Powershell for Windows Server
This is a guide on powershell for Windows server.
PowerShell 5.1
In this video, we'll take a look at some of the new features in PowerShell 5 and 5.1, and I'd like to begin by just pointing out the documentation because there are quite a lot of new features.
[Video description begins] A Microsoft Docs web page titled What's New in Windows PowerShell 5.0 opens. It has the following topics: Installing Windows PowerShell, New features in Windows PowerShell 5.0, New features in Windows PowerShell 4.0, etc. Currently, Installing Windows PowerShell is displayed. [Video description ends]
Now most of them would have been released with version 5, this of course is the major increment then 5.1 is the minor. But on the first page here for what's new in Windows PowerShell 5, you can just scroll down to the 5.0 section, and there are number of links as to what is new in 5, and then over on the second page here, I have 5.1.
[Video description begins] The New features in Windows PowerShell 5.0 appears. [Video description ends]
[Video description begins] He opens a tab titled about_Windows_PowerShell_5.1. It has the following topics: Short Description, Long Description, Keywords, etc. [Video description ends]
So again, just take a little bit of time to go through what is available now, but there are new commandlets, new modules, new enhancements to the interfaces. So let's take a look at some examples here.
[Video description begins] A window titled Administration: Windows PowerShell ISE opens. It has a menu bar with the following options: File, Edit, View, etc. Below it there is a tool bar with the following options: Save, Copy, Clear, Run, etc. A tab titled Untitled1.ps1 is open here. It has a set of code lines. Below it, a terminal pane is open. The command prompt is PS C:\users\Administrator>. [Video description ends]
So for starters in the ISE, you have pretty much always had color coding available just to make it a little easier to spot cmdlets versus variables versus operators versus properties, and that color coding, is now also available in the standard prompt if you will. So if I just even copy this command from my scripting section and paste it down below, the color coding remains.
[Video description begins] He copies code line 1. It reads: Get-Service | Where-Object {$_.Status -eq "stopped"}. [Video description ends]
So again, it just makes it a little more readable, and there is a new cmdlet that is quite handy that was just released with 5.1. This Get-ComputerInfo cmdlet. Now let's just highlight and execute just the core portion here and we'll see what the results look like.
[Video description begins] In code line 2, he highlights the following command: Get-ComputerInfo. [Video description ends]
But essentially this just gives you most of the basic properties for any given system in a nice simple cmdlet, and the results are down below, and there are quite a few properties that come back here, okay? So you certainly can filter this, just like really any kind of get cmdlet. So I've got a property filter here, and I'm just going to look for anything that starts with OS. So OS* to just narrow the results a little bit, so let's run that, and we see only results that start with OS once this returns, okay?
[Video description begins] He selects code line 2. It reads: Get-ComputerInfo -Property "os*". He right clicks on it. A context menu appears. He selects Run Selection. [Video description ends]
So there are the results and everything starts with OS. So again, just a nice consolidated view of many of the properties of that system. Now another nice feature is the ability to edit and even debug scripts remotely. So let's just clear everything off here, and I'm going to establish a remote session through to another server, and we can just click our new remote session button here, and I'm going to connect to SRV0473, and provide a password, of course, and this will show you in the prompt that you have connected to the remote system.
[Video description begins] In the toolbar, he clicks the Clear button. [Video description ends]
[Video description begins] In the toolbar, he clicks the New Remote PowerShell button. A pop-up titled New Remote PowerShell Tab opens. It has input fields for Computer and User name. Connect and Cancel buttons are present at the bottom. [Video description ends]
[Video description begins] Currently, the Computer is SRV0473 and User name is pcadmin. He clicks the Connect button. Another Administrator: windows PowerShell ISE window appears. It has two open tabs: PowerShell 1 and PowerShell 6. The command prompt is: PS C:\users\Administrator>. A pop-up titled Windows PowerShell credential request is open. It has a drop-down for User name. An input field is present for Password. Currently, User name is set as pcadmin. OK and Cancel buttons are present at the bottom. [Video description ends]
[Video description begins] He clicks the OK button. The pop-up window closes. The PowerShell 6 tab is renamed to SRV0473. The command prompt changes to [SRV0473]: PS C:\users\pcadmin\Documents>. [Video description ends]
So I see the name of the server, at the beginning of the prompt here, okay, and I have a script on this system. So let me just switch to my scripts directory, and in here I have a script that's available simply called MyScript.ps1.
[Video description begins] He enters the following command: cd C:\Scripts. The command prompt changes to [SRV0473]: PS C:\Scripts>. [Video description ends]
So let's use psedit to open that script, and it appears to open locally, and I shouldn't say appears, it does open locally, at least in terms of the ISE here.
[Video description begins] He enters the following command: dir. He enters the following command: psedit \MyScript.ps1. [Video description ends]
But I am still working with the remote file, and in fact, an additional tab has appeared that says Remote File, okay, and I'm still in the remote session in the tab up above here, as opposed to the local session that I was using originally.
[Video description begins] A tab titled [Remote File] MyScripts.ps1 opens underSRV0473 tab. It has six code lines. [Video description ends]
But everything is all centralized here and I can now edit this and work with this script, as if I was working on the local computer of course. But everything that happens is happening on the remote system. So of course, I can just execute one of the cmdlets here, okay, and that is running against that remote system.
[Video description begins] He selects code line 1. It reads: Get-Service | Where-Object {$_.Status -eq "stopped"}. He right clicks on it. A context menu appears. He selects Run Selection. [Video description ends]
But I can debug and work with the script really however I want to. So if I were to put let's say a break point here on this line, then I can go ahead and execute and it will of course, just step through, so it hit the break point down here on line 3, okay?
[Video description begins] In the menu bar, he clicks on Debug. A list of options appears. In the list, he selects Toggle Breakpoint. Code line 3 gets selected. It reads: Get-WmiObject win32_operatingsystem | Select PSComputerName, Caption, Version. [Video description ends]
[Video description begins] In the toolbar, he clicks the Run button. [Video description ends]
So then I can go ahead and continue beyond that if I want to but I'm doing all of this remotely, okay?
[Video description begins] In the menu bar, he clicks on Debug. A list of options appears. He selects Run/Continue. [Video description ends]
Again, we see that the computer name here is still the remote system, not my local system, and if we return back to my original session here on the local computer, there are some new modules, and I would like to point out one here on this other tab that is specifically for dealing with software packages.
