So it doesn’t take much scanning of my Blog and other ramblings to realise I am a great fan of PowerShell. The ever demanding Harry (the TechNet UK Editor) suggested that I ought to write about my top 10 PowerShell tools that I use in creating my lab environments.
I use a mixture of platforms for my labs and demos.
My on premises ‘datacenter’ consists of;
HP Z600 Workstation twin Xeon 2.4GHz CPU’s (E5620) each with four cores and hyper threading enabled with 24GB RAM and 1TB of OS disk and 2 TB of data disk (with lots of iSCSI available from the various NAS devices around the place). This system runs Windows Server 2012 R2 in a Workgroup with Hyper-V
Plus I have two HP Gen 8 Micro Servers these have Pentium G2020T at 2.5 GHz twin core non hyper threaded with 16 GB of RAM and 2 x 500GB disks, these systems are Windows Server 2016 TP4 member servers running Hyper-V, IS and File and Storage services.
Cable is Cat 5E , switch is a web managed Gigabit (changed often so make is unimportant)
This allows me to run most scenarios to test and demonstrate Windows Server technologies.
I tend to manage the deployment of these physical hosts in a manual way to test the various setup options.
All of this is stored neatly in a secure underground bunker AKA – Ed’s garage – See pic
When I want to test WDS, MDT ADK etc. I use my Gigabyte BRIX systems. I have four of these to test the various storage and clustering options to destruction! (See below)
This is one machine short of ideal as I have to use the main DC as a cluster node as well. (Currently Storage spaces direct requires 4 nodes)
My Cloud data centre is, of course Microsoft Azure, sign up for a free trial here
But this post is about preparing and deploying a repeatable Lab setup on a single smallish Portable Workstation (Dell Precision M6700), it is not about automating the repeat (that will come later in a separate post or possible a number of them)
So – to the PowerShell – NOTE – this post will not give you a block of code you can use but it will give you the ideas needed to start learning how to do this yourself.
The aim of this post is NOT to show a completely automated lab creation system but to detail the ten CmdLets I recommend you to use when building your own lab.
With the advent of Windows 10 (1511) and Server 2016 Technical Preview 4, Microsoft has introduced an additional virtual switch into the mix. The NAT (network address translation switch) this will allow you to segment your VM’s on any IP scheme you choose and not interfere with your physical host and still have external network / internet access.
1. New-VMSwitch is the CmdLet I use to create this new switch. There are many useful blog posts about how to set this up, this one is very easy to follow.
2. New-NetNat is the other CmdLet you need to finish the job, see the screenshot below
This pair of commands creates a new VMSwitch and a host based NetNat object to allow communication through. See the commands required above.
These are fairly innocuous commands but they then allow me to isolate my lab setup completely and place it on any IP scheme without worrying about external connectivity.
The Hyper-V Switch manager GUI hasn’t yet caught up with the game as you can see it is shown as an internal switch.
But if you head off to network connections you can see a new vEthernet switch has been added and it has the correct Ip settings.
2 down 8 to go.
Having set up the networking to allow my lab infrastructure to operate in isolation using Network Address Translation I now need to stick some Virtual Machines into the mix.
I need to keep my storage requirements quite low on a travelling lab. I also want to ensure I am using the most up to versions of software. (Windows Server 2016 TP4 currently) and Windows 10 Insider builds for clients.
I have 32GB of RAM to play with so should be able to host a number of chunky VM’s in that memory space using Dynamic memory, but the first consideration is my Virtual Disks.
I am choosing to forego performance in the name of space. I have decided to use differencing disks for my servers with all of the main server instances running on a full GUI version of Windows Server 2016 TP4. (I know Jeffrey Snover would not be at all impressed but when demonstrating it is often useful to show the native tools without needing to fire up a separate VM and the RSAT tools)
So I need to use some PowerShell to get hold of a VHD image and then make some changes to set it up as a parent disk and create some differencing disks.
My lab will need the following servers
- Domain Controller (with all the main plumbing roles ADDS,ADCS,ADFS,DNS,DHCP)
- File Server
- Exchange Server
- SharePoint Server
- Web Application Proxy
This will then allow me to use this setup as a good ‘On-premises’ demonstration of integration with Azure Active Directory and Office 365 / Enterprise Mobility Suite.
So to the VHD image I need. The best way to do this is to download the super-cool Convert-WindowsImage script from the TechNet gallery. This allows you to create a fully sysprepped VHD or VHDX from either a WIM or an ISO.
3. .\Convert-WindowsImage.ps1 also has a UI you can call as shown below (but you cannot use all switches and parameters if you use the UI)
The full command you need to run is something like this
.\Convert-WindowsImage.ps1 -SourcePath $imagepath –VHDPath $vhd -VHDFormat VHDX -Edition ServerDataCenter -VHDPartitionStyle GPT –Verbose
there are many more options and uses. I am cheating here as this is a script and not a single CmdLet, but I set the rules…so I suppose I can break them.
Having created the file and put it where you want it to be nice and safe from tampering, you need to make it read only.
