Adding users (AD or otherwise) to the local administrators group on multiple computers is simple using Group Policy. Difficult otherwise. That’s because this group is commonly known as a “Restricted Group”. When you configure a Restricted Group policy, members of the restricted group that are not on the Members list are removed. Users who are on the Members list who are not currently a member of the restricted group are added. In this post I’ll describe the process to add a member to the restricted group policy.

For this example, I’ve decided that I will simply create a group, that I can add/remove users from, and I will add that group to the Restricted Group Policy.

  1. Create a Global Security Group, and name it appropriately.
    rg1
  2. Create / Add your user/s to this newly created group.
  3. Open Group Policy Manager and Create a new group policy object (GPO) and link it to an Organizational Unit (OU).
  4. Open the GPO and navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups.
    rg2
  5. Right click and choose Add Group. Enter the name of the Active Directory security group you want to add to the local administrators group. Click “Ok” and on the next screen in the “This group is a member of:” section select “Add”. Enter Administrators to add the group to the local administrators group. Select OK and close the GPO to save changes. NOTE – This process is additive and users and groups that are currently in the local administrators group are unmodified.
    rg3

    You can add additional users to the domain group and they will automatically be part of the local administrators group on servers that apply the GPO.

    If you want to simply add users to the local administrators group enter Administrators. In the next window under “Members of this group:” click Add and choose the users to add to the local administrators group.
    NOTE – Any users that are currently in the local administrators group will be removed and replaced with the users you select here. If that is what you want click OK and close the GPO.

  6. Navigate to your test server, opened an administrative command prompt and type
    gpupdate /force
  7. If you now navigate to the local groups on the server, you should see that your “Local Admins” group is now in the local “Administrators” Group.
Tagged with: , , , , , ,

This article briefly describes the process of installing the VMWare tools on CentOS 6.5. It is important that you install VMware Tools in the guest operating system because the VM will have significantly faster performance, time synchronization, and other enhanced features.

Below are the steps to install the VMware Tools on CentOS.

 

  1. (OPTIONAL) If needed, install the prerequisite software.
    [root@localhost ~]# yum install perl gcc make kernel-headers kernel-devel
  2. Attach the VMware Tools using the vSphere client.
    install_VMware_tools
  3. Mount and extract the VMware Tools to a temporary location.
    [root@localhost tmp]# mount /dev/cdrom /mnt
    [root@localhost tmp]# cd /mnt
    [root@localhost tmp]# mkdir /tmp/vmware
    [root@localhost tmp]# tar xzvf VMwareTools-8.3.7-341836.tar.gz -C /tmp/vmware/
    
  4. CD to the directory where the tools were extracted and start the VMware tools install.
    [root@localhost tmp]# cd vmware
    [root@localhost tmp]# ls
    VMwareTools-9.4.5-1598834.tar.gz vmware-tools-distrib
    [root@localhost tmp]# cd vmware-tools-distrib
    [root@localhost vmware-tools-distrib]# ls
    bin doc etc FILES INSTALL installer lib vmware-install.pl
    [root@localhost vmware-tools-distrib]# ./vmware-install.pl
    
  5. Take all of the defaults, then reboot your VM.
Tagged with: , , , , ,

Lets say for a minute you’re trying to configure your first SAN. Now, lets pretend that first SAN is a Compellent SC8000. Ya know, cause that’s what we all learn on..  You may then be aware that setting up the first and second controller, is not the easiest configuration task.

Now, lets pretend, you want to set this up at your desk, so you don’t have to sit in the cold datacenter, executing terminal commands via DB9 serial..

Has anyone else wanted that??  yes, no? maybe it’s just me, and i’m getting old.

Whatever the case may be, the purpose of this document, is to show you how to pass the serial connection through the idrac on an Compellent SC8000 controller but this should work on a R720 class Dell PowerEdge server.. (The chassis’s are almost identical)

This is a little complicated, but rewarding, so you don’t have to sit in the datacenter. ( however – may pose a small security risk, so you decide..)

Steps:

There are a few settings we need to make in the BIOS for this to work. (Don’t get this confused with the IDRAC settings – you NEED to actually reboot the server and get into the BIOS and make these settings.)

1. Reboot the server, and at the DELL splash screen, hit the F2 button to Enter System Setup.

bios

 

2. Depending on the mood of the chassis, you may enter into a GUI or a Text mode menu where the following settings should be selected.

You enter this menu by selecting at the System Setup Screen, “System BIOS > Serial Communications”, then change to the following settings:

settings

Make note that I am connecting on COM2, and redirecting the serial device from Device 1 to COM2.

*I know, its confusing, but this is how I made it work reliably. I believe there may be an issue with redirection on COM1. Perhaps someone smarter then I has an answer to that.

 

3. Serial debugging requires one additional setting (also accessed via “F2”) – iDRAC setting below – simply select iDRAC settings vs BIOS settings.

