS deployment, but you can also deploy packages during the OSD using collection variables. Now it is possible to deploy packages only if a specific machine is a member of a collection. This collection can be query based, for example OU membership or Active Directory security group, or it can be static (direct membership).

In this example I’ve created a realy simple deployment, Adobe Reader 11.0. I’ve two virtual machines, SCWIN81-01 and SCWIN81-02. Both machines are members of the collection “Deploy – Windows 8.1 Enterprise x64”, where the task sequence is deployed on. Machine SCWIN81-01 is also member of the collection “Install – Adobe Reader 11.0”. This collection has a limited collection of “Deploy – Windows 8.1 Enterprise x64”. Both machines are deployed on the same time, the only difference is that machine SCWIN81-01 has Adobe Reader 11.0 installed and machine SCWIN81-02 not. Why……based on the collection variable during the OSD 🙂

1.) First create the collections
2.) Make the specific machines members of the right collections (query based or direct membership)
3.) Open the properties of the collection “Install – Adobe Reader 11.0” and navigate to the “Collection Variables” tab
4.) Add one or more variables with some values. In this example the variable is “APP-AdobeReader” with the value “Yes”
5.) Open the task sequence and add a package installation step
6.) Add the package with the program and navigate to the “Options” tab
7.) Select “Add Condition” and select “Task Sequence Variable”
8.) Enter the collection variable you’ve created earlier with the same value. In my example:
Task Sequences Variable APP-AdobeReader equals “Yes”
9.) Select “Apply” and close the task sequence.
10.) Start the OSD on both machines and wait until the installation is done!
11.) Watch the differences between both machines, if everything is okay, one machine has Adobe Reader installed and the other not.

This is an extremely powerfull thing within ConfigMgr, and really helpfull is some scenario’s. For example VDI golden image deployments or hybrid environments with laptops/desktops or multiple organizations using one ConfigMgr environment. One main reason could be consolidation in task sequences. If you want, there should be only one task sequence for all you different deployments. This is why I’m loving collection varaibles! 🙂

2014-12-22_15h45_33    2014-12-22_15h46_26    2014-12-22_15h46_48

2014-12-22_15h47_23    2014-12-22_15h49_46    2014-12-22_15h50_15

2014-12-22_15h50_37    2014-12-22_15h51_16    2014-12-22_15h51_58