March 2008 - Posts
Fellow Directory Services MVP Mark Minasi has a great table that shows a ton DNS commands using dnscmd. For those of you getting ready to use Server Core here is yet another list of commands that will come in handy. All I can say is WOW!!!
|
Function
|
DNSCMD option
|
Example
|
Comments
|
|
Do any dnscmd command on a remote system
|
dnscmd servername command
|
dnscmd main.bigfirm.com /zoneprint bigfirm.com
|
|
|
Create a primary zone
|
dnscmd /zoneadd zonename /primary
|
dnscmd /zoneadd bigfirm.com /primary
|
|
|
Create a secondary zone
|
dnscmd /zoneadd zonename /secondary master IP address
|
dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1
|
|
|
Host a zone on a server based on an existing (perhaps restored) zone file
|
dnscmd /zoneadd zonename /primary /file filename /load
|
dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load
|
|
|
Delete a zone from a server
|
dnscmd /zonedelete zonename [/f]
|
dnscmd /zonedelete bigfirm.com /f
|
(without the /f, dnscmd asks you if you really want to delete the zone)
|
|
Show all of the zones on a DNS server
|
dnscmd /enumzones
|
dnscmd /enumzones
|
|
|
Dump (almost) all of the records in a zone
|
dnscmd /zoneprint zonename
|
dnscmd /zoneprint bigfirm.com
|
Doesn't show glue records.
|
|
Add an A record to a zone
|
dnscmd /recordadd zonename hostname A ipaddress
|
dnscmd /recordadd bigfirm.com mypc A 192.168.1.33
|
|
|
Add an NS record to a zone
|
dnscmd /recordadd zonename @ NS servername
|
dnscmd /recordadd bigfirm.com @ dns3.bigfirm.com
|
|
|
Delegate a new child domain, naming its first DNS server
|
dnscmd /recordadd zonename childname NS dnsservername
|
dnscmd /recordadd bigfirm.com test NS main.bigfirm.com
|
This would create the "test.bigfirm.com" DNS child domain unter the bigfirm.com DNS domain
|
|
Add an MX record to a zone
|
dnscmd /recordadd zonename @ MX priority servername
|
dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com
|
|
|
Add a PTR record to a reverse lookup zone
|
dnscmd /recordadd zonename lowIP PTR FQDN
|
dnscmd /recordadd 1.168.192.in-addr.arpa 3 PTR pc1.bigfirm.com
|
This is the PTR record for a system with IP address 192.168.1.3
|
|
Modify a zone's SOA record
|
dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL
|
dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200
|
Ignores the serial number if it's not greater than the current serial number
|
|
Delete a resource record
|
dnscmd /recorddelete zonename recordinfo [/f]
|
dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f
|
Again, "/f" means "don't annoy me with a confirmation request, just do it."
|
|
Create a resource record and incorporate a nonstandard TTL
|
dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord
|
dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4
|
|
|
Reload a zone from its zone file in \windows\system32\dns
|
dnscmd /zonereload zonename
|
dnscmd /zonereload bigfirm.com
|
Really only useful on primary DNS servers
|
|
Force DNS server to flush DNS data to zone file
|
dnscmd /zonewriteback zonename
|
dnscmd /zonewriteback bigfirm.com
|
|
|
Tell a primary whom to allow zone transfers to
|
dnscmd /zoneresetsecondaries zonename /nonsecure|securens
|
dnscmd /zoneresetsecondaries bigfirm.com /nonsecure
|
That example says to allow anyone who asks to get a zone transfer
|
|
Enable/disable DNS NOTIFY
|
dnscmd /zoneresetsecondaries zonename /notify|/nonotify
|
dnscmd /zoneresetsecondaries bigfirm.com /nonotify
|
Example disables DNS notification, which is contrary to the default settings.
|
|
Tell a secondary DNS server to request any updates from the primary
|
dnscmd /zonerefresh zonename
|
dnscmd /zonerefresh bigfirm.com
|
|
|
Enable or disable dynamic DNS on a zone
|
dnscmd /config zonename /allowupdate 1|0
|
1 enables, 0 disables, 0 is default
|
|
|
Stop the DNS service
|
Either net stop dns or sc stop dns
|
|
(No dnscmd command for this)
|
|
Start the DNS service
|
Either net start dns or sc start dns
|
|
(No dnscmd command for this)
|
|
Install the DNS service on a 2008 full install system
|
servermanagercmd -install dns
|
|
|
|
Install the DNS service on a 2008 Server Core system
|
ocsetup DNS-Server-Core-Role
|
|
Case matters -- ocsetup dns-server-core-role would fail
|
|
Uninstall the DNS service on a 2008 Server full install system
|
servermanagercmd -remove dns
|
|
|
|
Uninstall the DNS service on a 2008 Server Core system
|
ocsetup /uninstall DNS-Server-Core-Role
|
|
|
It's been quite awhile since my last Server Core blog so I feel obligated to share some of the other findings that I have. I've been asked several times how to configure TCP/IP settings on a Server Core server.