[Video description begins] He shifts to the PowerShell 1 tab. It has two tabs: Untitled1.ps1 and Untitled2.ps1. Currently, the Untitled1.ps1 tab is open. [Video description ends]
[Video description begins] He selects Untitled2.ps1 tab. It has 9 code lines. [Video description ends]
So I'm going to execute Get-Module and look for anything that has the word package in it, okay?
[Video description begins] He points at code line 1. It reads: Get-Module -List *package*. [Video description ends]
Actually, let me just get rid of the code down here, and let's go ahead and retrieve this package module. So we'll run that, okay?
[Video description begins] In the terminal pane, he deletes the following command: Get-Service | Where-Object {$_.Status -eq "stopped"}. [Video description ends]
[Video description begins] He selects and right clicks on code line 1. A context menu appears. He selects Run selection. [Video description ends]
So its name is PackageManagement, and it gives you an example of some of the exported commands here, Find-Package, Get-Package, but really this is just working with software packages. But let's go ahead and execute Get-Command, against that module to see everything that is available, and we can find package, we can get package, we can import the provider, we can of course install the package, which is what I'll show you in a moment.
[Video description begins] He selects code line 3. It reads: Get-Command -Module PackageManagement. He right clicks on it and selects Run selection. [Video description ends]
You can set the package source. So again, these are all the cmdlets that are available, against this module. So if I run a Get-Package source, I can see where that comes from, okay?
[Video description begins] He selects code line 5. It reads: Get-PackageSource. He right clicks on it and selects Run selection. [Video description ends]
So this is from the PSGallery. So that's a trusted source. So let's go ahead and maybe see what we can find from that source. So I'm going to run Find-Package and I'm going to output that to the grid view just so I can see it graphically and I can filter it if I want to. So let's go ahead and run this, okay?
[Video description begins] He selects code line 7. It reads: Find-Package | Out-GridView. He right clicks on it and selects Run selection. [Video description ends]
So there's one that looks interesting, Azure.Storage.
[Video description begins] A pop-up titled Find-Package | Out-GridView opens. It has a table with four columns: Name, Version, Source, and Summary. A list of packages is present in the table. [Video description ends]
So we can install this, and again, the reason why I outputed everything to this grid view is because you could add criteria here, so you can just filter easily, but this Azure.Storage module is available, okay?
[Video description begins] A drop-down for Add criteria is present at the top. He clicks it. A list of options with check boxes appears. [Video description ends]
[Video description begins] He switches to the PowerShell ISE. [Video description ends]
So I could install package Azure.Storage. Let's go ahead and run this, and this should prompt, are you sure?
[Video description begins] He selects code line 9. It reads: Install-Package Azure.Storage. [Video description ends]
Okay, and I'll go ahead and say, Yes to All, and that will install that module. Now, well that's going about it's business.
[Video description begins] A pop-up appears. It has the following question: Are you sure you want to install software from 'PSGallery'? The following buttons are present at the bottom: Yes, Yes to All, No, etc. [Video description ends]
I'm also going to switch over to another system here to show you another cmdlet.
[Video description begins] He opens another PowerShell ISE. It has a tab titled Untitled1.ps1. There are 7 code lines. [Video description ends]
This is a Hyper-V host. We can see in the background it is server 0436, okay, and there are several virtual machines running on this Hyper-V host, most notably this one which is server 0457, but with the VM name argument, it does not use WinRM over the network.
[Video description begins] A Hyper-V Manager window is open in the background. It has a menu bar with the following options: File, Action, View, etc. There is a tool bar with the following options: Previous, Next, Help, etc. A navigation pane is present with the following server: SRV0436. [Video description ends]
[Video description begins] A Virtual Machine Connection window opens. The server is SRV0457. In it, a window titled Network connections is open. It has an Ethernet icon in the center pane. Currently, it is set as disabled. [Video description ends]
[Video description begins] He shifts to the second PowerShell ISE. [Video description ends]
I can still connect to this virtual machine directly, okay? So just to give you a quick idea, if I execute Get-VM, this shows you all of the virtual machines that are running.
[Video description begins] He selects code line 1. It reads: Get -VM. He right clicks on it and selects Run selection. [Video description ends]
So 0457 is running, and again, this is it with its ethernet interface disabled, okay?
[Video description begins] He shifts to the Virtual Machine Connection window. [Video description ends]
But I can still enter a PSSession with the VM name parameter straight into that system without relying on the network.
[Video description begins] He shifts to the PowerShell ISE untitled1.ps1*.. [Video description ends]
[Video description begins] He selects code line 3. It reads: Enter-PSSession -VMName SRV0457. He right clicks on it and selects Run Selection. [Video description ends]
So let's go ahead and run that. I receive a prompt, I'll enter my credentials, Okay, and it tells me that I have a remote session here.
[Video description begins] A pop-up appears. It has fields for User name and Password. OK and Cancel buttons are present at the bottom. In the input field for User name, he types administrator. He types in the password and clicks on OK. The pop-up closes. The command prompt changes to [SRV0457]: PS C:\Users\Administrator\Documents>. [Video description ends]
So once again, I see the name of the server. So I can just execute a simple cmdlet here, and I'm seeing the services on that system.
[Video description begins] He selects code line 5. It reads: Get-Service. He right clicks on it and selects Run Selection. [Video description ends]
Even though again, it's experiencing network difficulty. So I'm just connecting to it directly, okay, and then we can just exit that session, and break out of there.
[Video description begins] He selects code line 7. It reads: Exit-PSSession. He right clicks on it and selects Run Selection. [Video description ends]
So now I'm back to my standard prompt.
[Video description begins] The command prompt changes to PS C:\Windows\system32>. [Video description ends]
So those are some of the new features some of the new cmdlets and some of the enhancements to the environment in PowerShell 5 and 5.1.
PowerShell for Administration
All right, in this demonstration, we'll take a look at some basic PowerShell commands and I do want to stress, this is quite basic. We could spend days upon days working in PowerShell, it is very robust, and if you are new to PowerShell, then hopefully we'll just illustrate some of the basic functionality when it comes to using the commands, and I really do recommend, that you spend as much time as possible working in the environment and using the documentation and the support that's available to get comfortable with using it.
