1.2.1 Configure Server Core
Set a new password -
You will be prompted the first time. You can always change it later with Ctrl-Alt-Delete/Change Password.
Set a static IP address -
get-netipinterface - to determine the interfaceindex of the network adapter you want to change.
new-netipaddress -interfaceindex ## -ipaddress 192.168.1.10 -prefixlength 24 -defaultgateway 192.168.1.1
(prefixlength is the subnet mask in CIDR format).
set-dnsclientserveraddress -interfaceindex ## -serveraddresses 192.168.1.90, 192.168.1.91
related commands: get-netipaddress, remove-netipaddress, get-netipconfiguration,
Join a domain
old school method was to use netdom join but i'm going to assume the test will ask about current PS method which is add-computer, for example
addcomputer -domainname contoso.com
Rename computer
rename-computer
Activate the server
technet still says to use slmgr.vbs . Is there really no cmdlet for this?
Configure windows firewall
check if enabled:
get-netfirewallprofile | format-table name, enabled
to enable the profiles
set-netfirewallprofile -profile domain, public, private -enabled true
to set a rule
set-netfirewallrule
create a new rule:
new-netfirewallrule
Enable Windows Powershell remoting
This one is super important. I think it's enabled by default, but this is how you will access the server core from a remote computer via powershell to do things like "invoke-command".
enable-psremoting
Extra Note:
You can use sconfig.cmd to configure some basic settings through a menu.
1.2.2 Delegate Administration
No clue why Microsoft puts this in this section, since it is AD related. Shouldn't it be in "Install and administer Active Directory?" Maybe they just want you to know that you cannot delegate using ADAC. And I assume they aren't talking about the Kerberos computer delegation. Anyways, unless I am missing some new 2012 feature, everything seems to point to this covering the old AD Delegation of Control Wizard.
You cannot do delegation with ADAC(However, you can access the security ACL here if you want to view delegation). You can delegate administration of an OU by using the Delegation of Control Wizard in ADUC. Sine the delegation wizard just sets ACL security settings, you can view the "delegations" by right-clicking the OU and selecting "advanced" under View. Then right click the OU and select properties and security tab. The built-in tasks for an OU that you can delegate with the Delegation Control Wizard:
Create, Delete, and Manage User Accounts
Reset user passwords and force password change at next logon
Read all user information
Create, delete, manage groups
Modify the management of a group
Manage Group Policy Links
Generate Resultant Set of Policy (Planning)
Generate Resultant Set of Policy (Logging)
Create, delete, and manage Inetorgperson accounts
Reset inetOrgPerson passwords and force password change at next login
Read all inetOrgPerson information
You can also create a custom task to delegate
You can also run the Delegation of Control Wizard in ADSS and delegate sites,
Delegation tasks with their associated permissions are found in the c:\windows\system32\delegwiz.inf file
(You can create new ones here)
For more information than you probably need to know for this test, check out the Appendix G: Active Directory Delegation Tools and Appendix A: Active Directory Administrative Tasks
1.2.3 Add and remove features in offline images
Vhd's must be running 2012
Vhd cannot have more than one system volume or partition
If you choose to mount a VHD from a share, you must give the mounting computer Read/Write permissions to the share.
Using Server Manager:
Manage, Add Roles and Features Wizard. Select Role-based or feature-based install Next, select "Select a virtual hard disk". (The instructions on this dialog are nice enough to tell you about the share permissions). Select a server from the pool that will mount the image. Then select the VHD image. After that it's selecting the roles/features. As always, you can select an alternate source for the feature files.
Using Powershell
run install-windowsfeature with the -computername parameter to tell it what server will mount the vhd, or it will default to local. add the -vhd with the path to the offline VHD image. As above, if it is a share, you need to give R/W permissions to the share to the mounting computer account.
