In this post, I will talk about two powershell built-in variables that tells if last command/script executed successfully or failed.

As you start writing more sophisticated scripts using Powershell, it is important to perform proper error handling in the scripts. There are several mechanisms available in PS to perform error handling. In this post, I will talk about basic methods which you can use either in scripts or from command lines easily.

Powershell has two built-in variables $LASTEXITCODE and $? which can tell if the last executed script/code/win32 executable completed successfully or in error

$LASTEXITCODE:

This is equivalent to %errorlevel% variable in cmd shell. When you execute a command in cmd.exe the execution status is stored in %errorlevel% variable which can be used in batch scripting to determine the execution status of previous command. Similarly in Powershell, when a win32 executable is executed, the return code is stored in $LASTEXITCODE variable. Generally a zero(0) value in $LASTEXITCODE is treated as success and any other non-zero are treated as failures. You can also choose to perform actions based on the return code of the executable.

Example:

PS C:\scripts>$LASTEXITCODE=0

PS C:\scripts> sc.exe query spooler1

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.

PS C:\scripts> $LASTEXITCODE

1060

PS C:\scripts> sc.exe query spooler

SERVICE_NAME: spooler

        TYPE               : 110  WIN32_OWN_PROCESS  (interactive)

        STATE              : 4  RUNNING

                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

        WIN32_EXIT_CODE    : 0  (0x0)

        SERVICE_EXIT_CODE  : 0  (0x0)

        CHECKPOINT         : 0x0

        WAIT_HINT          : 0x0

PS C:\scripts> $LASTEXITCODE

0

PS C:\scripts>

In above examples, when I queried for spooler1 service(non-existing one) the value of $LASTEXITCODE is changed to 1060, the return code from sc.exe

The $? Variable:

This is another built-in variable in Powershell which has the same functionality of $LASTEXITCODE except that it stores the execution status of last powershell command AND win32 applications execution status. You can use this in Powershell scripts or while executing one-liners from powershell console. This variable won’t tell the return code, but it tells you whether the last PS command or Win32 executable executed successfully or not. That means, it will contain either of two values, $TRUE or $FALSE. When a command is executed successfully, this variable value is changed to $TRUE. Similarly, it is changed to $FALSE when the last PS command is failed. See below examples for more clarity

PS C:\scripts> Get-Service -Name adfasdf

Get-Service : Cannot find any service with service name ‘adfasdf’.

At line:1 char:12

+ Get-Service <<<<  -Name adfasdf

    + CategoryInfo          : ObjectNotFound: (adfasdf:String) [Get-Service], ServiceCommandException

    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand

 

PS C:\scripts> Get-Service -Name adfasdf

Get-Service : Cannot find any service with service name ‘adfasdf’.

At line:1 char:12

+ Get-Service <<<<  -Name adfasdf

    + CategoryInfo          : ObjectNotFound: (adfasdf:String) [Get-Service], ServiceCommandException

    + FullyQualifiedErrorId : NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceCommand

 

PS C:\scripts> $?

False

PS C:\scripts>

You can also use this variable inside your script to know the status of previous executed PS command status. See below script for usage criteria.

Get-Service -Name Spooler1            
if($?) {            
Write-Host "The last PS command executed successfully"            
} else {            
write-host "The last PS command failed"            
}            

Get-Service -Name Spooler            
if($?) {            
Write-Host "The last PS command executed successfully"            
} else {            
write-host "The last PS command failed"            
}

Hope this helps…

In one of my previous articles I showed you how to install and configure active directory in Windows Server 2012. In this post, I will talk about step-by-step removal of active directory from a domain controller in Windows  Server 2012.

Like the change in installation procedure of active directory, demotion/removal also will not depend on dcpromo. The demotion of domain controller in a windows server 2012 domain contains two main operations.

1. Removing the configuration of active directory from Domain Controller
2. Removal of active directory related roles

1. Removing the configuration of active directory from Domain Controller

Follow the below procedure to uninstall active directory from a windows server 2012 using Server Manager wizards.

• In Server Manager, click Manage, and then click Remove Roles and Features.
• On the Before you begin page, review the information and then click Next.
• On the Select destination server page, click the name of the server that you want to remove AD DS from and then click Next.

• On the Remove server roles page, clear the check box for Active Directory Domain Services and then on the Remove Roles and Features Wizard dialog box, click Remove Features, and then click Next.