4. Set-ItemProperty this is a simple file-system action to turn on the IsReadOnly attribute of your VHDX.
So a command such as
Set-ItemProperty –path $vhd -name IsReadOnly -value $true would do the job.
Note the r in the attributes (Mode) column signifies read only.
We now have a base network and switch and a base VHDX to start our super portable lab.
So we need to create five differencing disks from the Parent disk we just made read only.
This is a simple New-VHD CmdLet
5. New-VHD has a whole load of parameters to assist you to define your disk.
New-VHD –Path $dcpath – ParentPath $vhd –differencing
and you would need five of these with the path variable changing for each VM
So we have a network and disks all we need to do now is to create the VM’s
This would would be a simple New-VM CmdLet
6. New-VM the standard VM creation CmdLet
New-VM -Name $VMName –Generation 2 –VHDPath $dcpath –path $dclocation –switchname $natswitchname –BootDevice VHD
And again we would need five of these one for each VM.
Having now built the vanilla machines we need to add all the roles and features to the servers and then install the software we want on them.
I will just outline the necessary CmdLets to set up your Domain Controller with all the roles and features.
For this reason if you are not going to be automating all this in one script (as I am not) then my No 7 pick is the CmdLet Install-WindowsFeature
7. Install-WindowsFeature allows you to install windows roles and features, much like Server Manager does. The difference is that by default the CmdLet does not install any management tools so you will need to include the parameter –IncludeManagementTools to your commands. The really cool thing about this CmdLet is that you can either install the features in a running VM or or to an offline VHD.
The CmdLet requires administrative credentials.
To find out what is available you can run the Get-WindowsFeature CmdLet first and find out the available Roles and Features that you need.
I will be installing
- Active Directory Domain Services
- Active Directory Certificate Services
- Active Directory Federation Services
- Domain Naming Service
- Dynamic Host Configuration Protocol
So the CmdLet will call a parameter containing the names of those features
$features = AD-Certificate, AD-Domain-Services, ADFS-Federation, DHCP, DNS
Install-WindowsFeature –name $features –vhd $vhdpath –Includeallsubfeature –IncludemanagementTools
If you have a thin image and the features are not available withinthe image you need to add a –source parameter and place a path where the .WIM file has been mounted this parameter is only used if the features cannot be found in the image itself.
With this achieved, you can safely start your DC VM either with Start-VM or through Hyper-V manager.
Once you have done that you can use PowerShell Direct on your Windows 10 or Windows Server Host Machine to Enter-PSSession using the –VMName parameter. This is a new Windows 10 and Server 2016 PowerShell feature and allows connecting to VM’s from the host without the need for a working network connection.
8. Enter-PSSession -VMName $VMName is my eighth choice, very useful at all times.
The arrow indicates I am in a session with my TP4HOST2 VM simply by connecting directly using the VMName.
In the final Stretch now – just two to go.
Simply Installing the Windows features above only installs the binaries necessary to be able to configure and manage the roles and features. It is still a requirement to actually get those roles and features into a state to provide a useful service to the network and users.
I only have 2 CmdLets left if I limit myself to 10, So I choose to use the AD DS CmdLet to install a new AD DS Forest. This will set up a Domain to be able to imitate any real world enterprise situation.
and here Windows Server allows you to build this command up with absolutely NO experience or knowledge of PowerShell.
Simply run the Wizard to Promote your Newly installed Server to a Domain Controller in a new Active Directory Forest. At the very last screen before you finish the wizard you are given the opportunity to save the PowerShell that was generated to actually preform the promotion.
The screenshots below show you how cool this is.
The script above was generated on a Windows Server 2016 TP4 machine so the Domain and Forest Modes are described as Threshold. It can simply be added to a script to make your server a fully functional AD DS Domain Controller.
My final CmdLet could be any one of a number of choices. From configuring Certificate Services to DHCP to ADFS. But since All your networks will need all machines to have IP addresses, I will opt for the DHCP CmdLet to authorise the newly installed DHCP server in your newly created Active Directory. AD DS will not allow a Domain Controller to be integrated and take advantage of all the great integration services unless it is authorised in the Directory.
The CmdLet is
10. Add-DhcpServerInDC there are many DHCP CmdLets in the Module and we will cover more of those in a different post as we still have to set up a scope, scope options, reservations and other cool stuff like filters and policies.
Indeed as you can see below there are 121 DHCP commands in the module for DHCPServer so the choice is very wide!
I am sure that any PowerShell guru reading this post will call it lightweight or half a job. If the aim was to provide a series of chunks of code to allow an automated repeatable lab to be built by simply passing a few parameters to a function or two, then i would agree.
My aim is to help a newcomer to PowerShell to understand that there is so much you can do and for them to go out and experiment with these 10 CmdLets. There are many online examples of the turnkey solutions I mentioned, but the new user is unlikely to learn unless they at least try and build their own Lab, piece by piece.
Enjoy trying. Below are a few resources to help you on your way.
Microsoft Virtual Academy – PowerShell Courses
Channel 9 – PowerShell Resources
Microsoft Learning – PowerShell Course