1.2.4 Deploy roles on remote servers
Shouldn't this go before the last one? Crazy MS. In Server Manager, like above except under "Server Selection", you select "Select a server from the server pool". In powershell, you just run install-windowsfeature with the -computername except this time computername refers to the remote server you want to install the role/feature on. ie. install-windowsfeature WDS -computername remoteserver1 -restart.
1.2.5 Convert Server Core to/from full GUI
no mention of Minimal Server Interface?
The important thing to remember here is:
The Server With a Gui(Full Gui) is made up of both the Graphical Management Tools and Infrastructure(Server-Gui-Mgmt-Infra) and the Server Graphical Shell(Server-Gui-Shell)
The minimal server interface has only the Graphical Management Tools and Infrastructure(Server-Gui-Mgmt-Infra) installed
And the server core has neither of these installed.
Because they both have the Graphical Management Tools and Infrastructure(Server-Gui-Mgmt-Infra) installed, you can convert from either Full Gui, or Minimal Server Interface, to anything else, using "Remove Roles and Features Wizard" in Server Manager. (Note that to get to server manager in Minimal Server Interface, you have to run servermanager.exe from command line). But obviously if you want to convert from Server Core, Powershell is your only option.
Server Core to Full GUI:
install-windowsfeature server-gui-shell, server-gui-mgmt-infra -restart
Full Gui to Server Core
uninstall-windowsfeature server-gui-shell, server-gui-mgmt-infra -restart
Minimal Server Interface to Full Gui:
install-windowsfeature server-gui-shell -restart
Full Gui to Minimal Server Interface:
uninstall-windowsfeature server-gui-shell -restart
Minimal Server Interface to Server Core:
uninstall-windowsfeature server-gui-mgmt-infra -restart
Server Core to Minimal Server Interface:
install-windowsfeature server-gui-mgmt-infra -restart
As an aside, Server-Gui-Shell is dependent on Server-Gui-Mgmt-Infra being installed. So if you have a Full Gui, and try to uninstall Server-Gui-Mgmt-Infra only, it will automatically uninstall Server-Gui-Shell. So technically, you can go from Full gui to Server Core with
"uninstall-windowsfeature server-gui-mgmt-infra -restart" because server-gui-shell will also be uninstalled automatically! Obviously, I doubt this is the answer MS wants! But give it a try yourself sometime.
1.2.6 Configure Services
While you can still use services.msc for working with services, I'm guessing that MS wants to see us do it in Server Manager and through Powershell. The Services tile in Server Manager is pretty straightforward.
Powershell commands:
get-service
start-service
stop-service
suspend-service
resume-service
set-service
new-service
1.2.7 Configure NIC teaming
Two Modes:
Switch Independent - all adapters are connected to different switches, providing alternate routes through the network.
Switch Dependent - all adapters connected to same switch, providing single interface with combined bandwith.
Switch Independent can be used for failover: active/active mode, leaves all adapters active even if one fails. active/standby one adapter is left offline as a "hot swap" of sorts. It comes online if another one fails.
Switch Dependent can be setup with static teaming or use LACP, if the switch supports it.
Nic teaming can be setup in Server Manager in the Properties Tile/Nic Teaming.
To setup Switch Dependent, you go to additional properties on Team properties and select either LACP or static on the Teaming mode.
To setup Switch Independent, you select Switch Independent for teaming mode instead.
In Powershell: as an example, you want to team Nic1, Nic2, and Nic3 in SwitchIndependent teaming mode:
new-netlbfoteam -name NewTeam -teammembers Nic1, Nic2, Nic3 -teamingmode switchindependent
get-netlbfoteam - will show you the overall team
get-netlbfoteamnic - shows you the team combined as a single nic
get-netlbfoteammember - show individual members of a team
Other relevant PS commands: add-netlbfoteammember, remove-netlbfoteam, remove-netlbfoteammember, set-netlbfoteam, set-lbfoteammember, set-lbfoteamnic
No comments:
Post a Comment