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
And another little handy command that I thought you might like.
List of installed patches:
wmic qfe list
Hope that helps those that are in need.
It looks like Microsoft finally released RSAT for Windows Vista. What a relief. We can finally effectively manage our environment with Vista. It can be downloaded in two versions, 32bit or 64bit.
What Is Included in RSAT?
This is the list of Windows Server 2008 administration tools which are included in RSAT:
Role Administration Tools:
· Active Directory Certificate Services (AD CS) Tools
· Active Directory Domain Services (AD DS) Tools
· Active Directory Lightweight Directory Services (AD LDS) Tools
· DHCP Server Service Tools
· DNS Server Service Tools
· Shared Folders Tools
· Network Policy and Access Services Tools
· Terminal Services Tools
· Uniiversal Description, Discovery, and Integration (UDDI) Services Tools
Feature Administration Tools:
· BitLocker Drive Encryption Tools
· Failover Clustering Tools
· Group Policy Management Tools
· Network Load Balancing Tools
· SMTP Server Tools
· Storage Manager for SANs Tools
· Windows System Resource Manager Tools
The tools in the following list are fully supported managing Windows Server 2003 servers as well:
· Active Directory Domain Services (AD DS) Tools
· Active Directory Lightweight Directory Services (AD LDS) Tools
· Active Directory Certificate Services (AD CS) Tools
· DHCP Server Tools
· DNS Server Tools
· Group Policy Management Tools
· Network Load Balancing Tools
· Terminal Services Tools
· Universal Description, Discovery, and Integration (UDDI) Services Tools
Thanks Kendall for the heads up email on this.
I'm confused...really confused. One of Windows Server 2008's new touted upgrades is IIS7. Maybe it's just me but I've always thought FTP was part IIS...and it is in Windows Server 2008. So why am I so confused. Well apparently Microsoft and the IIS team (which I'm a big fan of!) released another version of FTP as a separate download. Oh and get this, it's name is FTP7.
Yes you heard correct. FTP7 is not the same FTP service that is included with IIS7. I saw this over at IIS.net which is the home of the IIS team. Take a look for yourself but I snatched the main bullets below:
- Integration with IIS 7.0: IIS 7.0 has a brand-new administration interface and configuration store, and the new FTP service is tightly integrated with this new design. The old IIS 6.0 metabase is gone, and a new configuration store that is based on the .NET XML-based *.config format has taken its place. In addition, IIS 7.0 has a new administration tool, and the new FTP server plugs seamlessly into that paradigm.
- Support for new Internet standards: One of the most significant features in the new FTP server is support for FTP over SSL. The new FTP server also supports other Internet improvements such as UTF8 and IPv6.
- Shared hosting improvements: By fully integrating into IIS 7.0, the new FTP server makes it possible to host FTP and Web content from the same site by simply adding an FTP binding to an existing Web site. In addition, the FTP server now has virtual host name support, making it possible to host multiple FTP sites on the same IP address. The new FTP server also has improved user isolation, now making it possible to isolate users through per-user virtual directories.
- Extensibility and custom authentication: The new FTP server supports developer extensibility, making it possible for software vendors to write custom providers for FTP authentication. Microsoft is using this extensibility feature to implement two new methods for using non-Windows accounts for FTP authentication for IIS Managers and .NET Membership.
- Improved logging support: FTP logging has been enhanced to include all FTP-related traffic, unique tracking for FTP sessions, FTP sub-statuses, additional detail fields in FTP logs, and much more.
- New supportability features: IIS 7.0 has a new option to display detailed error messages for local users, and the FTP server supports this by providing detailed error responses when logging on locally to an FTP server. The FTP server also logs detailed information using Event Tracing for Windows (ETW), which provides additional detailed information for troubleshooting.
My first thought was one of confusion but then I started to think a little further. Now that it is a separate download perhaps I could install it on Server 2003 or Vista or DOS...ok so maybe not DOS. Well here is what you get when you try to install it on anything but Server 2008. :(
You will have to have IIS7 installed for this to work but you will have to ensure that the FTP portion is uninstalled before you install this one. Head on over to IIS.net to download the latest revision of FTP7.
