≡ Menu

NIC Teaming(LBFO) Guide for Windows Server 2012 R2

Microsoft introduced built-in teaming capabilities in Operating System starting from Windows Server 2012. Using these Network Adapters can be teamed without using any vendor/third party utilities. This Microsoft given teaming facility provides load balancing as well as Fail Over capabilities. Hence it is referred as LBFO in many places while describing the feature.

Configuring Teaming using UI method:

You can start the teaming utility on a Windows Server 2012 by using LBFOadmin.exe utility. You can launch it by typing “lbfoadmin.exe” from Start->Run or from command prompt on Windows Server 2012 or above. Using this utility you can manage teaming abilities of local as well as remote computer.

Look at the below screenshot which shows the teaming configuration of my local host. Teaming of remote servers can also be managed by using this wizard.

Networkteaming

You can add more servers by using the Add Servers option in TASKS section under SERVERS.

Creating a new teaming is as simple as selecting the Network connections from “Adapters and Interfaces” section(Hold Ctrl key to select multiple NICs), right click, select Add To New Team as shown in the below picture.

new-team

It pop-up an wizard where you need to enter Team name and chose some more teaming parameters like team mode, active/passive adapters, VLAN Configuratin, etc and click OK to complete the teaming.

New-team-detailsThere are different teaming modes and load balancing algorithms available which you can select as per your needs. The details of each of these modes and algorithms can be found from TechNet or you can refer to one of below NIC Teaming Deployment and Management documents from Microsoft.

Windows Server 2012 : http://www.microsoft.com/en-us/download/details.aspx?id=30160

Windows Server 2012 R2 : http://www.microsoft.com/en-us/download/details.aspx?id=40319

After selecting the required options, Click OK to complete the teaming. Review the TEAMS section in LBFOAdmin.exe utility to review the status of teaming.

nic-teamingstatus

Since I have used a VM to demonstrate the teaming ability and both of the network connections are connected to Internal Network, teaming is showing as Fault. Otherwise, It should show online to indicate that it is successful.

Configuring Teaming Using PowerShell:

We have seen how to configure teaming using UI method. But this method is not efficient if you want to incorporate the teaming task into build routines or you want to perform on multiple computers. Windows Server 2012 introduced a new module called NetLBFO which can be used to manage the teaming from PowerShell.

You can get the list of cmdlets in this module by using below command.

PS C:\temp> Get-Command -Module NetLBFO

CommandType     Name                                               ModuleName
———–     —-                                               ———-
Function        Add-NetLbfoTeamMember                              NetLBFO
Function        Add-NetLbfoTeamNic                                 NetLBFO
Function        Get-NetLbfoTeam                                    NetLBFO
Function        Get-NetLbfoTeamMember                              NetLBFO
Function        Get-NetLbfoTeamNic                                 NetLBFO
Function        New-NetLbfoTeam                                    NetLBFO
Function        Remove-NetLbfoTeam                                 NetLBFO
Function        Remove-NetLbfoTeamMember                           NetLBFO
Function        Remove-NetLbfoTeamNic                              NetLBFO
Function        Rename-NetLbfoTeam                                 NetLBFO
Function        Set-NetLbfoTeam                                    NetLBFO
Function        Set-NetLbfoTeamMember                              NetLBFO
Function        Set-NetLbfoTeamNic                                 NetLBFO

PS C:\temp>

As you can see there are cmdlets available for performing various tasks related to teaming. Now let us use New-NetLbfoTeam cmdlet to create the teaming similar way we have done using the UI.

New-NetLbfoTeam -Name TIBDC2-Team1 -TeamMembers Ethernet2, Ethernet3 -Confirm:$false

That’s it. The result will show the status of teaming. Looking very simple right? That is the reason I like PowerShell. Once the teaming is available you can use Set-Netlbfo* cmdlets to change the teaming configuration, Get-NetLbfo* cmdlets to read the teaming info. The Add-Netlbfo* and Remove-Netlbfo* cmdlets are used for adding and teaming members, nics, and to remove the team itself.

Refer to this TechNet article(http://technet.microsoft.com/en-us/library/jj130849.aspx) to know more about each of these cmdlets and how they can help automate you tasks.

