PowerShell Summit Europe 2015 – – sold out

The PowerShell Summit Europe 2015 is sold out.  Please be aware that we don’t maintain a waiting list as the Summit is a benefit of  PowerShell Association membership

Posted in European Summit, Powershell | Leave a comment

IPAM: 1 Installation and configuration

IPAM stands for IP Address Management. It’s a feature in Windows Server 2012 R2 that enables you manage your DHCP and DNS servers as a whole rather than at the individual service or server level.

Installation of IPAM follows the standard approach for any Windows feature. Note that you can install IPAM on a Domain Controller but it won’t configure. IPAM is designed to be installed on a member server.

Full details on deploying IPAM server are available from here https://technet.microsoft.com/en-us/library/hh831353.aspx

I’m not going to run through the full deployment and configuration – just point out some issues and where you can use PowerShell to make things easier.

Once the IPAM feature is installed you have to provision the IPAM server. There isn’t a separate MMC for IPAM admin – you use Server Manager.  Provisioning an IPAM server can be done manually or by GPO.  Manual seemed best for lab/experiment/initial set up as can’t swap from GPO to manual. You can use Windows Internal Database (WID) or SQL Server – I used WID.

You then need to configure your DHCP servers, DNS servers and domain controllers. This involves a number of group membership changes, firewall rule changes and a registry setting.

Create a group called IPAMUG and add the IPAN server into it.

New-ADGroup -Name IPAMUG -DisplayName IPAMUG -SamAccountName IPAMUG    -Description ‘IPAM management group’ -GroupCategory Security -GroupScope Universal

Add-ADGroupMember -Identity IPAMUG -Members (Get-ADComputer -Identity W12R2SUS)

Add IPAMUG to a number of groups

Add-ADGroupMember -Identity ‘Event Log Readers’ -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity ‘DHCP Users’ -Members (Get-ADGroup -Identity IPAMUG)

Add-ADGroupMember -Identity ‘DNSAdmins’ -Members (Get-ADGroup -Identity IPAMUG)

I also found I had to add the IPAM server to the domain Administrators group to get the DNS data to come through.

Modify some firewall rules

$cs = New-CimSession -ComputerName W12R2SCDC01

Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (RPC)’ -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (NP-In)’ -CimSession $cs -PassThru
Enable-NetFirewallRule  -DisplayName ‘Remote Service Management (RPC-EPMAP)’ -CimSession $cs -PassThru

Get-NetFirewallRule -DisplayGroup ‘Remote Service Management’ -CimSession $cs |
ft  DisplayName, Enabled, Direction,Profile –a

There are a bunch of firewall rules that need setting. You can find the full list in the TechNet documentation.

For DHCP servers create an audit share

New-SmbShare -Name dhcpaudit -Path ‘C:\Windows\System32\dhcp’ -ReadAccess ‘manticore\IPAMUG’
Set-SmbShare -Name dhcpaudit -Description ‘DHCP audit share for IPAM’ -Force

## restart DHCP service
Get-Service -Name DHCPServer | Restart-Service -PassThru

Enable event log monitoring on the DNS servers

$csd = Get-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server’ -Name CustomSD |
select -ExpandProperty CustomSD
$ipamsid = (Get-ADComputer -Identity W12R2SUS | select -ExpandProperty SID).value
$csd = $csd + “(A;;0x1;;;$ipamsid)”
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\DNS Server’ -Name CustomSD -Value $csd –PassThru

I also had to manually add the IPAMUG group into the security permissions for the DNS servers. Didin’t seem to be a way to automate that bit.

IPAM has a PowerShell module – IpamServer – which contains lots of cmdlets:

Add-IpamAddress
Add-IpamAddressSpace
Add-IpamBlock
Add-IpamCustomField
Add-IpamCustomFieldAssociation
Add-IpamCustomValue
Add-IpamDiscoveryDomain
Add-IpamRange
Add-IpamServerInventory
Add-IpamSubnet
Disable-IpamCapability
Enable-IpamCapability
Export-IpamAddress
Export-IpamRange
Export-IpamSubnet
Find-IpamFreeAddress
Get-IpamAddress
Get-IpamAddressSpace
Get-IpamAddressUtilizationThreshold
Get-IpamBlock
Get-IpamCapability
Get-IpamConfiguration
Get-IpamConfigurationEvent
Get-IpamCustomField
Get-IpamCustomFieldAssociation
Get-IpamDatabase
Get-IpamDhcpConfigurationEvent
Get-IpamDiscoveryDomain
Get-IpamIpAddressAuditEvent
Get-IpamRange
Get-IpamServerInventory
Get-IpamSubnet
Import-IpamAddress
Import-IpamRange
Import-IpamSubnet
Invoke-IpamGpoProvisioning
Invoke-IpamServerProvisioning
Move-IpamDatabase
Remove-IpamAddress
Remove-IpamAddressSpace
Remove-IpamBlock
Remove-IpamConfigurationEvent
Remove-IpamCustomField
Remove-IpamCustomFieldAssociation
Remove-IpamCustomValue
Remove-IpamDhcpConfigurationEvent
Remove-IpamDiscoveryDomain
Remove-IpamIpAddressAuditEvent
Remove-IpamRange
Remove-IpamServerInventory
Remove-IpamSubnet
Rename-IpamCustomField
Rename-IpamCustomValue
Set-IpamAddress
Set-IpamAddressSpace
Set-IpamAddressUtilizationThreshold
Set-IpamBlock
Set-IpamConfiguration
Set-IpamCustomFieldAssociation
Set-IpamDatabase
Set-IpamDiscoveryDomain
Set-IpamRange
Set-IpamServerInventory
Set-IpamSubnet
Update-IpamServer

Now I’ve got my IPAM server up and running its time to see what I can do with it

Posted in Networking, Powershell, Windows Server 2012 R2 | Leave a comment

PowerShell Summit Europe 2015–nearly sold out

There are a handful of places left for the PowerShell Summit Europe 2015. If you want to secure a place I recommend that you book very soon as we can’t extend capacity any further.