I've always loved these spreadsheets as they allow a quick and easy way to search for Group Policies. With Server 2008 live and Vista SP1 out Microsoft has updated their reference sheet to add all the new Group Policy settings. There are now over 2700 settings you can apply in your environment...have fun!
After spending a bit of time on Amazon I noticed that books, movies, and other random things you can buy all had customer reviews. I started to think, why don't white papers and technical documents have the same? Today I've decided to take action against poorly written technical papers and ensure that those companies are held accountable to what they are publishing. OK, maybe I'm not that gun-ho about it but I do think it would be nice to give a review here and there on stuff i've read through.
Today's review is on the Windows Server 2008 Reviewers Guide. How interesting to start my reviews on a Reviewers Guide. From what I can gather this guide has been available since early February and is in two forms, Full and Short. The Full version weighs in at just under 11 MB while the Short version is just over 8 MB. Not much a difference on the size. The Full version is a whopping 250 pages while the Short version is 116 pages. I actually thought the Short version would have been much shorter. This review is for the Full version.
Usually when I download these Guides I notice that they are 100% marketing speak and 0% technical. I was pleasantly surprised that this Guide had only a few areas littered with marketing junk. If you can get past the first few pages you are presented with several tables detailing which features work on which edition of Windows Server 2008. Since this is a new OS i'm quite fond of it since i'm trying to figure out what goes where.
Section 2: Server Virtualization - I really hoped to gather a lot out of this section and quite frankly it did not deliver. It provides a good high-level overview of Hyper-V but not much of anything when it comes to technical details. I'm also not sure why there is even a page on Server Core here as it is really out of place. Feel free to skip this section if you have been working with Virtualization for some time now.
Section 3: Centralized Application Access - This section was all about Terminal Services (TS). Since there is quite a bit of changes with this service in Windows Server 2008 I again was looking forward to this section. For me, this one delivered. It went over all the new features and the best part of the entire section was that it gave you Group Policy locations to configure certain TS options!
Section 4: Branch Office - All i've been hearing about with Sever 2008 is branch office this and branch office that. Because of that I expected to see a lot of stuff in this section. The Read-Only Domain Controller (RODC) part was decent. It actually gave some info that I didn't expect to see like detailing which Active Directory Services attributes that were added to the schema to support RODCs. I also thought a decent job was done on the BitLocker portion as it went into commands to help install it and Group Policy settings. As for the DFS portion I really wanted to see more. This one lacked some of the details in the other products from this section.
Section 5: Security and Policy Enforcement - At over 80 pages this was the largest of all sections and covered a wide range of features within Windows Server 2008. The first few areas go over some definitions and can be used for a good reference at a later time. There were so many in fact that I had to skip ahead because I felt I was studying for an exam. The Routing and Remote Access Service portion was very light and only highlighted some new technologies and removed ones (thanks for finally removing OSPF...it never belonged on a server). I wanted to see more in the next section on how some of the services would work with IPv6. There was very little detail on that. The Firewall portion of this section did a good job explaining what changed in Server 2008 from previous versions (client and server). The Cryptography Next Generation portion provided nothing more then an overview.
Now we began the Active Directory portion of this section. Starting with an excellent write up of the Active Directory Certificate Services. I felt that it was adequately covered hitting all major points of interest. This portion was followed up by Active Directory Domain Services and the team did another good job on this area. There isn't a lot of technical How-To stuff here but it will inform you on what is new. Federation Services was covered next and there was some good reading there with a nice flow chart to follow along with. Let's just say that the Active Directory Lightweight Directory Services was...well...light. Finishing up Section 5 was an area that I really wanted to read up on, Active Directory Rights Management Services. I was disappointed but only because I wanted to read more technical information on this product. Perhaps a scenario or two here with some flow charts would have been beneficial.
Section 6: Web and Application Platform - I've been a big fan of IIS since all the great changes that were made with IIS6. I haven't had time to look into IIS7 with great detail but this was about to change. I felt empty after readying this portion. What about FTP being completely redone? Nothing! The last portion is about Transactional NTFS, I think that page and a half will only confuse people and have them wondering how do I turn this on.