Hope this helps and happy learning.

{ 0 comments }

In one of my previous posts, I shared the PowerShell code that helps in enabling or disabling a network connection easily in any operating System. Starting with Windows Server 2012 this has become very easy that you don’t need any additional code to perform this. Windows Server 2012/Windows 8 and above has a bunch of cmdlets that can work with network connections to enable or disable them.

A new module called NetAdapter is introduced to work with network connections. It has total of 64 cmdlets that can be used to perform operations against network connections in Windows Server 2012/Windows 8 or above. In future post, you will see more content about usage of the cmdlets in these modules. In today’s post we will how to enable or disable network connections locally as well as remote.

Get-NetAdapter cmdlet helps in listing the current network connections.

Get-NetAdapter -CimSession TIBDC2

Get-networkadapter

It lists the network adapters and their status on TIBDC2 server. As you can see in the output, there is one network adapter which is in disabled state. If you want to enable that adapter you can use Enable-NetAdapter as shown below.

Enable-NetAdapter -CimSession TIBDC2 -Name Ethernet2

This command will return nothing when completed successfully. You can use -Passthru parameter if you want to see what is the status of the network connection after running the enable command.

Enable-NetAdapter -CimSession TIBDC2 -Name Ethernet2 -PassThru

Disabling a network connection is similar to enable operation. Instead of Enable-NetAdapter, we need to use Disable-NetAdapter cmdlet. The parameters that you need to supply to this cmdlet are same as what you have provided for Enable-Netadapter cmdlet.

Now let us look at below sample command that disables the Ethernet2 adapter that we just enabled.

Disable-NetAdapter -CimSession TIBDC2 -Name Ethernet2

disable-netadapter

This command will prompt you for a confirmation to disable the connection. You can suppress this by specifying -Confirm:$false to the cmdlet.

Disable-NetAdapter -CimSession TIBDC2 -Name Ethernet2 -Confirm:$false

You can use these sample commands and disable/enable network connections. Hope article helps.

{ 0 comments }

After downloading a VHD from Microsoft site and trying to import in Hyper-V environment you may observe this error. This can happen in Windows Server 2012 or above.

Hyper-V-Failed-Add-Disk

Looking the error message, you may feel that this VHD doesn’t support the Hyper-V version I am running. But wait!!!. I have downloaded a Windows Server 2012 R2 evaluation VHD from Microsoft and it is not working on a Hyper-V which is running on Windows Server 2012. I don’t think Microsoft will do such silly things. After debugging for sometime, I recollected a article that wrote some days back. It is about sparse flag for the files downloaded from Microsoft website.

You can read the complete article at http://techibee.com/powershell/powershell-script-to-query-folder-size/1060

So, I quickly verified and noticed that the VHD I downloaded has this sparse file set. So, removing it should solve the problem.

I made use of the Remove-SparseFlag PowerShell function which I wrote in aforementioned article and  removed the flag. After that the VM started fine.

Remove-sparseflag

Hope this helps.

 

{ 0 comments }

PowerShell: Get Windows System Info in Object format

I came across a tip in twitter from Jeffry Snover that helps in converting the System Information from Windows System information into PowerShell object. This conversion helps in easily accessing the information just by accessing the Property values.

Look at below example for better understanding.

$Obj = systeminfo /FO CSV | ConvertFrom-CSV            
$Obj.'System Boot Time'            
$Obj.'System Type'            

The first line queries the System information from local computer and stores the value in $Obj after converting the output from CSV to Object format. Once the results are available in $Obj you can review the properties of this object and query the data you want. All you see in $Obj is same as what you see when systeminfo command is ran. It’s just that formatting the output and storing in object structure for better processing.

SystemInfo-Powershell

Here is the original tweet I am referring to.

Hope this tiny tip helps.

{ 0 comments }

Add Computers to WSUS Group Using PowerShell

WSUS is still a good choice for Windows Administrators to deploy patches. This article will demonstrate how to add a Computer account to WSUS Group using PowerShell.

This activity will look cumbersome and time consuming when you want to add large no. of computers to a WSUS Group. The manual procedure involves, searching each computer and right click on it, change group membership and then select the group name that you want to move.

