Transfer Active Directory FSMO Roles via PowerShell

Sometimes a domain controller (DC) just needs to be decommissioned for whatever reason, let’s say an upgrade, or corrupted VM and the roles are now seized.. nevertheless, moving the FSMO (Flexible single master operation) roles can be done via the UI, however if you want to speed things up and do it with PowerShell, here is how to that.

In my scenario, I am decommissioning my Hyper-V server which at the time was acting as the primary DC. Now that it is being decomm’ed I need to transfer the FSMO roles to another DC. The destination DC is “DC01” in this case.

Move-ADDirectoryServerOperationMasterRole -Identity "DESTINATION DC" -OperationMasterRole 0,1,2,3,4

You have the option here to specify a numerical value or specifying the role itself. See below for the number assoicated to each roles. You could input each role, or as I did, just input the number(s).

PDCEmulator or 0
RIDMaster or 1
InfrastructureMaster or 2
SchemaMaster or 3
DomainNamingMaster or 4

To verify the FSMO roles have been transferred, run the netdom query fsmo command.

netdom query fsmo

Hyper-V 2016 Linux Ubuntu PXE Network Boot Error

If you’re like me, you want to run Linux on your Hyper-V 2016 host, in my case I am attempting to run a Linux Ubuntu 16.04.1. Booting from an ISO, I kept getting the same error over and over. “PXE Network Boot using IPv4 ( ESC to cancel ) Performing DHCP Negotiation….“. After realizing it wasn’t the ISO media. It wasn’t the size of the VHDX. It wasn’t the memory/vCPU or vNIC configuration. It wasn’t even due to the fact it was a Generation 1 or Generation 2 VM…. It was Secure Boot function.

1 2

Solution

  1. Stop the VM
  2. Go to its Settings
  3. Within Hardware > Select Security > Disable/UncheckEnable Secure Boot” > Start your machine back up!

3

Yay!

How to upload Custom Images to Microsoft Azure using PowerShell

In this post, I am going to show how to upload a custom image used in Windows Hyper-V (2016) to Azure cloud. I will be using a combination of the UI in Hyper-V and PowerShell in Azure Resource Manager. I will be working with Azure Resource Manager (ARM) and with Hyper-V 2016 with a custom image of Windows Server 2008 R2 SP1.

Okay, let’s get started.

Prepare On-Premises Virtual Machine Image

First, we need an image to work with. As mentioned, I am using a Windows Server 2008 R2 SP1 (yes, 2008 — needed it for a customer). The VM is Generation 1, which is not only a requirement for Windows 2008, but also a requirement for Azure, as it currently does not support Generation 2 VMs. See HERE to read more on preparing a Windows VHD.

Next, we need to install Hyper-V role on the VM. Since this is a nested VM, we will first need to enable nested-virtualization on the Hyper 2016 box. See a previous post on how to go about this HERE. Once that is complete, go ahead and install the Hyper-V role.

Next, we now need to SysPrep our VM. From an Administrative command prompt, navigate to %windir%\system32\sysprep and then execute the command “sysprep.exe”. Here, we will be using OOBE and enabling “Generalize”, also “Shutdown” the VM once SysPrep completes.

Once the VM is SysPrep’ed, we now need to compact the VHDx (remember Hyper-V 2016 here) and also will need to convert the VHDx to a VHD. This is due to the limitation of Azure at the moment, as it only supports Gen1 VMs and VHD’s.

Go into Hyper-V and within the VM properties, edit the Virtual hard disk. Then we will need to compact the virtual hard disk. Go ahead and do that..

Great, now we need to convert the VHDx to a VHD. Time for PowerShell!

Convert-VHD –Path “<source VHDX path>" –DestinationPath "<destination VHD path>" -VHDType Fixed -Verbose


Let this run (I let it go over night.. it was getting late =) )

Great, now we are ready to move on to Azure and more PowerShell.

Build Azure Container and Upload Image to Azure

First, we need to download  and install the latest AzureRM bits module locally to the Hyper-V box (if you have done this.. jump down a few lines…)

Install-Module AzureRM -Force

Next, since there was a recent update to the AzureRm module, I now need to update the module path location.

$env:PSModulePath = $env:PSModulePath + "; C:\Program Files\WindowsPowerShell\Modules"

Next, we will need to import the AzureRm module.

Import-Module AzureRM -Force

Next, we’ll need to log-in into our Azure account, and specify the subscription to want to work with. In my case, there are multiple Azure subscriptions tied to my email.

Login-AzureRmAccount
Get-AzureRmSubscription
#select the subsciption you will be working with -- if you have one, you can skip this line
Select-AzureRmSubscription -SubscriptionId "<ID>"

Next, we will create a resource group and storage account, and bind the account the group.