• The Remove Roles and Features Wizard returns the following validation error:

• The validation error appears by design because the AD DS server role binaries cannot be removed while the server is running as a domain controller. Click Demote this domain controller.
• On the Credentials page, specify credentials to remove AD DS. If previous attempts to remove AD DS on this domain controller have failed, then you can select the Force the removal of this domain controller check box. For more information about forcing the removal of AD DS, see Forcing the removal of AD DS. If you are removing the last domain controller in the domain, click Last domain controller in the domain check box. Click Next.

• On the Warnings page, review the information about the roles hosted by the domain controller, click Proceed with removal, and then click Next.

• On the Removal Options page: (Note: this page will not appear if you chose Force Removal of Domain Controller)
  • If you plan to reinstall the domain controller using the same domain controller account, click Retain the domain controller metadata.
  • In addition, if either of the following two options appears, it must be selected before you can proceed.
    • If you are removing the last DNS server that hosts the zones hosted on this domain controller, click Remove this DNS zone (this is the last server that hosts the zone).
    • If you want to delete the application partitions, click Remove application partitions.
      • NOTE: This option will appear only if this is last server for DNS zone

• Click Next.
• On the New Administrator Password page, type and confirm the password for the local Administrator account for the server, and then click Next.
• On the Review Options page, click Demote.
• The server will restart automatically to complete the domain controller demotion. Continue with the next steps, which are needed to fully remove the AD DS server role binaries after the machine restarts to complete the demotion.

2. Removal of active directory related roles

• After completion of demotion of Domain controller and try removing the Active Directory Domain Services and DNS Server roles as mentioned in step 1 above and this time it should get succeeded without any errors.
• Removal of roles from Server Manager completes the Domain Controller Demotion Process in Windows Server 2012

Please refer to this technet article if you still have any questions about demotion of domain controller. Most of the above steps are copied from the technet site since I hate to write my own sometimes. I tried to give a good perception about demotion process with my understanding about process in the beginning of the article and with a bunch of screenshots to help you understanding the steps.

Hope this helps and happy learning.

The “Active Directory Administrative Center” is much sophisticated tool in Windows Server 2012 to manage Active Directory. I liked its ability to easily to restore user/computer or any other Active Directory object easily without much complexity.

To recover a deleted object from active directory, follow the procedure. You should have Recycle bin enabled and working in order for this restoral to complete successfully. See  my previous article to enable recycle bin windows server 2012 if you haven’t done it already.

• Open “Active Directory Administrative Center” from administrative tools(or simply type dsac in RUN)
• Go to the domain where you want to perform the restoration and go to Deleted Objects container.

• Right click on the object you want to restore and select Restore. Optionally you can selectRestore Tooption if you want to restore to different OU in active directory.

• Now you can see that object is restored with all its attributes. You can start using it as is.

Who will use PS commands if restoration is this much easy from GUI. I love it.

Hope this helps.

Recycle Bin option was introduced with Windows Server 2008 for easy recovery of deleted objects. It is a optional feature and one can enable if they need it. In windows 2008 we need to do it via Powershell commands but in Windows Server 2012, there is GUI option available.

Procedure to enable recycle bin in Windows Server 2012:

• Open “Active Directory Administrative Center” from administrative tools(or simply type dsac in RUN)
• Go to the domain where you want to enable recycle bin.
• Right click on the domain name and select Enable RecycleBin

• It will give a prompt to alert you that recycle bin can not be disabled once enabled. Click OK if you want to proceed.

• Wait for the changes to replicate and then you can start using it.

Hope this helps..

 

Snipping tool is very useful and handy tool for taking screenshots of the console. I used it very much when worked on Windows 7 and Windows Server 2008 R2. While playing with Windows Server 2012, I found it is missing. Without that, it is difficult for me to post any blog update(trust me, I rely so much on it).

After some struggle, I learned that it will come by default and this optional feature needs to be installed explicitly if you want to have it on Windows Server 2012. The below powershell commands will help you in enable this feature.

Enable-WindowsOptionalFeature -Online -FeatureName User-Interfaces-Infra

Similarly if you want to remove the feature, try below oneliner.

Disable-WindowsOptionalFeature -Online -FeatureName User-Interfaces-Infra

Hope this helps.