I faced similar situation and wanted to automate it though it is a one time task for me. A quick search in Google led me to basics of managing WSUS using PowerShell written by Boe Prox. I make up a quick script based on this article and able to move computers to new group in no time.

First we need to establish connection to WSUS.

#Connect to WSUS server            
            
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")            
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("localhost",$False)

Once the connection established, we should get a reference to Computer Group to which you want to add computers. The $GroupObj will hold the result.

#Get reference to WSUS Group to which you want to add computer account            
$GroupObj = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq "MyNewGroup"}

Similarly we need to get reference to Computer object that we want to add. The SearchComputerTargets() method allows us to search for computer accounts matching a given name. Note that this method will always return a array even though the search returns a single computer object. That is the reason I have used a for loop to add all results from search operation. If you don’t want to perform add operations if the search results are more than one, then just perform a check on the $CompObj array to see how many items it is containing. If the count is 1, then search operation resulted in finding one computer. Based on this value you can process further.

#Search for the computer account that you want to add            
$CompObj = $wsus.SearchComputerTargets("Server01")            
            
#Add computer to the WSUS Group            
foreach($Comp in $COmpObj) {            
    $GroupObj.AddComputerTarget($Comp)            
}            

You won’t see a error message at the end of addition if successful.

Windows 8.1 and Windows Server 2012 R2 has a built PowerShell module for managing WSUS which you may want to take a look.

{ 0 comments }

Cheat Sheet for Process Management using PowerShell

Cheat Sheet for Process Management is a small handy guide for any process related operations using PowerShell. It covers most common and basic things related to windows processes that any Windows Admin want to perform on a day to day basis. If you are in the process of learning PowerShell, I prefer you keep a print of it at desk as a quick reference. These are simple one liners which are targeted perform more common tasks.

The current version of this cheat sheet covers following basic tasks. If you have any suggestion to include new items, please drop me a note(see about section in my blog).

  • Get all processes and list name, PID, exe path
  • Check if a process is running by Name
  • Check if a process is running(by PID)
  • Kill a process by name
  • Kill a process by pid
  • Query full path of a process executable
  • Get process id of a process
  • Get owner(user name) of a process
  • Get Creation time of a process
  • Start a new process(locally)
  • Start a new process(locally) and get pid of it
  • Start a new process(remotely)

Do you like this idea of preparing Cheat Sheet for frequently used PowerShell commands?? Provide your feed back in comments sections. That helps me to prepare future guides in the same line.

Files-Download-File-iconDOWNLOAD

{ 1 comment }

Remove empty items from array in PowerShell

Often we get this situation where in you read the contents of a file for servers list or some other content and end up with blank/empty items in the array because of empty lines in the files. This is often seen when doing split operation on array and because of string format you will end up with empty items in array.

The below example will give you understanding of what I am saying. Scenario#1 shows how blank entries will get added to array when you read the file contents using Get-Content cmdlets and Scenario#2 shows how you will end up with blank/empty entries when you split a string using Split() method. These are two most common cases where you will end up with empty items in resultant array.

array-emptylines

Now let us go ahead and see how to get rid of them.

Addressing scenario#1:

It can be addressed by using simple technique where you will check each item in array and verify if it is empty or not. Need even shorter solution? Try the below.

$content = Get-Content c:\temp\servers.txt            
Write-Host "Array size before removing empty lines : $($content.Count)"            
$content = $content | ? {$_}            
Write-Host "Array size AFTER removing empty lines : $($content.Count)"

remove-emptylines-1

I am not aware of any other better approaches, please feel free to share if you have better technique.

Addressing scenario#2:

Scenario#2 can also be addressed in same way as scenario#1 but I don’t want to do it since there is better approach. Let me be a good programmer.

$string = "try;splitting;;me;;by semi;;coluns;;to see what ;; happens;ok?"            
$string.Split(";",[System.StringSplitOptions]::RemoveEmptyEntries)

remove-emptylines-2

As you can see split() method can take a optional parameter called splitoptions where we can specify it to remove empty entries.

