Powershell
Roles&Features
Install
List
Get-WindowsFeature
Install
Install-WindowsFeature -name <name>
Remove
Remove-WindowsFeature -name <name>
Update OS
Install-Module PSWindowsUpdate
Get-Command –module PSWindowsUpdate
Then you will need to register to use the Microsoft Update Service not just the default Windows Update Service.
Add-WUServiceManager -ServiceID 7971f918-a847-4430-9279-4a52d1efe18d
Get-WUInstall –MicrosoftUpdate –AcceptAll –AutoReboot
Firewall
Disable unwanted ports
(Replace 1.1.1.1 with public IP)
TCP
New-NetFirewallRule -DisplayName "Block EXTERNAL AD PORTS TCP" -Action Block -Description "Block non secure ports" -Enabled True -LocalAddress 1.1.1.1/30 -Protocol TCP -LocalPort 53, 135-139, 389, 445 -RemotePort Any -Program Any -RemoteAddress Any
UDP
New-NetFirewallRule -DisplayName "Block EXTERNAL AD PORTS UDP" -Action Block -Description "Block non secure ports" -Enabled True -LocalAddress 1.1.1.1/30 -Protocol UDP -LocalPort 53, 135-139, 389, 445 -RemotePort Any -Program Any -RemoteAddress Any
Active Directory DC
Setup a secondary domain controller
Add role
Add-WindowsFeature AD-Domain-Services
Install and configure role
Install-ADDSDomainController -NoGlobalCatalog:$false -CreateDnsDelegation:$false -Credential (Get-Credential domain.local\Administrator) -CriticalReplicationOnly:$false -DatabasePath "C:\Windows\NTDS" -DomainName "domain.local" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SiteName "Default-First-Site-Name" -SysvolPath "C:\Windows\SYSVOL" -SafeModeAdministratorPassword (ConvertTo-SecureString 'D0M@INP@SSW0RD' -AsPlainText -Force) -Force:$true
Sync AD and check status
repadmin /syncall /A
repadmin /replsummary
IIS
List Domains / Bindings
Import-Module Webadministration
Get-ChildItem -Path IIS:\Sites
DFS
Create new replication group
DFSNew-DfsReplicationGroup -GroupeName "Group-Name" -Description "Replication DFSR" -DomainName "AD-DOMAIN.com" -WhatIf
Add Members
Add-DfsrMember -GroupeName "Group-Name" -ComputerName "SERVER1","SERVER2" -WhatIf
FolderName : List of folders to replicate
ContentPath : Local path of destination of the files that will be replicated
ComputerName : Primary Serve
Set-DfsrMembership -GroupName "Group-Name" -DomainName "AD-DOMAIN.com" -FolderName "List/Folder/To/Replicate" -ContentPath "C:\Local\Path\To\Replicate" -ComputerName "SERVER01" -PrimaryMember $True -Force -WhatIf | Format-Table *name,*path,primary* -auto -wrap
Failover Cluster
(TODO Add stuff here)
WMI Test (Failover Cluster)
Script for cluster WMI status
Set-ExecutionPolicy unrestricted
cls
If(import-module failoverclusters)
{
Write-Host "Imported Cluster module"
}
Write-Host "Getting the cluster nodes…" -NoNewline
$nodes = Get-ClusterNode
Write-host "Found the below nodes "
Write-host " "
$nodes
Write-host ""
Write-host "Running the WMI query…."
Write-host " "
ForEach ($Node in $nodes)
{
Write-Host -NoNewline $node
if($Node.State -eq "Down")
{
Write-Host -ForegroundColor White " : Node down skipping"
}
else
{
Try
{
#success
$result = (get-wmiobject -class "MSCluster_CLUSTER" -namespace "root\MSCluster" -authentication PacketPrivacy -computername $Node -erroraction stop).__SERVER
Write-host -ForegroundColor Green " : WMI query succeeded "
}
Catch
{
#Failure
Write-host -ForegroundColor Red -NoNewline " : WMI Query failed "
Write-host "//"$_.Exception.Message
}
}
}
Allow WMI firewall
netsh advfirewall firewall set rule group="remote administration" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Replication
Check replicartion
foreach-object {Measure-VMReplication | Select VMName, ReplicationHealth, AvgReplSize, PrimaryServerName, CurrentReplicaServerName | ft}
Reboot in recovery mode
Reboot in recovery mode
shutdown /r /o /f /t 00