Category Archives: Windows Server

Configuring Windows Server 2016 Core Domain Controller

In Windows Server 2016 you no longer have an opportunity to switch back and forth between core and GUI installation, hence you cannot do install and configure AD DS in a lazy way (using full GUI) and then convert it to core. That was something I discovered hard way long time ago – so I already have separate VHDX templates for Server 2016 core and full GUI VMs.

But it has been quite a while since I was playing with Server Core so when I starting provisioning my new Server 2016 core domain controller VMs today I realized that I need to remember quite a few commands to fully install AD DS on Server Core. I was about to create a blog post listing essential commands, but actually found very well written blog post on TechNet covering exactly that: Chad’s Quick Notes – Installing a Domain Controller with Server 2016 Core. So just sharing it here, instead of writing the same myself 🙂


Getting Hyper-V guest OS information without logging in to guest OS/VM

The other day it was necessary for me to confirm Windows OS build in  Hyper-V guest VM without logging in into it. I simply received VM from the client but no credentials which I could use, but it was necessary to quickly confirm guest OS build. I was certain that there is a way to query such data from Hyper-V host without logging into guest and with no credentials. After some googling I was not able to find some simple command or one liner to pull this data (opening PS session into VM was not an option as it requires credentials), but I’ve found good function which does exactly what I need on Yusuf Öztürk blog, here it is:

Once you have this function, you can use it like this:

Sample output from this function:


How to install and manage Nano Server

My 2nd article about new Windows Server 2016 installation option “Nano Server” is now available @StarWind Blog. In my previous article, I covered general concepts around Nano Server, in this one I talk about more practical aspects: installation and management. At the end of the day, you would agree that the best way to learn new technology it is try to use it – this way you will be exposed to its strengths and weaknesses directly, and can get real understanding of whether it works for you or not. Though at this point even Microsoft admits that despite all its greatness, at the moment, Nano Server has quite limited utility as it supports only a small subset of roles and features out of those which you can find in full GUI version of Windows Server.

Read more @StarWind Blog…


Windows Server 2016 Nano Server – Just enough OS model

I’ve recently spent some time exploring Windows Nano Server installation option and wrote detailed blog post for StarWind blog entitled  “Windows Server 2016 Nano Server – Just enough OS model” you can read it here. Article covers Nano Server basic concepts and compares this installation type with conventional Full Server and Server Core installation options – if you find this topic interesting please read on @ StarWinds Blog.


Exam 70-741: Networking with Windows Server 2016 beta exam

I’ve recently took exam 70-741 which is currently still in beta. I heard some feedback that this exam is quite tough, and honestly giving the fact that sub-net calculation skills tend to fade away without regular practice along with “great constants” (especially new set of IPv6 prefixes and other things you have to remember) I expected to be the difficult one.

Though after watching George Dobrea’s (@gdobrea70-741 preparation session recorded at TechEd NA I realized that I rather like practical focus on the exam – much better have network only stuff in one exam instead of having it dispersed across all the other exams in tiny nuggets as we have it in previous generation of certification exams from Microsoft. I really like the way they structured it now, and even early retake of 1 exam requirement is rather good/expected.

After taking beta exam itself I would say that I really liked it as question are really practice focused with short and concise possible answers and really test both your understanding of how it works as well as how to work with it (PowerShell/GUI).

I’m not sure whether I passed or not (for beta exams results being sent to you only after release date and only if you passed this exam) – but overall I didn’t feel like I failed despite plethora of questions about new things and some old things I didn’t remember well enough. Examples of things exam touches on which require revision for me are TrustedAnchors DNS zone, IPAM in general, DNS scavenging, root DNS server and Network Controller.

And just one more observation: The way MSFT orchestrates their product launches for last three product generations or so is really remarkable example on how to do it for any software company. They have it all: well before fancy launch events there is a work and engagement with community and early adopters, exams, training courses and books are prepared to be published just around the release date and by now already traditional free ebooks “Introducing …” available well before the release date clearly communicating selling points and positioning of product (touching on technical topics quite well but mainly giving you a big picture). Probably not any software company has that scale to afford all of this, but if you are vendor of enterprise grade software with established client base you may learn how to do launches from Microsoft – probably no surprises here, at the end of the day this is a company shipping software products since November 1985 release of Windows 1.0 – surely they know how to do this. But by now they really achieved remarkable mastery in product launch process which I can’t help noticing.


Windows 10 Hyper-V: What is “Upgrade Configuration Version…” option?

Recently I imported some old VM into my Windows 10 Hyper-V and noticed that unlike VMs I created with latest version of Hyper-V it has an extra option named “Upgrade Configuration Versions..”:

Hyper-V Upgrade Configuration Version

To me option name is a bit confusing (which sometimes happens in MSFT products out of best intentions in attempts to simplify their wizards and wording). I was confused by this option name as it makes me think about configurations versioning and management rather about what it really means.  To put it simply it is equivalent of what you can see in VMware Workstation as “Upgrade Virtual Hardware”/”VM hardware compatibility” (isn’t it more appropriate name? but I guess there is also differentiation needs which software vendors may have 🙂 ).

What you should know about this is in the past (prior to Windows 10) your VMs have been upgraded automatically to new configuration version, but now you have more control over this and have upgrade it manually via GUI (see screenshot above) or using Update-VMVersion cmdlet.