Posted in European Summit, Powershell | Leave a comment

Playing with the range operator

The range operator allows you to reference a range of numbers

1..10

is equivalent to

1,2,3,4,5,6,7,8,9,10

If you want anything other than numbers you’re stuck as the range operator only works with integers

though you can have a decrementing list

10..1

65..74 | foreach {[char]$psitem}

would be A – J

If you want A-Z

65..90 | foreach {[char]$psitem}

For lowercase letters (a – z)  use

97..122 | foreach {[char]$psitem}

You can even work from an array of values

$data = ‘value1′,’value2′,’value3′,’value4′,’value5′,’value6′,’value7′,’value8′,’value9′,’value10′

$data[3..6]
$data[6..3]

Posted in Powershell Basics | Leave a comment

PowerShell DSC for Linux

PowerShell DSC for Linux has moved out of CTP and v1 is available for download from http://www.microsoft.com/en-us/download/details.aspx?id=46919

You will find more details at http://blogs.msdn.com/b/powershell/archive/2015/05/06/powershell-dsc-for-linux-is-now-available.aspx

You will need to download OMI version 1.0.8-1 which is available from https://collaboration.opengroup.org/omi/documents.php?action=show&dcat=&gdid=32721

OMI has to be installed on the Linux box before the DSC package

A useful getting started guide is available https://technet.microsoft.com/en-us/library/mt126211.aspx

I demonstrated DSC for Linux at the recent PowerShell Summit NA 2015

https://www.youtube.com/watch?v=X5igUenOJiU&index=30&list=PLfeA8kIs7CochwcgX9zOWxh4IL3GoG05P

though things have changed a bit since I built that demo environment using the DSC for Linux CTP. I’m going to rebuild my Linux box with the new bits and give it a whirl.

Being able to manage Windows and Linux environments through the same techniques, and in some cases the same DSC configurations is a big step forward

Posted in DSC, PowerShell v5 | Leave a comment

WMF 5.0 April 2015 preview – – software inventory logging

A software inventory module is now included with the April 2015 WMF 5.0 preview

£> Get-Command -Module SoftwareInventoryLogging | select Name

Name
—-
Get-SilComputer
Get-SilComputerIdentity
Get-SilData
Get-SilLogging
Get-SilSoftware
Get-SilUalAccess
Get-SilWindowsUpdate
Publish-SilData
Set-SilLogging
Start-SilLogging
Stop-SilLogging

Windows updates are always a good place to start poking into your systems

£> Get-Command Get-SilWindowsUpdate -Syntax

Get-SilWindowsUpdate [[-ID] <string[]>] [-CimSession <CimSession[]>]
[-ThrottleLimit <int>] [-AsJob] [<CommonParameters>]

£> Get-SilWindowsUpdate

ID          : KB3055381
InstallDate : 4/30/2015

etc

The parameters for Get-SilWindowsUpdate look like those I’d expect from a CDXML module. Inspection of C:\Windows\System32\WindowsPowerShell\v1.0\modules\SoftwareInventoryLogging\

shows  a number of cdxml files

MsftSil_Computer.cdxml
MsftSil_ComputerIdentity.cdxml
MsftSil_Data.cdxml
MsftSil_ManagementTasks.psm1
MsftSil_Software.cdxml
MsftSil_UalAccess.cdxml
MsftSil_WindowsUpdate.cdxml
Msft_MiStreamTasks.cdxml

The WMF 5,0 release notes supply a link to further data of software inventory logging – interestingly its flagged as a Windows Server 2012 R2 page.

Trying the cmdlet against a Windows Server 2012 R2 system running WMF 4.0 (with the November 2014 roll up)

$cs = New-CimSession -ComputerName W12R2SUS
Get-SilWindowsUpdate -CimSession $cs

£> Get-SilWindowsUpdate -CimSession $cs

ID             : KB3006193
InstallDate    : 1/5/2015
PSComputerName : W12R2SUS

etc

This means the class is on our Windows Server 2012 R2 box so we could use it directly

£> Get-CimInstance -Namespace root/InventoryLogging -ClassName  MsftSil_WindowsUpdate | Format-Table -a

ID                  InstallDate                                PSComputerName
—                   ———–                                 ————–
KB3006193 1/5/2015 12:00:00 AM
KB2894856 9/14/2014 12:00:00 AM

etc

This module supplies a useful way to find out the software installed on our systems – I’ll be digging into this over a few more posts

Posted in CDXML, CIM, PowerShell v5, WMFv5 | Leave a comment

WMF 5.0 April 2015 preview – – creating guid

Creating a GUID has always been possible with PowerShell – you just had to drop into .NET

£> [System.Guid]::NewGuid()

Guid
—-
46c130ca-39ff-463c-b7fb-ed728a1c134f

With the latest WMF 5.0 preview life gets easier:

£> Get-Command New-Guid -Syntax

New-Guid [<CommonParameters>]

£> New-Guid

Guid
—-
112866a5-1662-4265-b851-f9086607bcb2

The New-Guid cmdlet happily creates a GUID for you – and you don’t have to remember the >NET syntax.

If you want the GUID in a variable as a string

£> $guid = New-Guid | select -ExpandProperty Guid
£> $guid
5c832d40-0ea4-4b42-b0bd-b228da008c9d

Posted in PowerShell v5, WMFv5 | Leave a comment