[Video description begins] A Windows PowerShell ISE opens. A tab titled Untitled1.ps1 is open here. It has a set of code lines. Below it, a terminal pane is open. The command prompt is PS C:\Windows\system32>. [Video description ends]
But like anything, the more you use it, the more comfortable it will become. But in terms of what can be done using PowerShell, I'm going to go so far as to say just about anything. So when it comes to the administrative tasks that you want to perform, I don't think there's anything that can't be done in PowerShell. Now that said, in many cases using the graphic interface is certainly fine, particularly if it's just a very quick single task such as creating a user account, okay?
If you are creating a single user account, by all means use the graphic interface. But where PowerShell really shines, is when you need to do bulk configuration. If you need to operate on some kind of property, that is consistent across let's say hundreds of users, this is where PowerShell really becomes useful. Automation as well, things can be done automatically using PowerShell scripts, okay? So again, those are just a few examples.
But in terms of just getting familiar with the command structure, hopefully we'll accomplish that in this demonstration. So quickly, I'm in the PowerShell ISE, or the integrated scripting environment, simply because you have full text editing capability in here without having to necessarily execute something. So the top portion simply is the scripting section, then bottom portion is where you can actually enter commands and they will also execute down there, if you will.
But this just makes it easy because again, you've got full text editing capabilities here, and you can also just highlight a portion of a command and execute just that by right-clicking and choosing Run Selection, okay, and only the highlighted portion will run. So in the first example, I'm just retrieving a list of all commands. Now to clarify, that's all commands that are available on this particular system. I'm only using a Windows 10 client system here.
If I were working on something like an Active Directory Domain Controller, there would be different commands available, because there are what's known as modules that are installed for specific functionality such as Active Directory. So this is only the commands that are available on this system, okay? But every PowerShell command has the following structure, verb-noun, every single one, okay?
So get is the verb, command is the noun, and this first line, by the way, that appears in green and starts with the pound sign or the number symbol, is what's known as a comment, and you can just use that to describe what this command is all about. These lines do not process, even if I highlight them, and execute, they will not process, so they don't harm anything, okay? So in fact, let's go ahead and execute, but just before I do, take note that I'm on line 1 of my PowerShell environment here, and when I execute to see the results, I'm now in line 1588.
[Video description begins] He highlights code lines 1 and 2. Line 2 reads: Get-Command. He right clicks on it. A context menu appears. He selects Run Selection. [Video description ends]
So that gives you an idea as to how many commands there are in the PowerShell environment. So quite a few, clearly no one can memorize all of these, but as mentioned, the more you use it, the more familiar you will become. So to make sense of this list here, of course, what I can do is to filter it, okay? So in my next command, I'm filtering the results. So it's still the same initial command of Get-Command, but since every PowerShell command consists of a noun and a verb, I can say well, let's only see those with a noun, that in this case starts with com.
The com* is an example of what I want to see, okay? The star is a wildcard character, so as long as it starts with com, it will come back, but only against the noun portion. The dash here is what's referred to as a parameter. So for any command, you can, for lack of a better word, clarify the command by using parameters, noun being one of them, okay? So if I execute this, I will only see commands that have com at the start of the noun portion and far fewer results come back. Com for command and com for computer, clearly, they both start with com.
I can also work against the verb portion, so Get-Command where the verb is get. Now I will only see commands that start with the verb get, okay? So just a few examples of filtering. So let's see our next command here which is to view all services on this computer. It is simply Get-Service. Let's highlight and run and there they are, okay? Now again, for every command, there's a lot more that you can do, than just run that command all by itself.
You can get help on that command. Note that I have the term cmdlet here, that's just a nickname for PowerShell commands. They are sort of a hybrid, if you will, between commands and applets, so the term cmdlet is sometimes used. But I can Get- Help, which is the original command here on the Get- Service command, and you can get help against any command. So I can execute that, and it will return for me some basic information about this particular command, in my case, Get-Service. It tells you the name, gives you a basic synopsis, the basic syntax, a description, and some related links, okay? Now you can also enhance this if you will, by using the parameter of examples. This will quite literally show you some examples, of using the Get-Service command.
[Video description begins] He points at code line 13. It reads: Get-Help Get-Service -Examples. [Video description ends]
So you can just use this to learn more about the command itself, and use these as templates, if you will, to start building your own examples.
[Video description begins] He executes code line 13. [Video description ends]
You can also get help online as opposed to reading everything in here. This will open your default browser. So Get-Help on Get-Service essentially is what this means from the online documentation. If I run this, my browser will pop up and go straight to the documentation page for that command exactly, okay?
[Video description begins] He closes the Microsoft Docs web page. The screen shifts to the PowerShell ISE. [Video description ends]
You can view processes. So this would be very much like what you would see if you opened up Task Manager. So it's Get-Process and I can pass in the name parameter, to look for a specific process in my case, Powershell.ise.
[Video description begins] He highlights code line 17. It reads: Get-Process -Name powershell_ise. [Video description ends]
If you didn't know the name, you could just execute Get-Process and examine the results, right? This is returning the name for me, so I can find out which one I'm looking for and pass in my example as the name parameter. I'm running the PowerShell ISE right now clearly, so this should return that process, okay? There it is, and then finally, another very powerful feature of PowerShell is to use variables. The variable is defined by using the dollar sign character, then you can call it whatever you like. But this will store the results of anything that gets returned. So I can get the process for Microsoft Edge, I'll run that all by itself.
[Video description begins] In code line 20, he highlights: Get-Process MicrosoftEdge. [Video description ends]
There it is, but I can then store all of this into a variable. So this will not actually return anything, but it will store it in the variable. So $MyVar= this command, let's run.
[Video description begins] He highlights code line 20. It reads: $MyVar = Get-Process MicrosoftEdge. [Video description ends]
Now I can display, what is in the variable by just typing in the name of it. Now my comment says, notice the auto-complete. What that means is, if I just start typing and I put in the dollar sign, since it has already been defined PowerShell knows this, and it's available in the auto-complete. So I can just hit my Tab key or double-click here, and there it is.
[Video description begins] In code line 23, a list of variables appears below $. He selects $MyVar. [Video description ends]
Highlight this and execute, and I'll see what's in the variable. The same results. But now I can use that variable and reference it in other commands. So $MyVar.Kill, means to use the kill method against whatever is in that variable. That's what the open-closed parenthesis is all about here, okay? So if I right-click and run this, it killed that process. Now if I try to get that process again, it shouldn't be running anymore.