“Upgrade Configuration Version…” option presented in VM properties only when your VM is in offline state. Operation is almost instant and unfortunately it doesn’t give you that VMware Workstation wizard which explains available versions and why you may want to upgrade/added features. But essentially Hyper-V no longer upgrades VMs by default to allow you to move them back to older versions in case it will be necessary and upgrade is needed to enable new features for VM (see table below):

Hyper-V Upgrade Configuration Version - Features Table

Features available/added in different VM versions. Source: Ben Armstrong’s Virtualization Blog – Upgrading your Virtual Machine version

Virtual machines created on Windows 10 use version 6.2 configurations, and the highest value for now is 8.0 (Served 2016/Windows 10 Anniversary update). You can use this table to get an idea of configuration versions in different base OS versions:

Hyper-V Upgrade Configuration Version - Versions Table

To check configuration versions of VMs on your Hyper-V host:

To get configuration version supported by your host use (add –Default parameter to see default one):

You can read more in official MSFT documentation: Upgrade virtual machine version in Hyper-V on Windows 10 or Windows Server 2016


How to: enable GC on domain controller (2 ways)

There are two ways of making your DC a GC and you can read on to learn how.

But before we launch into it, just look at this “making your DC a GC” sentence for a moment. It makes me think that it is a good example of what not to do in writing for non-technical audience 🙂 I recently started to watch a very useful course on CBT Nuggets – “Essential Soft Skills for the IT Professional” by Steve Richards, and there you may learn that key things in writing tech reports to non IT audience are: avoid JATB, give MWLH and don’t SUCK 🙂

CBT Nuggets Tech Reports for Non-tech audience

Which of course means avoid Jargon, Acronyms, Techspeak, Buzzwords (JATB), give More Why Less How (MWLH) and don’t Suffer from Using Computer Knowledge (SUCK) 🙂

OK, getting back to the main topic and switching to tech writing again. First it would be nice to check which DCs are already GC-enabled, and you can do this by issuing the following PS cmdlet:

Now how to enable/disable GC:

1) PS way of enabling GC:

And you can use the same cmdlet to disable it as shown on screenshot below:

Enable or disable GC with PS

2) GUI way. Access Active Directory Sites and Services (dssite.msc), locate domain controller you need to make a GC and access General tab of its NTDS Settings Properties:

NTDS Settings - Global Catalog

By the way there is an interesting connection between GC and group scopes. You can only convert to a universal group from any other group scope on a domain controller that has the global catalog. This is somewhat obvious, as universal groups, which combine the best of two worlds (i.e. domain local and global groups) can have members from domains other than the domain where the group object is stored and can be used to provide access to resources in any domain, only a global catalog server is guaranteed to have all universal group memberships that are required for authentication.


How to: Make sure that DHCP won’t issue IP which is already in use

Assume that you replaced failed DHCP server with a new one configured with the same scope. This can possibly lead to situation when your new DHCP server can lease addresses which were earlier issued by failed server if it was configured with the same scope.

To mitigate this you can use Conflict detection attempts setting which can be found on Advanced tab of your scope properties:

DHCP Conflict detection attempts setting

By default it is set to 0 which means that your DHCP server won’t attempt to perform any conflict detection before issuing an address. As soon as you set this parameter to something higher that 0, let’s say N, your DHCP server query the network N times before it assigns an IP address to make sure that address is not already in use.

Of course this is a good option to be aware of, but real solution here is to add extra DHCP server and configure DHCP Failover which is available in Windows Server 2012 or newer versions and ensures that you won’t need to have any headache if one of your DHCP servers fails.


Comparing IPv4 and IPv6 Addressing

As I preparing for 70-410 I just realized that I HAVE TO memorize some IPv6 related things, so hence this table was taken from MSFT documentation and slightly colored by me:


You may benefit from reading entire “Chapter 3 – IP Addressing” from ” TCP/IP Fundamentals for Windows” available on TechNet if you in a mood for going into details.

It is useful to memorize common prefixes for the exam and for practical purposes:

2000::/3 prefix for a globally unique IPv6 address (can be 2001/2002). It is equivalent to a public IPv4 address. Assigned by IANA. The full address will include a value representing the organization’s site, a subnet identifier, and host address.

FC00::/7 is the prefix used for a unique local unicast address (also FD00:://8). This is used in a private network like a private IPv4 address. Address values are unique only to that network and are routable only through the network. The address is not publically routable.

FE80::/64 prefix for link-local unicast address, which is equivalent to an IPv4 APIPA address. It is generated automatically when a network adapter is not configured with an IPv6 address and cannot lease an address from a DHCP server. This is not routable address. Even if you have DHCP or statically assigned IPv6 address you still going to have auto generated link-local address. This address is randomly generated, and in the past MSFT implementation used to insert MAC address into it, now MAC address no longer inserted into it.

FF00::/8 prefix for IPv6 multicast address

FEC0::/10 is a site-local address. Though still documented by many sources, the use of this prefix has been deprecated.




How to change Network Profile in Windows Server 2012/2016

Sometimes Windows picks up wrong profile for you network and there is no obvious (or even any?) way to change this via GUI. But you can easily do this with PowerShell (v4.0 or newer):

I guess looking at above and keeping in mind that you have get-help cmdlet changing Network Profile is no longer an issue for you.