Category Archives: Windows Server 2016

Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 4 — AGPM

Previous part — Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 3 — Management Infrastructure

Introduction

When we talk about control version systems (CVS), the first thing comes to mind is, of course, program code. In the modern world, one cannot be a decent software developer if they do not use Git or TFS or Mercurial or Subversion etc. But this does not mean only developers benefit from the concept of CVS: Adobe provides designers with its own solutions to manage file versions.
What about us, IT administrators? Given the growing popularity of the infrastructure-as-a-code concept, many IT administrators have already adopted some kind of CVS to store scripts and configurations files.

Today I want to talk about version control for group policies. You probably know that group policies are not exactly text files, therefore, traditional CVSes are not the best choice here. That’s why Microsoft came up with its own solution, which allows us to track changes, compare GPO versions and quickly restore the previous ones: Advanced Group Policy Management (AGPM).

Interesting, that it is not just a CVS, but is also a tool to delegate group policies administration with built-in approval management mechanism.
But even if you work in a small team and do not need GPO management delegation, I still encourage you to use AGPM as a version control system.

AGPM is a part of Microsoft Desktop Optimization Pack, which is a free software set available to Microsoft Software Assurance subscribers. Here’s the official documentation where you can learn more about the product.

Warning

AGPM is NOT a substitute for a proper Active Directory backup.


Continue reading Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 4 — AGPM

Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 3 — Management Infrastructure

Previous part — Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 2 — Post-Config

Introduction

Sorry it took me so long — a lot has happened in the last six months, including moving into another country and changing jobs. Also, as you can see from several previous posts, I got a little bit carried away with PowerShell.
Another thing with which I got carried away is this post: I even had to split it, eventually. That’s why today, I present you not one, but two blogs at once! Find the next one here: Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 4 — AGPM

Up to this point, we were working on our servers interactively, locally. This is considered not the best practice because you consume server resources to support an interactive logon session. Also it might be inconvenient when you manage a fleet of servers.
In this article we will setup remote management administrative stations, which we will use to manage servers in the lab from then on.


Continue reading Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 3 — Management Infrastructure

Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 2 — Post-Config

Previous part — Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 1 — Installation

Introduction

In this post we will perform two configurations on our Active Directory Domain Services instance: We’ll define security tiers which later become cornerstones of our privilege delegation principles and we’ll tune domain-joining parameters. Also a quick tweak for the DNS service.


Continue reading Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 2 — Post-Config

Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 1 — Installation

Introduction

Up to this day, Active Directory Domain Services (AD DS) has been the core of the Windows infrastructure. With each release of Windows Server, AD DS receives new features while keeping great backward compatibility. Windows Server 2016 brings following enhancements to AD DS:

In this blog we shall install the corner stone of our future infrastructure: a highly-available AD DS instance of two domain controllers. Our AD DS layout is going to be quite simple: two writable domain controllers in a single site.


Continue reading Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 1 — Installation

Building Highly-Available Windows Infrastructure: Command-line Style

Several months ago Windows Server 2016 was released. With this release Microsoft has made two significant changes in Windows Server installation options:

  • Nano Server was introduced
  • Server with a GUI now includes desktop experience features (it is even called “Server with Desktop Experience”) and there is no supported way to remove them. This should force IT Administrators to deploy Server Core more broadly.

Looks like now is a good time to stop thinking about Windows Server as a GUI based system and pivot your management approach to be more command-line.
This post is the first in a series of how to build your own highly-available Windows infrastructure using just PowerShell and some other command-line tools. I plan to discuss the following components:

  • Active Directory Domain Services,
  • Active Directory Certificate Services,
  • Desired State Configuration,
  • Key Management Services,
  • DHCP,
  • SCDPM,
  • SCCM,
  • Exchange Server,
  • And, possibly, S4B Server, as well.

I am not able to deploy Hyper-V hosts yet, as all my infrastructure is purely virtual and the host machine, sadly, is running Windows Server 2012 R2 and currently it is impossible for me to upgrade it.

All PowerShell code will not use any hardcoded values. Instead, at the beginning of each post, I shall include a set of variables which will allow you to easily recreate the infrastructure in your environment w/o any change in the code.

The first part is already here! Building Highly-Available Windows Infrastructure: Command-line Style. AD DS. Part 1 — Installation