Step by step guide for installing Active Directory on Windows Server 2012

Installing Active Directory Domain Services(AD DS) on Windows Server 2012 is different from it’s predecessor operating systems. Till Windows 2008, we used the most famous dcpromo to install Domain Controller and demote them. Things have changed from Windows Server 2012, and you will notice a message like below when you attempt to run dcpromo.

The message from above box is very clear that dcpromo can not be used any more for Active Directory instillation and it has to be done through Server Manager in Windows Server 2012.

Starting from Windows Server 2012, Microsoft not only changed the way you start the Domain Controller installation but also the procedure. In Windows Server 2012, the procedure to install active directory is Divided into two major steps.

1. Installing Active Directory Domain Services(AD DS) Role
2. Configuring Active Directory

These two steps can be performed either user Server Manager(Wizard Based) or using Powershell commands. I also want to note that you promote any Windows Server 2012 on network remotely using server manager or powershell.

In this post, I will talk about installing Active Directory Domain Services using Wizard based method from Server Manager. Now let us move on and see how it works.

1. Installing Active Directory Domain Services(AD DS) Role

Like any other Role installation in Windows Server 2012, AD DS role also has to be installed using the same procedure using Server Manager. The below procedure

• In Server Manager, click Manage and click Add Roles and Features to start the Add Roles Wizard.
• On the Before you begin page, click Next.
• On the Select installation type page, click Role-based or feature-based installation and then click Next.

• On the Select destination server page, click Select a server from the server pool, click the name of the server where you want to install AD DS and then click Next.

NOTE: To select remote servers, first create a server pool and add the remote servers to it. For more information about creating server pools, see Add Servers to Server Manager.

• On the Select server roles page, click Active Directory Domain Services, then on the Add Roles and Features Wizard dialog box, click Add Features, and then click Next. Don’t worry about any dependent components installation. The installation will take care of it.

• On the Select features page, click Next as we are not interested in installing any feature right now.
• On the Active Directory Domain Services page, review the information and then click Next.

• On the Confirm installation selections page, click Install. You can optionally select Restart the destination server automatically if required option if you want the installation to take care of rebooting automatically. I think better we select it.

• On the Results page, verify that the installation succeeded. You either do the configuration from this window or through AD DS option that you see from Server Manager if you want to configure later. This I will talk about in next section.

• This completes the AD DS role installation part.

2. Configuring Active Directory

In this section of the article I will talk about how to configure the installed Active Directory Domain Services role to install a first domain controller in a new forest.

• If you happen to close the Installation results wizard in Installing Active Directory Roles section above, go to Server Manager and navigate to AD DS section to configure the AD DS role. There click on More option of the yellow flag asking you configure the AD DS role. After that you will see a Task details and Notifications page and you can initiate Promotion of the server to Domain controller form there. You will see a Deployment configuration page given in next step.

• If you have launched Promote this server to Domain Controller option from last page of installation wizard, you will see the below window. Here you select the type of your deployment. In my case, it is a new DC installation in a few forest. You also need to enter a name for the new forest in Root Domain Name box. Click Next once you are done.

• On Domain Controller Option page, enter a password for Directory Services Recovery Mode and adjust the Forest and Domain functional levels as you need. Click Next

• Click Next on DNS Options page.

• On Additional Options page, enter a NetBIOS name for your domain.

• Leave defaults on Paths page unless you want to change the path of database and log files of active directory.

• On the Review options page just cross verify that you have given all inputs correctly. One interesting option you might want to check here is View script. That will show the Powershell command that wizard is using in background to configure the active directory role.

• On Prerequisites Check page resolve it it reports any issues. Otherwise just click on Next

• The Installation will take some time and reboot the server as needed. Once it is back online, you have Active Directory Domain Services ready on a windows 2012 box.

This completes the installation and configuration of Active Directory Domain Services (AD DS) on a windows Server 2012 operating system. Hope you enjoyed reading this step-by-step article. Feel free to drop a note in comments section if you have any questions or need some details.

Today I noticed that Get-WindowsOptionalFeature and Enable-WindowsOptionalFeature cmdlets in DISM module of PowerShell V3 are failing with below error.

Get-WindowsOptionalFeature : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Get-WindowsOptionalFeature
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WindowsOptionalFeature], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.Dism.Commands.GetWindowsOptionalFeatureCommand

After little research I understood that, DISM module is designed to work with offline images by default. To use them against a online server, we should use-Onlineswitch.

I did that and able to install telnetclient feature without any issues using the below sequence of commands.