New-AzureRmResourceGroup -Name "ResourceGroupName" -Location "Canada East"
New-AzureRmStorageAccount -ResourceGroupName "ResourceGroupName" -Name "StorageAccountName" -Location "Canada East" -SkuName "Standard_LRS" -Kind "Storage"

If you want to change the storage type, to let’s say Geo-redundant, here are the other types of storage:

Valid values for -SkuName are:

  • Standard_LRS – Locally redundant storage.
  • Standard_ZRS – Zone redundant storage.
  • Standard_GRS – Geo redundant storage.
  • Standard_RAGRS – Read access geo redundant storage.
  • Premium_LRS – Premium locally redundant storage.

Now, we need to create a Container and grab the URL needed to upload our image. I did this through the Azure Resource Manager (ARM) Portal since I couldn’t figure out the PowerShell cmdlet (Get-AzureStorageBlob) — if you can get this to work, please let me know!

You can get the URL from the Web UI when you go into the Storage Account >> Blobs >> Container (in my case, I called it “VHD”) >> Properties.

Now we are ready to upload our image/VHD to Azure! For me this took about 2 hours, uploading a 80GB file @ 9-10MBs.

$rgName = "ResourceGroupName"
$AzureVHDURL = "URL"
$LocalVHDPath = "LocalPathtoVHD"
Add-AzureRmVhd -ResourceGroupName $rgName -Destination $AzureVHDURL -LocalFilePath $LocalVHDPath

Great, now we just need to register the VHD disk to the Gallery, and we can begin creating machines based off our image that is now in the cloud! — Another post! 🙂

SCOM Agent Version Addendum Management Pack

Earlier this week, Microsoft’s Kevin Holman published an excellent article and SCOM Management Pack that addresses the issue with SCOM 2012 and agent updates. Please have a read, and consider installing this MP to help alleviate the issues SCOM 2012 has created when it comes to understanding which version your SCOM agent is on….

BLOG POST HERE.

Step-by-Step – SCOM 2016 Update Rollup 2 (UR2) Install Procedure

My personal notes for installing SCOM 2016 Update Rollup 2, Step-by-Step. UR2 (Update Rollup) has a lot improvements, please see below the many updates being provided in this UR. Two fixes I am seeing that makes me happy, is having the alerts view fixed… Previously alerts within the Alerts view would still appear even after the alert was closed. Also, the Get-SCOMGroup cmdlet consistently failed when there was a great number of groups within an environment.

It is highly recommended to upgrade your lab/Dev environments first before upgrading your Production environment(s). The step by step procedures below are the steps I took and in no way shape or form do I accept responsibility for any data loss, and/or issues within your environment. It is advised to always take a backup of your SQL databases and/or snapshots of your SCOM environment(s). Please take these notes as suggestions. Always refer to Microsoft’s KB (posted below) for full documentation steps.

8

Here are the key updates for UR2 (source Microsoft):

Issues that are fixed in Operations Manager Update Rollup 2

  • When you use the Unix Process Monitoring Template wizard (adding a new template) to monitor processes on UNIX servers, the monitored data is not inserted into the database because of the following failure (Event ID 10801)
  • When a management server is removed from the All Management Servers Resource Pool, the monitoring host process does not update the TypeSpaceCache.
  • When alerts are closed from the Alerts view after you run a Search, the closed Alerts still appear in the View when the Search is cleared.
  • When you press Ctrl+C to copy an alert in Operations Manager Alert view and then press Ctrl+V to paste it to Notepad, the Created time is in UTC time, not local time.
  • Groups disappear from Group view after they are added to a Distributed Application.
  • IM notifications from Operating Manager to Skype fail when an incorrect exception causes NullReferenceException in the SipNotificationTransport.Send method.
  • When the maintenance mode option for the dependency monitor is set to “Ignore,” and the group (consisting of the server to which this dependency monitor is targeted) is put in Maintenance mode, the state of the monitor changes to critical and does not ignore maintenance mode.
  • Because of a rare scenario of incorrect computation of configuration and overrides, some managed entities may go into an unmonitored state. This behavior is accompanied by 1215 events that are written to the Operations Manager log.
  • Recovery tasks on “Computer Not Reachable” Operations Manager Monitor generate failed logons on SCOM Agents that are not part of the same domain as the management groups.
  • The ManagementGroupCollectionAlertsCountRule workflow fails and generates a “Power Shell Script failed to run” alert.
  • Get-SCOMGroup cmdlet fails when thousands of groups are created in Operations Manager.
  • Organizational unit properties for computers that are running Windows are not discovered or populated. This discovery is part of the System Center Internal Library MP. After this update, organizational unit properties will be discovered for all computers that are running Windows.
  • When the Operations Manager Health Service agent starts, and the agent is configured for AD integration, if the agent cannot contact Active Directory at all, it immediately goes dormant and stops trying to connect and obtain the policy from Active Directory.