[Video description begins] He executes code line 26. [Video description ends]
Let's right-click and run, and sure enough, it is no longer available, okay?
[Video description begins] In code line 20, he highlights: Get-Process MicrosoftEdge. [Video description ends]
So again, that's very basic, very introductory, we could spend days in here. But those are some of the basic options, and some of the basic functionality, when it comes to using PowerShell commands.
Installing DNS using PowerShellÂ
In this video, we'll take a look at installing the DNS role onto a server using the PowerShell cmdlets.
[Video description begins] An Administration: Windows PowerShell ISE opens. A tab titled Untitled1.ps1 is open. It has a set of code lines. Below it, a terminal pane is open. The command prompt is PS C:\Windows\system32>. On the right, a Commands pane is open. It has a list of commands. [Video description ends]
Now, a couple of quick points, I am working on a server that has the full desktop installed, and you might think if we're using the PowerShell cmdlets, wouldn't it be a little more appropriate to be working on a system running Server Core, and that is certainly true, but I'm going to install the DNS role and the management tools in a single command. So by using the full desktop environment, we can see the results very easily. So let me just show you what I'm talking about here. If I switch over to my Server Manager and go to my Tools menu, I do not have the DNS Management tool.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open. [Video description ends]
The role itself is also not installed, it would show up here on the left. Okay, but after the installation, we'll be able to see both, the DNS server role over here on the left, and the DNS manager in the Tools menu. Okay, I also just like using the ISE, because of it's autocomplete or IntelliSense features.
[Video description begins] He shifts back to the PowerShell ISE. [Video description ends]
Now, those are available in the standard prompt, but you have to press the tab key, and it doesn't show you all of the available arguments in a single interface like the ISE does, and we'll see that in a moment as well if you aren't entirely certain what I'm talking about here. So let's just get started with the cmdlet, which is install then -windows and there, essentially is what I'm talking about in terms of the autocomplete.
Now having typed in that many letters, W-I-N, WindowsFeature is the only available option. So I can just press my tab key to complete that, and this avoids typos and general syntax errors, okay? So I need to specify which feature to install, which is the name parameter, and as soon as I hit the dash, this is what I was talking about in terms of what's not available in the standard prompt. You don't see any kind of a drop down that gives you all of the available parameters. You can just start typing in a few of the characters and then hit your Tab key to autocomplete.
[Video description begins] A list of parameters appears. [Video description ends]
But again, this shows you every available parameter.
[Video description begins] He types na. In the list of parameters, he selects Name. [Video description ends]
So as soon as the correct one is chosen, I, again, can hit my Tab key or I could just-double click it from the list. But you can just browse through that list, when you're using the ISE, okay? So the name is quite simply, DNS and then, as mentioned, I want to include the management tools. So once again, if I hit my dash key, all available parameters appear, and there's the one I want right there, IncludeManagementTools. So right from here, I can just double-click, okay? So that's it, that's all there is to the cmdlet itself, and it certainly would not matter, if I was executing this in Server Core, or straight from the standard prompt. There's no change to the syntax, just because you're using a different management interface. So let's go ahead and execute this, and I should also mention, of course, that when you launch the ISE or the standard prompt, make sure you do so as an administrator.
[Video description begins] A progress bar appears. [Video description ends]
If you don't, you'll get an error saying that you don't have the ability to install this, okay? So this shouldn't take long, and again, I just want to highlight the fact that I installed the feature and the management tools all within the single command here. So once this does complete, we can just switch over to our Server Manager, and we can verify that everything did complete.
So it tells us in here, in our results, that Success is True, Restart is not required, and the exit code of success clearly means that we did install everything successfully, and the feature result shows DNS Server and the DNS Server Tools. Okay, so let's switch back to the Server Manager, let's refresh everything in here, and on the left-hand side, DNS has appeared and in the Tools menu, the DNS manager is now available. So clearly, everything did succeed with this installation. Okay, so again, that is simply how you can install the DNS role and the management tools, using your PowerShell cmdlets.
Adding DNS using PowerShell
So now that we have added the DNS role, in this demonstration, we'll take a look at adding a primary forward lookup zone, again, using the PowerShell cmdlet. Now, like the previous demonstration, I am in the graphic environment just so that we can easily see the results.
[Video description begins] A DNS Manager window opens. It has a menu bar with the following options: File, Action, View, and Help. A toolbar is present with the following icons: Go Backward, Go Forward, New Folder, etc. It has a navigation pane with a server named SRV0474. It is expanded to show the following folders: Forward Lookup Zones, Reverse Lookup Zones, Trust Points, etc. [Video description ends]
So I've just launched my DNS Manager, and let me just refresh here to demonstrate that there are currently no forward lookup zones, okay?
[Video description begins] In the navigation pane, he right clicks on SRV0474. A context menu appears. He selects Refresh. [Video description ends]
[Video description begins] He clicks on Forward Lookup Zones. The following message appears in the center pane: Add a New Zone. [Video description ends]
But we'll create the zone. Then we'll come back into here and we'll see the results. So let's switch back into the PowerShell, and, once, again I'm also using the ISE, just because of the IntelliSense feature that make it nice and easy, to make sure you are assembling the correct cmdlet.
[Video description begins] The Windows PowerShell ISE opens. A tab titled Untitled1.ps1 is open. The command prompt is PS C:\Windows\system32>. [Video description ends]
So to get started, the cmdlet is add and dash, and, once again, the IntelliSense feature shows you all available options. Now, there are far too many at this point, so let's narrow it down a little bit and type in dns, and now we see the option we want. It's Add-DnsServerPrimaryZone, so we can just double-click to autocomplete that. Then the first argument is the name, so we can hit our dash again, and there is Name right there, so let's just double-click, and let's give it a name, we'll call it MyZone.com.
Then we also needs to specify a zone file. So typically, this the same name as the zone, with just DNS appended to the end. But we still need the parameter, so, once again, let's hit dash, and there is ZoneFile toward the bottom, so let's double-click, and we'll call it MyZone.com.dns, okay? Now, that's really all you would need. But you might want to specify the dynamic update option, and this specifies whether or not clients are allowed to update the zone themselves.
So, once again, we can hit dash, and DynamicUpdate is the second option, so let's go ahead and double-click, and the value here, since this is not an Active Directory integrated zone, we'll go with NonsecureAndSecure, okay? This will allow all updates. If it was an Active Directory integrated zone, you could go with Secure only, okay?