Get-WindowsOptionalFeature -Online -FeatureName TelnetClient            
Enable-WindowsOptionalFeature -Online -FeatureName TelnetClient            
Get-WindowsOptionalFeature -Online -FeatureName TelnetClient

The big question that is still left my mind is, “Do I need to do that for every cmdlet in DISM module I use?”. Fortunately, there is a way available to get rid this -Online parameter.

The workaround is to add the online option to default parameters (Source: ITfishihngpole.com).

$PSDefaultParameterValues = @{"*WindowsOptionalFeature:Online"=$true}

After this you can run Get-WindowsOptionalFeature or any other cmdlet in DISM module without -Online option.

[SourceCode]
PS C:\Users\Administrator> Get-WindowsOptionalFeature -FeatureName telnetClient

Feature Name : TelnetClient
Display Name : Telnet Client
Description : Allows you to connect to other computers remotely.
Restart Required : Possible
State : Disabled
Custom Properties :
ServerComponent\Description : Telnet Client uses the
Telnet protocol to connect to a remote Telnet server and run applications on that server.
ServerComponent\DisplayName : Telnet Client
ServerComponent\Id : 44
ServerComponent\Type : Feature
ServerComponent\UniqueName : Telnet-Client
ServerComponent\Version\Major : 6
ServerComponent\Version\Minor : 2
ServerComponent\Deploys\Update\Name : TelnetClient

PS C:\Users\Administrator>
[/SourceCode]

Hope this helps.

This post will explain the procedure involved in enabling the PowerShell V2 engine in Windows 2012 server.

I got my Windows 2012 Server up today. As most of you already aware Windows 2012 comes with PowerShell V3 by default. So, that doesn’t mean that you have to upgrade all of your PowerShell V2 scripts to V3 version. There is a backward compatibility option available. But this is optional and not enabled by default. Follow the below steps to enable the backward compatibility by installing PowerShell v2 engine.

•  Open Server Manager
• Click on Add Roles or Features
• Select “Role-Based or Feature-Based installation” on Installation Type page
• In the server selection section, make sure that local server is selected
• Click next on “Server Roles” page without selecting any
• On “Features” page, expand “Windows PowerShell (Installed)” and select “Windows PowerShell 2.0 Engine” as shown below

• Upon selecting the option you will see another prompt like below to install the required pre-requisites.

• Click “Add Features to Continue
• On the “Confirm Installation Selections” page, click Install. The installation may requires media, so ensure that it is available.

• Installation will take a while and be patient.
• This completes the installation.

Launching the PowerShell V2 Console on Windows 2012:

You can use the below command to launch PowerShell V2 and you can run your Powershell V2 scripts from this console. You may verify the version of this console by using Get-Host cmdlet.

powershell.exe -version 2

Hope this helps…

 

 

The Powershell script discussed in this post will help you to change Startup type (Automatic Manual, Disabled) of a windows service on local or remote computer.

In my previous post we have seen how to query startup type of a windows service using powershell. In post article we will further discuss on the same topic and figure out how to change or update the startup type of a windows service to Automatic or Manual or Disabled. In my previous post, I switched to WMI method as the built-in Service related powershell cmdlets doesn’t support querying the startup type. However, they have the ability to change the startup type of the service to either of Automatic, Manual, Disabled.

Here is the script(Set-ServiceStartupType.ps1) that sets the startup type of multiple services on local or remote computer.

[cmdletbinding()]            

param(            
[string[]]$Service,            
[Validateset("Automatic","Manual","Disabled")]            
[string]$Type,            
[string]$ComputerName            
)            

foreach($Ser in $Service) {            
 try {            
  $ServiceObj = Get-Service -Name $Ser -ComputerName $ComputerName -ErrorAction Stop            
  Set-Service -InputObj $ServiceObj -StartupType $Type -ErrorAction Stop            
  Write-Host "Successfully changed the start up type of $Ser to $type mode on $ComputerName"            
 } catch {            
  Write-Error " Failed to get the information. More details: $_"            
 }            
}

Usage examples:

• .\Set-ServiceStartupType.ps1 -Service gupdate -ComputerName mypc1 -Type Disabled — sets the startup type of gupdate service to Disabled on computer called mypc1
• .\Set-ServiceStartupType.ps1 -Service gupdate,wsearch -Type Disabled — sets the startup type of gupdate and wsearch services to disabled on local computer.