As you can see in output, empty lines are removed now.

{ 0 comments }

In my previous post, we explored the way to identify list of group policies linked to a particular Active Directory OU. While it serves the purpose, there are few details missing there like whether GPO is enabled, enforced, what is the order of the GPO, etc.

Articles related to working with Group Policies using PowerShell

  1. Find Group Policies Objects in Domain using PowerShell
  2. Find Group Policies linked to Active Directory OU Using PowerShell

The applicability of Group Policy object on an Active Directory OU completely replies on status of Group Policy link on that OU. If the status of Group Policy link is in enabled state, then policy will get applied. If the status is disabled, policy is not applicable for members inside that OU. Below screen shot shows the link enable status of a Group Policy on LAB OU from GPMC editor.

GPO-Link-Enabled

When the GPO link is disabled, it appears like below in GPMC editor.

GPO-Link-disabled

Similarly enforced option has its significance to decide policy applicability.

So let us see how we can identify the link status, enforcement status and order of a Group Policy object on a OU using PowerShell since this these plays vital role in deciding the GPO applicability to objects inside that OU>

In my previous post, I used a property called LinkedGroupPolicyObjects to retrieve list of linked Group Policies on OU. There is another property called gPLink which gives more details about the policy that is linked. The values inside gPlink property talks about list of policies, their order, link enable status, enforce status. The format of gplink property looks like below.

[<GPO DN_1>;<GPLinkOptions_1>][<GPO DN_2>;<GPLinkOptions_2>]… [<GPODN_n>;<GPLinkOptions_n>]

Where GPO DN is the distinguished name of the GPO and GPLinkOptions represent the GPO enabled and enforcement status. Also first DN in the string has high precedence order while the last one has low precedence order. You can find more details about this structure at http://msdn.microsoft.com/en-us/library/cc232505.aspx

The below script take a OU name, searches active directory for OUs having that name, queries the group policies linked to that OU, identifies link status, enforcement status, order details and returns the information in Object format.

Code:

[cmdletbinding()]            
param(            
 [string]$OUName            
)            
$OUs = @(Get-ADOrganizationalUnit -Filter * -Properties gPlink | ? {$_.Name -eq "$OUName"})            
#Return if no OUs found with given name            
if(!$OU) { Write-Warning "No such OU found"; return }            
            
foreach($OU in $OUs) {            
 $OUName = $OU.Name            
 $OUDN = $OU.DistinguishedName            
 #Hackey way to get LDAP strings. Regex might be best option here            
 $OUGPLinks = $OU.gPlink.split("][")            
 #Get rid of all empty entries the array            
 $OUGPLinks =  @($OUGPLinks | ? {$_})            
 $order = $OUGPLinks.count;            
 foreach($GpLink in $OUGPLinks) {            
   $GpName = [adsi]$GPlink.split(";")[0] | select -ExpandProperty displayName            
   $GpStatus = $GPlink.split(";")[1]            
   $EnableStatus = $EnforceStatus = 0            
   switch($GPStatus) {            
    "1" {$EnableStatus = $false; $EnforceStatus = $false}            
    "2" {$EnableStatus = $true; $EnforceStatus = $true}            
    "3" {$EnableStatus = $false; $EnforceStatus = $true}            
    "0" {$EnableStatus = $true; $EnforceStatus = $false}            
   }            
   $OutputObj = New-Object -TypeName PSobject            
   $OutputObj | Add-Member -MemberType NoteProperty -Name OUName -Value $OUName            
   $OutputObj | Add-Member -MemberType NoteProperty -Name OUDN -Value $OUDN            
   $OutputObj | Add-Member -MemberType NoteProperty -Name GPName -Value $GPName            
   $OutputObj | Add-Member -MemberType NoteProperty -Name IsLinked -Value $EnableStatus            
   $OutputObj | Add-Member -MemberType NoteProperty -Name IsEnforced -Value $EnforceStatus            
   $OutputObj | Add-Member -MemberType NoteProperty -Name GPOrder -Value $Order            
   $OutputObj            
   $order--            
 }            
            
}            
            
            
            

Output:

Group Policy link status

The output is easy to understand. It mentions about OU name, its DN, policy name, link status, enforcement status, and order of the GPO that you see in GPMC console.

gpo status in gpmc

Hope this helps.. stay tuned for more articles in future.