So that's it in terms of the syntax, and, again, using the IntelliSense feature of the ISE, we are much more certain that we have used the correct syntax. There could still be a typo in something like the name. But just double-check everything, and let's go ahead and execute, and if you just see everything goes straight back to a prompt, then that should have succeeded. If it were to fail, it would come up with an error. So it looks like everything is good here. But let's switch back to the DNS Manager. Let's do another refresh, and now there it is, MyZone.com has appeared, okay?
[Video description begins] In the navigation pane, he right clicks on the Forward Lookup Zone folder and selects Refresh. A table appears in the center pane. It has the following columns: Name, Type, Status, etc. A zone named MyZone.com appears in the table. [Video description ends]
[Video description begins] He expands the Forward Lookup Zone folder to show a sub folder named MyZone.com. [Video description ends]
So that is how you can get started with creating your primary forward lookup zones using PowerShell.
Adding DNS Records using PowerShell
Okay, so now we have installed the DNS role and we have created a primary forward look up zone, both using the PowerShell cmdlets.
[Video description begins] The Windows PowerShell ISE opens. Currently, an Untitled1.ps1* is open. Below it, a terminal pane is open. The command prompt is PS C:\WINDOWS\system32>. [Video description ends]
Now in this demonstration, we will once again use the PowerShell cmdlet to add a new resource record, and specifically in this case, it will be an A record or an address record. Now, there are a lot of arguments, when it comes to adding DNS resource records. So I really do suggest that you do a little bit of research, and try to get a better handle on what all of the available cmdlets are, and what the available options are for those cmdlets. But I'm going to give you a bit of an idea as to what I'm talking about here with the very first part of the cmdlet, which is to add a DNS server, and I'm going to type in a few more characters here, just so that we get close to the cmdlet, so it's DnsServerResource, and here we see some of the options that I was talking about.
[Video description begins] In line 1, he types: add-dnsserverres. A list of commands appears. [Video description ends]
So, the first option is DnsServerResourceRecord, and it even gives you some examples of what each one of these expects in terms of parameters. Now you could create an A or address record using this cmdlet but notice right below it, it says Add-DnsServerResourceRecordA. This is specifically for the address record and below that is the AAAA record for an IP version 6 client. Then we see CName, okay, and MX records. So many of the common record types have their own cmdlets. Now as mentioned, you could create records just by going with the first option, and then what you have to do is specify the type of record.
But if you know, you are creating an address record which is one of the most common record types, then again, this cmdlet with the A attached is specifically for that type, okay? But, that's what I was referring to, in terms of familiarizing yourself with some of these options and some of their parameters, and all of this documentation is readily available online if you go to the Microsoft documentation site. So, let's choose the resource record A in this case, and as per usual, if we just hit the dash key now, we see all of the appropriate parameters. Most notably, we need a name. So let's double-click, and this is the name of the client system.
Okay, so let's just make something up here. Let's call it TestClient, then hit the dash again, and we certainly do need to specify, the zone into which this record will go. So, let's scroll down and choose the ZoneName option, and in this case, the zone that was just created was MyZone.com. Hit the dash again and of course, we need the IP address. Now do take note, the name of it is IPv4 address, to ensure that you are distinguishing this from a version six address, and we'll just make up an IP address, 10.10.10.10, okay, and one more dash and we'll go with the option to allow update any, so that if this client happens to get a different IP address through standard DHCP, that it can update the record.
[Video description begins] Code line 1 reads: Add-DnsServerResourceRecordA -Name TestClient -ZoneName MyZone.com -IPv4Address 10.10.10.10 -AllowUpdateAny. [Video description ends]
So that's all we need. Let's go ahead and execute, and again, as long as you see it return to the prompt down below, this succeeded. If there was a problem, it would come back with an error.
[Video description begins] In the toolbar, he clicks the Run icon. Code line 1 appears in the terminal pane. [Video description ends]
So, let's verify though again by switching over to the DNS graphic interface.
[Video description begins] He shifts to the DNS Manager window. In the navigation pane, a folder named MyZone.com is currently selected. A table with the following columns is displayed in the center pane: Name, Type, and Data. It contains two records. [Video description ends]
Let's refresh the zone, and we should see that new record, and there it is, okay.
[Video description begins] In the navigation pane, he right-clicks MyZone.com. A list of options appears. He clicks on Refresh. A TestClient record gets added in the table. [Video description ends]
So once again, I do recommend that you familiarize yourself with all of those cmdlets and the syntax, in terms of the supportive parameters and the values. At least for the cmdlets that you expect to be using on a regular basis.
Installing DHCP using PowerShell
In our past few demonstrations, we saw how to add a role and how to configure that role, using PowerShell commandlets.
[Video description begins] A Windows PowerShell ISE opens. Currently, a tab titled Untitled1..ps1* is open in the center pane. It has a set of code lines. Below the tab, a terminal pane is open. The command prompt is PS C:\WINDOWS\system32>. [Video description ends]
Now in this demonstration, we'll just put it all together into a single script, and we'll install the DHCP Server role, and we'll set up a scope and configure some properties. Now, I have the script fully assembled here, but we will go through all of the commandlets and all of the parameters, and once again, I am working on the full desktop installation, just so that we can see the results, a little easier once everything finishes. In fact, let me just switch over to my Server Manager right now, and on the left-hand side, notice that there is no DHCP service, and if I go to the Tools menu, there is no DHCP administrative tool either.
[Video description begins] He shifts to the Server Manager window. The Dashboard page is currently open in the center pane. [Video description ends]
But we'll add both the role and the management tools, and configure the scope all through this script. Okay, so let's go back to my PowerShell ISE, and to install the feature itself, this is the exact same syntax that we saw to install DNS. It's just a different name. So it is the Install Windows feature commandlet, with the parameter of name, then DHCP, then the parameter to include the management tools. So that installs both the service and the management interface.
[Video description begins] He highlights code line 2. It reads: Install-windowsFeature -Name DHCP -IncludeManagementTools. [Video description ends]
Then from that point, once the installation of the role completes, we can create a scope. So the commandlet here is Add-DhcpServerv4Scope. Now, do take note of the v4 referring to TCP IP version 4, because you can create a version 6 scope as well. So you do need to be specific here. Then the parameter of name is in my case, my scope, and I should point out that if you want a space in the name, then you would need quotation marks, okay.