Section 7: Server Management - The first three portions of this section are a very basic introduction to Server Manager. It is nice to have a reference of all the Roles and Features in Server Manager though. The next area goes over a brief introduction to PowerShell. As much as I would love to see more technical info here, this is the one area that I can give that a pass on. PowerShell is not something you want people learning from a Reviewers Guide. To my dismay there were a total of 4 pages on Server Core and all of them marketing! I really wish there would have been some more info here. The same marketing theme was put into the Backup portion but that is ok with me because not many mid-to-large companies use the built in backup tool. An area I thought would have been really nice was the Windows Reliability and Performance Monitor. Again there really lacked any details about the feature. The only thing I would have liked to seen added to the Windows Deployment Services (WDS) portion would have been some sample scripts or commands...also any Group Policy settings that apply to WDS. The Group Policy portion finishes this section off and saves the section in my opinion. Great job to the people that put that area together.
Section 8: High Availability Introduction - Why is it every guide I read through lacks information on clusters and network load balanced systems? All 7 pages are marketing and nothing to get the technical person excited about high availability.
Section 9: Better Together & Section 10: Miscellaneous - Feel free to skip these areas now. Section 9 is a sales pitch to put Vista and Server 2008 together and Section 10 should have been put in the first section.
It's now time for my rating. This is 100% totally subjective to my opinion and only my opinion. If you feel it should be different let me know by proving feedback in the comments section. I will rate each section on a scale of 1 - 5 with 5 being the best possible. Then I will rate the entire guide but it will not just be the average of all the scores. I will rate it on usefulness to the community.
Brian's Official Rating Scale
1 = Why were calories spent on this?
2 = Save some trees and don't print this one
3 = Some areas are good but some aren't so good
4 = Kept my technical interest and definitely printable
5 = Excellent - Print it out and keep it as a reference in your office
| | Rating on a scale of 1 - 5 |
| Section 1 | 2 |
| Section 2 | 2 |
| Section 3 | 5 |
| Section 4 | 4 |
| Section 5 | 4 |
| Section 6 | 1 |
| Section 7 | 3 |
| Section 8 | 2 |
| Section 9 | 1 |
| Section 10 | 1 |
| Windows Server 2008 Reviewers Guide | 3 |
My friend Norm asked if I could post this sample Sysprep.xml file as he couldn't find anything online yet to really help him with Server 2008 and Sysprep. If you have any questions or feedback just leave it in the comments and I'll be sure to have Norm review them.
Here's a sample sysprep.xml that you can use to get your Server 2008 build going. It has some of the basic functions you'll need if you are deploying Server 2008 in an enterprise environment. This example is for the 64-bit version, using KMS (no product key in the sysprep). We do most of our configuration post-image and this configuration allows us to take a completely generic image and prepare it for enterprise deployment. This .xml is ready to go. It took me several days of trial and error to get this and I'm sure there are some admins that would love to have this as a starting point instead of what I had to start with.
Some of the things I'm doing in here:
- Auto-generated computer name
- Organization and Owner Information
- Setting language and locale
- Setting the initial tasks screen not to show at logon
- Setting server manager not to show at logon
- Configuring the Administrator password
- Creating a 2nd administrative account and setting the password
- Running a post-image configuration script under the administrator account at logon
- Setting automatic updates to not configured (to be configured post-image)
- Configuring the network location
- Configuring screen color/resolution settings
- Setting the time zone
- Disables IE Enhanced Security Configuration
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>*</ComputerName>
<RegisteredOrganization>Company Name</RegisteredOrganization>
<RegisteredOwner>Company Name</RegisteredOwner>
<ShowWindowsLive>false</ShowWindowsLive>
</component>
<component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0409:00000409</InputLocale>
<SystemLocale>en-us</SystemLocale>
<UILanguage>en-us</UILanguage>
<UserLocale>en-us</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RegisteredOrganization>Company Name</RegisteredOrganization>
<RegisteredOwner>Company Name</RegisteredOwner>
<UserAccounts>
<AdministratorPassword>
<Value>@bc!23</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>@bc!23</Value>
<PlainText>true</PlainText>
</Password>
<Description>Administrative Installer</Description>
<DisplayName>Admin2</DisplayName>
<Group>Administrators</Group>
<Name>Admin2</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Password>
<Value>@bc!23</Value>
<PlainText>true</PlainText>
</Password>
<Domain>WORKGROUP</Domain>
<Enabled>true</Enabled>
<LogonCount>2</LogonCount>
<Username>Administrator</Username>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>%WINDIR%\POST_INSTALLER\post_installer.vbs</CommandLine>
<Description>Post Install Script</Description>
<Order>1</Order>
</SynchronousCommand>
</FirstLogonCommands>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
</OOBE>
<Display>
<ColorDepth>32</ColorDepth>
<HorizontalResolution>1024</HorizontalResolution>
<VerticalResolution>768</VerticalResolution>
</Display>
<TimeZone>Eastern Standard Time</TimeZone>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
</settings>
</unattend>