Issues that are fixed in the UNIX and Linux management packs

  • SHA1 is deprecated, and SHA256 certificates are now supported on the management server that’s used to sign the Unix/Linux OMI certificate.
  • OMI does not work on Linux servers configured for FIPS compliance.
  • Avg. Physical disk sec/transfer performance counters are not displayed for Hewlett Packard computers.
  • OMI displays incorrect Memory information on Solaris 10 computers.
  • Network adapter performance is not displayed for SLES 12 x64 platform in the Operations Manager Console.
  • Cannot discover file systems on HPUX 11.31 IA-64 computers with more than 128 disks. Previously it supported only 128 VGs. Now support is extended to 256 VGs.
  • Deep monitoring cannot be started successfully on some JBoss applications because the discovery of the JBoss application server sets the Disk Path for the JBoss server incorrectly. Deep monitoring was not being started in JBoss stand-alone mode when a nondefault configuration was used.

 

Install Procedure

Once you are ready to begin your upgrade, it is recommended you do the following server/roles in the order specified below:

  1. Install the update rollup package on the following server infrastructure in the order below:
  • Management server(s)
  • Agents; Nano Agents
  • Web console server role computers
  • Gateway(s)
  • Operations console role computers
  1. Apply SQL script(s).
  2. Manually import the management packs.
  3. Apply the nano agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

Once you have downloaded the rollup files, I like to extract and only keep the language I need, in this case, ENU (English). You will need to install these with Administrative rights, I like to use PowerShell as Local Administrator. It really does frustrate me, as there is no indication that the rollup installed correctly, (other than looking at the file version number change via File Explorer; Build Number 7.2.11719.0 (RTM) –> 7.2.11822.0 (UR2)).

 

1

3

Personally, I prefer to execute the MSP files via PowerShell (RunAs Administrator) console.

Again, the order needs to be:

  1. Management server(s)
  2. Agents; Nano Agents
  3. Web console server role computers
  4. Gateway(s)
  5. Operations console role computers

Once the Update Rollups are installed, you will now need to apply the SQL script(s). In this UR, only the Operations Manager (OpsMgr) Database is affected.

The script(s) can be found here, “%SystemDrive%\Program Files\Microsoft System Center 2016\Operations Manager\Server\SQL Script for Update Rollups\

Please note, the user executing these scripts needs to have read and write permissions to the database(s).

4

5

Once you have successfully executed the SQL script, you will now need to import the updated Management Packs (MP). These MPs can be found here, “%SystemDrive%\Program Files\Microsoft System Center 2016\Operations Manager\Server\Management Packs for Update Rollups\“.

You will need to import the following MPs, please see below:

  • Microsoft.SystemCenter.Internal.mp
  • Microsoft.SystemCenter.2007.mp
  • Microsoft.SystemCenter.Advisor.Internal.mpb
  • Microsoft.SystemCenter.OperationsManager.Library.mp
  • Microsoft.SystemCenter.Image.Library.mp
  • Microsoft.SystemCenter.Visualization.Library.mpb
  • Microsoft.SystemCenter.Advisor.mpb
  • Microsoft.Windows.InternetInformationServices.CommonLibrary.mp
  • Microsoft.SystemCenter.AlertAttachment.mpb
  • Microsoft.SystemCenter.IntelliTraceProfiling.mpb
  • Microsoft.SystemCenter.SyntheticTransactions.Library.mp
  • Microsoft.SystemCenter.OperationsManager.AM.DR.2007.mp
  • Microsoft.SystemCenter.OperationsManager.SummaryDashboard.mp
  • Microsoft.SystemCenter.Advisor.Resources.(LANGUAGECODE_3LTR).mpb

6

Don’t forget, once the MPs have been imported, you should now go back to your Pending Management view, under the Administrations pane, and update all servers.

7

And that is that! You are now on the latest and greatest System Center Operations Manager release for SCOM 2016.

How to Enable Nested Virtualization on Hyper-V Windows Server 2016

I figured this post may be useful if you’re like me and testing out Azure Stack. If you are unaware of Azure Stack, in short, it allows organizations to have Azure (Cloud) on their own environment/datacenter. Here is a LINK for more information on Azure Stack. Azure Stack is currently in phase TP2 (Technical Preview 2) and this is the version I will be deploying and testing.

Anyways..

Before getting started with Azure Stack, your physical Windows Server 2016 box must have Nested Virtualization enabled.

First things first, the VM will need to have:

  • Dynamic Memory disabled and provide a minimum of 96GB of memory

3

  • VM will need to have at least 1 vCPU. I gave it 16 as per system/hardware recommendations.

4

  • MAC address spoofing must be enabled.

5

  • Lastly, Virtualization Extensions need to enabled/set to TRUE.

With the following PowerShell code, we can get the value, and then change the value from. By default this value is disabled.

Get-VMProcessor -VMName VMName | FL *
Set-VMProcessor -VMName VMName -ExposeVirtualizationExtensions $true

1

Re-run the first command to confirm the change.

2

Now we are ready to move forward with the Azure Stack install!