Then the parameters of StartRange and EndRange are required, and I'm just using values that are applicable to my lab environment here, purely because of the DNS server. If I were to just make up values, the script would run and it would succeed, but if you put in an invalid DNS server, it will actually validate this, and it will tell you that it's not a valid DNS server. Now that actually won't cause an error, but the DNS server will not end up, in the actual results when the scope is finished, okay? So again use whatever values are applicable to you for the starting IP address and the ending IP address, I have them both here, and then the last parameter that is required is the SubnetMask, and I went with 255.255.255.0.
[Video description begins] He highlights code line 5. It reads: Add-DhcpServerV4Scope -Name MyScope -StartRange 10.40.4.150 -EndRange 10.40.4.200 -SubnetMask 255.255.255.0. [Video description ends]
Then we can add the server... the DNS server and the default gateway at the same time using the Set-DhcpServerV4 again, take note of that, V4OptionValue, okay? That's all one word, Set-DhcpServerV4OptionValue, then the first parameter is DnsServer. So then again, you do need a valid DNS server here or it won't show up in the scope. Then router is the next parameter. Note that it's not default gateway, it's router, okay, then a value for the router.
[Video description begins] He highlights code line 8. It reads: Set-DhcpServerV4OptionValue -DnsServer 10.40.4.21 -Router 10.40.4.1. [Video description ends]
Then we can specify the lease duration. This is Set-Dhcpserverv4scope, okay, and the parameter here is ScopeId, and this will accept the network portion.
[Video description begins] He points at code line 11. It reads: Set-DhcpServerV4Scope -ScopeId 10.40.4.0 -LeaseDuration 7.00:00:00. [Video description ends]
It's probably fine if you were to actually put in an address here, I think it would just be ignored. But typically, the network ID is supplied, then LeaseDuration. In my case, I went with 7 days. Then note that the remainder is hours, minutes, and seconds. So the hours, minutes, and seconds are separated by colons, but the day value is separated by a period. So that's seven days in this case, and then finally just a restart of this service, we don't need to restart the server, but it doesn't hurt just to do a restart of this service itself.
[Video description begins] He points at code line 14. It reads: Restart-service dhcpserver. [Video description ends]
Okay, so again, as mentioned, we can execute all of this in one shot here. So let's just go ahead and run, and this will take a minute or two.
[Video description begins] In the tool bar, he clicks the Run icon. A progress bar appears below the scripting pane. [Video description ends]
So we'll just pause, and let everything complete, and then come back to verify. Everything has completed here, and in fact, we can go through the results. It did tell us that we have a success on the installation. There's no restart needed for the server. But again, it doesn't hurt to restart the service, and the feature result was that we got our DHCP server and the tools, then just a warning that it was waiting for the service to restart. Okay, so after that, everything is just back to the regular prompt. So let's switch back to Server Manager. Let's refresh, and we should see DHCP up here on the left hand side. There it is, and if we go to our Tools menu, we should now see our DHCP administrator.
[Video description begins] From the tools menu, he clicks on DHCP. A DHCP window opens. It has a menu bar with the following options: File, Action, View, and Help. A tool bar is present with the following icons: Backward, Forward, New Folder, etc. The navigation pane contains a server named srv0474.diallonics.com. [Video description ends]
Okay, we have that installed, and we should see our IP version 4 scope.
[Video description begins] In the navigation pane, he expands srv0474.diallonics.com > IPv4 > Scope [10.40.4.0] MyScope. It has the following folders: Address Pool, Address Leases, Reservations, Scope Options, and Policies. [Video description ends]
Okay, there it is. So the address pool, should have our starting and ending IP address in there, and if we look at the scope options, we should see our router and our DNS server.
Installing Active Directory using PowerShell
In this video, we'll take a look at installing the Active Directory domain services role on to a server using PowerShell, and will also configure this system, as a new domain controller but for an existing domain. Now I have my Server Manager up in the background to indicate that active directory is currently not installed on the system, otherwise it would show on that left hand column, and I'm also using the standard power shell interface if you will, as opposed to the ISC which I used in previous demonstrations.
[Video description begins] A PowerShell window opens. The command prompt is: PS C:\Windows\system32>. A Server Manager window is open in the background. [Video description ends]
Just so I can show you the tab feature, which will autocomplete the cmdlets, if you aren't familiar with using PowerShell. So in terms of installing the feature itself, this is the same cmdlet we have used for all other installations. So it's install then -, and then if I just type in the first few characters, for example, win, and hit my Tab key, then this auto completes the cmdlet. So anything that starts with win would be available when you hit the Tab key, okay?
[Video description begins] He enters the following command: Install-WindowsFeature. [Video description ends]
So that's the cmdlet but then we need our parameters. The first one is name, and even here we can just type in, let's say na and hit Tab, and that will autocomplete as well, and the name of the role in this case is AD-Domain-Services. So that in of itself with the dashes is all one word. So again, AD-Domain-Services, and we'll include the management tools as well.
So -inc, and I'll hit my Tab key here, but notice that it does not come up with the correct parameter, it says include all sub feature. That's not what I'm looking for, I want IncludeManagementTools. But I can hit my Tab key again, okay, and there is the option that I want, IncludeManagementTools. So having typed in inc, every time I press the Tab key now, it would cycle through every option that starts with inc, okay? Now there are only those two, but all you have to do is hit that Tab key again, to cycle through other available options. So that should be everything necessary to install the feature itself. So let's hit Enter, and this will take a minute or two but nothing too serious.
[Video description begins] The Installation begins. [Video description ends]
So again, we'll just let that complete will pause and come back and then we'll set this system up as a domain controller. Okay, so the feature installation itself has completed successfully. So now let's take a look at, configuring the system as a domain controller.
[Video description begins] A table appears with the following columns: Success, Restart Needed, Exit Code, and Feature Result. [Video description ends]
Now you might also note that in Server Manager in the background, Active Directory Domain Services has appeared on the left hand side, and there is also a notification in my notifications area that is informing me that I need to set the system up, as a domain controller.
[Video description begins] An option named AD DS appears in the navigation pane of the Server Manager window. [Video description ends]
But as mentioned, of course will do that in PowerShell. Now before actually entering the cmdlet, I also did bring up the documentation here, just to give you a bit of an idea as to the available parameters, because there are quite a few. So the cmdlet itself is Install-ADDSDomainController and these are all of the parameters, okay?
