Published on

Server Core - Useful PowerShell Commands

Authors
  • Name
    Jackson Chen
#*********** Configure IP Address

# Variables
$NetAdapter = Get-NetAdapter -Name "Ethernet*"

# Enable DHCP
$NetAdapter | Set-NetIPInterface -Dhcp Enabled

# Configure the requried IP address
$NetAdapter | New-NetIPAddress -IPAddress x.x.x.x -PrefixLength 24

# Configure DNS Server
Set-DnsClientServerAddress -InterfaceAlias "Ethernet*" -ServerAddresses "x.x.x.x,x.x.x.x"


#********* Server Core Preparation
# Variables
$domain = "lab.net"

## Disable IPv6
Get-NetAdapterBinding | Where {$_.ComponentId -eq 'ms_tcpip6'}
# Server-core is using "Ethernet0" and GUI is using "Ethernet"
Disable-NetAdapterBinding -Name "Ethernet0" -ComponentID ms_tcpip6

# Add Windows Feature
Add-WindowsFeature telnet-client

# Join computer to domain
Try {
    Add-Computer -DomainName $domain -ErrorAction Stop
    Write-Host "The computer has been joined to the domain: $domain" -ForegroundColor Green
    Start-Sleep 10
    Restart-Computer -Force
}
Catch {
    Write-Host "Failed to join the computer to the domain: $domain" -ForegroundColor Red
}


#********* PDC Server Role Failover
# Query FSMO Role
Netdom query fsmo
Start-Sleep 10

# Move FSMO roles
$targetServer = $env:COMPUTERNAME
Move-ADDirectoryServerOperationMasterRole -Identity $targetServer -OperationMasterRole 0,1,2,3,4 -Confirm:$false

# Verify FSMO roles for confirmation
Netdom query fsmo
Start-Sleep 10

# PDC NTP Configuration / Migrate PDC time role
Net Stop w32time
Start-Sleep 10

# Configure time source
w32tm /config /syncfromflags:manual /manualpeerlist:"ntp.lab.net"

# Set the NTP server as trusted server
w32tm /config /reliable:yes

# Restart w32time
Net Start w32time
Start-Sleep 10

# Verify the configuration
w32tm /query /configuration

# Compare the time with the time source
w32tm /stripchart /computer:ntp.lab.net


#*********** Configure PDC NTP Server
# PDC NTP Configuration / Migrate PDC time role
Net Stop w32time
Start-Sleep 10

# Configure time source
w32tm /config /syncfromflags:manual /manualpeerlist:"ntp.lab.net"

# Set the NTP server as trusted server
w32tm /config /reliable:yes

# Restart w32time
Net Start w32time
Start-Sleep 10

# Verify the configuration
w32tm /query /configuration

# Compare the time with the time source
w32tm /stripchart /computer:ntp.lab.net


#******* Member Server NTP Configuration
# Configure NTP domain hierarchy synchronization
w32tm /config /syncfromflags:domhier /update

# Restart w32time
net stop w32time
Start-Sleep 10
Net Start w32time
Start-Sleep 10

# Verify configuration
w32tm /query /configuration

# Compare time with time source
w32tm /stripchart /computer:ntp.lab.net


#********* Enable Windows Backup
# Import Active Directory module
Import-Module ServerManager

# Variable
$Computer = $env:COMPUTERNAME

# Enable Windows Backup
Try {
    Add-WindowsFeature -Name Windows-Server-Backup -IncludeAllSubFeature:$true -ErrorAction Stop
    Write-Host "Windows Backup Feature has been enabled, computer will be restarted." -ForegroundColor Green
    # Start-Sleep 10
    # Restart-Computer -Force
} # End Try
Catch {
    Write-Host "Not able to add Windows backup feature." -ForegroundColor Red
}


#********** Backup Active Directory
# Backup Active Directory to D:\ drive

# Import Active Directory module
Import-Module ServerManager


# Variables
$Computer = $env:COMPUTERNAME
$Date = Get-Date -Format dd.MM.yyyy

# ------------------------------------------------------
# Main
# ------------------------------------------------------
#
Try {
    # Backup System State and Bare Metal Backup
    wbadmin start backup -BackupTarget:D: -allcritical -systemstate -quiet

} # End Try
Catch {
    Write-host "Failed to backup the system." -ForegroundColor Red
}


#******** Add Additional Domain Controller
# Additional DC Implementation
Import-Module ServerManager

# Install Active Directory Domani Service Server Role
Install-WindowsFeature -Name AD-Domain-Services

# Prepare the server to a domain controller
Import-Module ADDSDeployment

# Configure DS Restore Mode Password
$Password=ConvertTo-SecureString -AsPlainText -String "Enter Complex Password" -Force

# Promote to domain controller
Install-ADDSDomainController `
    -CreateDnsDelegation:$false `
    -DomainName "lab.net" `
    -SafeModeAdministratorPassword $Password `
    -NoGlobalCatalog:$false `
    -DatabasePath "%SYSTEMROOT%\NTDS" `
    -LogPath "%SYSTEMROOT%\NTDS" `
    -SysvolPath "%SYSTEMROOT%\SYSVOL" `
    -InstallDns:$true `
    -NoRebootOnCompletion `
    -Force:$true
Discuss on TwitterView on GitHub