This script is also available at technet library (http://gallery.technet.microsoft.com/Get-GPO-link-status-a6e5fe7e)

{ 0 comments }

Last time we have seen a few ways to find group policies using PowerShell. Expanding on the same horizon, I would like to share some more thoughts on finding Group Policies linked to AD OUs.

If you haven’t read my previous article on finding group policies, I prefer you go through that first. Here is the link to it.

Find Group Policies Objects in Domain using PowerShell

The previous post is about basics of finding group policies, but how to we find what all policies linked to a particular organization Unit? This can be accomplished by using ActiveDirectory module and GroupPolicy module.

First let us import both the modules

Import-Module ActiveDirectory            
Import-Module GroupPolicy            

The Get-ADOrganizationalUnit cmdlets helps in querying the Active Directory Organization units. It returns AD Object of each OU. One of the property for OU object is LinkedGroupPolicyObjects which contains information about list of policies that are currently linked to the OU. See below example for better understanding.

Get-ADOrganizationalUnit -Filter 'Name -like "*lab*"'

PS C:\> Get-ADOrganizationalUnit -Filter ‘Name -like “*lab*”‘

City :
Country :
DistinguishedName : OU=LAB,DC=techibee,DC=ad
LinkedGroupPolicyObjects : {cn={98CBBC75-DE94-4093-9B46-D4100230849E},cn=policies,cn=system,DC=techibee,DC=ad}
ManagedBy :
Name : LAB
ObjectClass : organizationalUnit
ObjectGUID : dc39b7f3-fa61-400b-aa48-318b5ca959ca
PostalCode :
State :
StreetAddress :

In my case I have only one OU with the name lab so it returned single object. Based on the name of your OU, you may need to fine tune the filter part. As you can see in the output LinkedGroupPolicyObjects attribute is an array of linked Group policy object paths. So, we need to convert these distinguished names (DN) of the Group Policies into display names for better understanding.

There are two ways to do that.

Using Group Policy Module:

Using Group Policy cmdlets query the display name and other information of Group policy object like creation time, modified time, owner of GPO etc. I used a regex to take out the GUID of GPO from the DN and used it for searching the GPO using Get-GPO cmdlet.

$LinkedGPOs = Get-ADOrganizationalUnit -Filter 'Name -like "*lab*"' | select -ExpandProperty LinkedGroupPolicyObjects            
$GUIDRegex = "{[a-zA-Z0-9]{8}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{12}}"            
            
foreach($LinkedGPO in $LinkedGPOs) {            
    $result = [Regex]::Match($LinkedGPO,$GUIDRegex);            
    if($result.Success) {            
        $GPOGuid = $result.Value.TrimStart("{").TrimEnd("}")            
        Get-GPO -Guid $GPOGuid            
    }            
            
}

Using [ADSI]

The information about group policy can also be obtained using the [ADSI] interface. The information returned by this method is properties of Group policy object in active directory. This contains variety of information that you generally see in Active Directory for a GP object. Display Name, Sysvol path of GPO, etc. are available in the output.

$LinkedGPOs = Get-ADOrganizationalUnit -Filter 'Name -like "*lab*"' | select -ExpandProperty LinkedGroupPolicyObjects            
            
foreach($LinkedGPO in $LinkedGPOs) {             
[adsi]"LDAP://$LinkedGPO" | select DisplayName, WhenCreated, WhenChanged, gPCFileSysPath | fl             
            
}

Based on your comfort level you can choose one of these methods to query list of Group Policies linked to a OU.

Hope this helps and happy learning…

{ 3 comments }

Do you have a mix of Windows Server 2003 and Windows Server 2012 R2 domain controllers in your domain and occasionally experiencing logon issues? It could be due to Computers which changed their machine password recently and failing to communicate with domain after that. AskDS(Microsoft Active Directory support team) recently published an article about this which gives further details into this problem and a few possible workarounds. You might want to try them if you are seeing similar problems in your environment.

http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

 

{ 0 comments }