[Video description begins] He opens a Microsoft Docs page titled lnstall-ADDSDomainController in a browser. It contains the following topics: Syntax, Description, Examples, Parameters, Outputs, Notes, and Related Links. Under Syntax, a list parameters is displayed. [Video description ends]
Now you don't have to enter values for all of them because there are default values for a lot of them. So if we go down to examples, some of them are fairly simple, okay?
[Video description begins] He scrolls down the page to Examples. It contains a few examples of powershell commands. [Video description ends]
So in fact, I'm going to go with this second example in terms of syntax, where we just install the Active Directory Domain Services domain controller with DNS and the domain name, okay?
[Video description begins] Example 2 is: Install a domain controller and DNS server using administrator credentials. The command is: Install-ADDSDomainController -InstallDns -DomainName "corp.contoso.com ". [Video description ends]
There are a few other examples here, but you certainly can provide as many of those parameters as you like, okay? So you can be quite specific, if you want to. So again, just refer back to that documentation if you need to get any clarification as to what any given parameter is all about.
[Video description begins] He shifts back to the PowerShell window. [Video description ends]
So from my PowerShell prompt, let's go with install-adds and let's just type in the letter d, for domain controller, and if we hit the Tab key now, we get the first option, which is domain, but we already have the domain, so let's just hit Tab again and there is domain controller, okay? So we will install DNS, so let's hit my Tab key a couple of times. So there is the option to add DNS and then the domain name is the name of my lab domain here. So I'm just enter that.
[Video description begins] He enters the following command: Install-ADDSDomainController -InstallDns -DomainName diallonics.com. [Video description ends]
Okay, and lets say enter and it wants to know the password here for the safeModeAdministrator, so let's enter that, and it'll ask to confirm that, and we'll hit Enter and it just wants to know if I want to proceed because it's going to be configured and reboot several times.
[Video description begins] The following question appears: Do you want to continue with this operation? It has the following options: [Y] Yes, [A] Yes to All, [N] No, [L] No to All, [S] Suspend, and [?] Help. [Video description ends]
So, Y for Yes, and that goes ahead with beginning the process here.
[Video description begins] The installation begins. [Video description ends]
So again, we will let this complete and come back and verify that everything succeeded here.
[Video description begins] He closes the terminal. The screen shifts to an Active Directory Users and Computers window. [Video description ends]
Okay, so the promotion to the domain controller has completed, and of course the system rebooted, so I've just gone back in and launched Active Directory Users and Computers. So we see everything there within the active directory and we also see a DNS entry down below in Server Manager. So we have both, the Active Directory Domain Services role installed, and DNS, and we have successfully promoted this system, to be a domain controller.
Managing Active Directory with PowerShell
Okay, in this demonstration, we'll take a look at performing some basic user management using PowerShell, and I do want to stress, this is basic, and I say that because we quite literally could spend days going through all of the available user management tasks, that can be performed in PowerShell.
[Video description begins] An Administrator: Windows PowerShell ISE opens. In it, an Untitled1.ps1* tab is open. It has a set of code lines. Below the tab, a terminal pane is present. The command prompt is PS C:\Users\Administrator>. An Active Directory Users and Computers window is open in the background. [Video description ends]
So again, this is really just to give you a general introduction if you will, to some of the cmdlets that can be used when working with your users. Now one other thing I would like to mention, because I get a lot of questions about this is, why would I bother doing this using PowerShell?
I'm only working with a single user. Wouldn't it just be easier to go into Active Directory Users and Computers and work with the user that way? Well, in many cases it would, okay? It's really that simple. I have Active Directory Users and Computers here, and I'm going to work with a specific user, this Myra Vale user, and I'm just going to make some changes.
[Video description begins] He shifts to the Active Directory Users and Computers window. It has a menu bar with the following options: File, Action, View, and Help. A toolbar is present with the following icons: Backward, Forward, New Folder, etc. The navigation pane contains a folder named Saved Queries and a domain named diallonics.com. Under diallonics.com, a folder named Users is currently selected. A table with the following columns is displayed in the center pane: Name, Type, and Description. It contains a list of Users. [Video description ends]
[Video description begins] From the table, he clicks on a user named Myra vale. A pop-up titled Myra Vale Properties opens. It has the following tabs: General, Account, Profile, Organization, etc. The Organization tab is currently open. It has the following fields: Job title, Department, Company, and Direct reports. The Job title is Accounting Associate. The Department is Accounting. The Company is Diallonics. Below these, there is a section titled Manager. The following buttons are present at the bottom: OK, Cancel, Apply, and Help. [Video description ends]
I'll determine some Properties first, and then I'll make some changes, and I absolutely could do that, right here in this interface, or any other administrative interface, that's associated with Active Directory, such as the Active Directory Admin Center, new for Window Server 2019. So again, why bother using something like PowerShell, when all I have to do is double click here and make a few changes. Well, if you are just dealing with a single user, then it might not be worth the effort. You know I had to, type out all of these cmdlets, to get everything to work here.
[Video description begins] He shifts back to Administrator: Windows PowerShell ISE. [Video description ends]
We'll go through them all, of course. But where PowerShell really becomes useful, is when you need to do something like this for multiple users, possibly hundreds or thousands. So for example, I'm going to determine the department of this user, okay, right here.
[Video description begins] He highlights code line 8. It reads: Get-Aduser -Filter 'GivenName -eq "Myra"' -Properties Department. [Video description ends]
Once I know that, I'm going to change it, okay? Now again, that's very easy to do in the graphic interface. But if, let's just imagine, a department was renamed or maybe a large group of people were relocated. Then this is where PowerShell makes it much easier. Because I could implement some kind of filter, whereby I extract all of the users for let's say, a given department. Now that I have retrieved them all, I can, in a single command, set the value to whatever it's going to be changed to, for all of them, okay? So I'll reiterate that when I get to it, but it's basically this cmdlet here, where I use a filter to extract just a single user. But I could use a filter to extract hundreds, thousands of users, depending on what properties are available.
[Video description begins] He highlights code line 11. It reads: Get-Aduser -Filter 'GivenName -eq "Myra"' | Set-Aduser -Department 'Finance'. [Video description ends]
Then once I have that list of users, I pipe that into the next cmdlet, and it makes the change for all of them, okay, in a single cmdlet, that's where PowerShell becomes exceptionally useful. Okay, so anyway, let's just go through the script here. The first one is to simply retrieve a list of all users, and that cmdlet is Get-ADUser, for Active Directory User, okay?
[Video description begins] He points at code line 2. It reads: Get-ADUser. [Video description ends]
Now in this particular case, I'm going to be prompted to supply a filter. It expects to see some kind of filter, but you can leave it blank, and you will receive a prompt, okay? So, let's just highlight the cmdlet, and let's run it, and it is prompting me for the filter.
[Video description begins] He highlights code line 2. He right-clicks on code line 2. A list of options appears. He clicks on Run Selection. In the terminal pane, the following field appears: Filter. [Video description ends]
Now if you want to see all users, as I indicated in my comment here, then what you can supply as a filter is the asterisk, or star, okay, indicating everyone. So, let's hit Enter, and clearly, it scrolled through that very quickly, but I am seeing every user here, okay? Now, there are ways that you can format this into a list or a table. But that was just to illustrate that we can get everyone back, okay, and we are seeing some default properties, but you can specifically say, which property you want to see. For example, if we look at a single user here, I am not seeing their department, okay? But we'll see that in a moment. So now, I'm going to implement a filter, that retrieves just a single user. It's still the Get-ADUser cmdlet that I have here, okay?
[Video description begins] He points at code line 5. It reads: Get-ADUser -Filter 'GivenName -eq "Myra"'. [Video description ends]
But then I'm going to specify the filter parameter, and then the filter I'm going to use is 'GivenName -eq "Myra"'. Now, this is a little bit particular on the syntax. The entire filter needs to be inside single quotes, okay, that single quote is closed right there. Then when you use the eq parameter here for equals, the value for this is expected to be in double quotes, so that's the first name. So again a little bit particular in terms of the quotes here if you change this up at all, it probably would generate an error. But the filter is quite simply the first name or GivenName property is equal to Myra, in this case. So I could have determined that, from the list of all users that I received here. But I know I have this user. Okay so, let's just execute this, to retrieve that specific user, okay? So we'll run that, and here we are seeing all of the properties, the default properties, I should say for Myra, okay?
[Video description begins] He highlights code line 5. He then right-clicks it. From the options, he clicks on Run Selection. An output appears in the terminal pane. [Video description ends]
So we see the DistinguishedName, the GivenName, the full name if you will, and the SID and the UserPrincipalName. So now that we have this user, what I'm looking for is the department. But the department does not show, by default, in the list of values here, okay? But I can ask for it, for lack of a better word. So now, I'm issuing the same cmdlet, to get the user with the same filter. But I can then use the -Properties parameter to say that I want to see the -Department property, okay?
[Video description begins] He highlights code line 8. [Video description ends]
So let's execute this, and now we see the department is included, okay? Now we see the department is included, okay? So now we know that Mayra Vale, is in the Accounting department. Okay, so now what we'll do is, change it. So we still need to work with the same user. So we get the user, exactly as we just did with the exact same filter. Then we pipe that, into the next command which is to set the AdUser, and this allows us to specify, which value we want to work with, and what we are changing it to. So it's currently Accounting, I'm going to change it to Finance.
[Video description begins] He highlights code line 11. [Video description ends]
Okay, but again here is the power of PowerShell. I don't have to work with just a single user, I could use some kind of filter, that might retrieve hundreds of users. I don't see them all, they just come back if you will, and they're stored temporarily. But every result that comes back, is piped into this next cmdlet, and the value that I specify, is set for all of them. So again, I might use a filter, maybe such as, department equals Sales, okay?
Then if that was going to be renamed, I could set the AdUser cmdlet and set the department to sales group, or sales team, or anything else, it doesn't matter. But that's the idea again, of setting a property, for really an unlimited number of users. It is quite simply whatever gets returned, by your Get-Aduser cmdlet. Whether it's one user or thousands, they will all get piped into the next cmdlet, and that will execute against all of them, okay, so that again is really, where PowerShell can save you a tremendous amount of time. So anyway, let's go ahead and execute this cmdlet to change the department.
[Video description begins] He executes code line 11. In the terminal pane, the code in line 11 appears next to the command prompt. [Video description ends]
Okay, so that has now been changed. Let's verify, by just rerunning the previous cmdlet, and now we should see Finance, instead of Accounting, which is what it was. Okay, so let's run. Let's scroll back up, and sure enough, it is now Finance.
[Video description begins] He executes code line 8. [Video description ends]
[Video description begins] In the output, the department changes to Finance. [Video description ends]
Okay, then in the last cmdlet, we'll add this user to a group. Now I did just go ahead and create this group ahead of time. So it's just sitting there waiting for some members. In fact, let's go back into Active Directory Users and Computers. There is the group, and again I just created it.
[Video description begins] In the table, he clicks on FinanceTeam. [Video description ends]
So let's double click. Let's go to the Members tab.
[Video description begins] A pop-up titled FinanceTeam Properties appears. It has the following tabs: General, Members, Member Of, and Managed By. The General tab is currently open. It has the following fields: Group name, Description, Email, Group scope, Group type, and Notes. OK, Cancel, and Apply buttons are present at the bottom. [Video description ends]
It is currently empty. Okay, so let's return back to PowerShell.
[Video description begins] He clicks the Cancel button. The pop-up closes. He shifts back to Administrator: Windows PowerShell ISE. [Video description ends]
Let's go ahead and execute this last cmdlet, which is Add ADGroupMember. The Identity parameter specifies the name of the group. Then, the Members parameter, allows you to specify a few different values. But in my case, I'm using the SamAccountName value of mvale, okay?
[Video description begins] He highlights code line 14. It reads: Add-ADGroupMember -Identity "FinanceTeam" -Members mvale. [Video description ends]
Effectively, the username, if you will, so let's right-click. Let's run and let's go back into Active Directory.
[Video description begins] In the terminal pane, the code in line 14 appears after the command prompt. [Video description ends]
Let's double-click the Finance team, go to the Members tab and, sure enough, Myra Vale is now a member.
[Video description begins] The FinanceTeam Properties window appears. [Video description ends]
Okay, so, again, when it comes to just single user management, you certainly do not need to use PowerShell, you can really use whatever you like. But, when it comes to working with multiple entities, whatever they are, then PowerShell certainly becomes, much more time saving and much more convenient.