  • Disable IPMI Over LAN, in iDRAC configuration, under network settings.

ipmi

 

4. Once the changes are made, you should be able to connect to the Dell PowerEdge server via a serial port or use console redirection. (meaning we can connect via SSH through the idrac)

So grab putty (or your other favorite terminal program) and ssh into the IP address of your IDRAC.

after you authenticate type “connect”

connect

after you connect, you will wait a long time while the controller initializes, but after a short while (Up to 5 minutes or longer) you will see the following:

 

purpconsole

 

Tagged with: , , , , ,

Hello all,

Just because I’m selfish, and I want everyone to know what I’m doing, i’m publicly announcing that I am taking some time off.  Not really my favorite vacation..  My wife and I are packing up the kids, and heading to FL to visit the blasted Hell heat! The kids are looking forward to it, and that’s what really matters! I hope to have some interesting stories and pictures to share along the way.

Have a great weekend, and I’ll be back when I get back!

Chris

Tagged with: , , ,

Hi all, and welcome back to another blog post, by yours-truly!

The purpose of this post, is to outline the deployment of 2012 Active Directory empty root domain, using a single GUI DC and a single CORE DC. In a future blog, I may build on this and create a separate sub-domain that all domain work would be accomplished from.

This build is based on a once Microsoft best practice guide, however, with that being said, this may or may not be true anymore.. Mark Parris indicates on his blog in 2009, that several factors have now changed in newer releases of Windows Server, which may or may not make the need for a empty root domain a viable best practice anymore, and you can make your own decision on what fits with your infrastructure needs/requirements.
Just to quote the final paragraph in his blog post:

Microsoft’s official stance is start with a single domain and implement new domains based on your own requirements as necessary, I can find nowhere an official statement stating the fact that the empty root domain is no longer valid; but it is widely accepted in Active Directory circles that having an empty forest root is no longer best practice – this does not mean it is wrong to implement an empty forest root – it just means that it is no longer best practice.

 

Essentially, its up to you to determine what’s best for your environment, and while having a root domain, and child domain aren’t necessarily wrong, (and still widely considered to be best practice), its not necessarily correct either – your individual requirements, and the cost of having the additional servers, and management needed to keep those servers powered, cooled, and updated, will ultimately drive what you need in your environment, and all factors have to be carefully weighed, prior to deploying your AD environment.

With that being said, back to my build. For the sake of my build, like I said, I am building a 2 host root domain, and in a later blog post, I will probably go ahead and add a child domain. (or maybe I’ll scrap it all, and just keep it simple stupid)

Assumptions:

  • All server will be deployed using Windows Server 2012 R2 Standard Edition.
  • Both of these are currently VMs on VMWare Workstation 10.
  • Basic Windows Installation is complete. NO roles or features have been installed.
  • The first DC is built as a FULL GUI installation, the 2nd, as a CORE installation.
  • Full GUI installation is Named RDC01, and CORE installation is named RDC02.
  • Windows Firewall will be disabled on both machines.
  • Static IP Addresses are set on both machines.
    • 192.168.127.130 – RDC01
    • 192.168.127.131 – RDC02

 

 Installing the 1st Domain Controller

High Level View

As many Windows guys will attest too, on earlier versions of Windows Server (2008 and earlier), it was common to start the Active Directory Installation Wizard with the dcpromo.exe executable on your first DC. Beginning with Windows Server 2012, the installation of Active Directory has been moved to Server Manager. The use of dcpromo.exe is still around (deprecated), however, its only supported for legacy automation, and requires the use of an install file.

The DC promotion process is a two-step procedure. First you need to actually install the files that the domain controller role uses, then you install the domain controller role itself.

Nuts & Bolts – Installing the Role
  1.  So, we have our firewall disabled, and we have a static IP address set. (If not,do that before proceeding any further)
  2. Navigate up to the Grey Ribbon, and locate the Manage Link, Select Add Roles and Features
    Add Role
  3. On the Window “Before you begin”, read though the information, and Select “Next“.
    before_u_begin
  4. On the Select installation type tab, Select “Role-based or feature-based installation”, Select “Next
    install_type
  5. On the Select destination server tab, your server should already be highlighted, select “Next
    destination_server
  6. Now here’s the good stuff! On the Select server roles tab, Select the check box next to “Active Directory Domain Services”
    select_roles
    An additional box will pop up prompting you to install the RSAT Tools, AD PowerShell Module, and the ADDS Tools. Leave everything selected, and select “Add Features
     additional_roles
  7. Leave the default options selected on the Select features, and select “Next
  8. ADDS Notes will appear next, Read through the notes, and select “Next
    adds
  9. Time to confirm your settings prior to installation. I have selected the Check box next to “Restart the destination server automatically if required”. Select “Install” to install the AD DS role.
    install 
    installing
Nuts & Bolts – Promoting the Domain Controller
  1. Congratulations! you now have the role files installed. Now its time to promote the server to an actual domain controller.
  2. In the notification flag in the ribbon, you should see a yellow exclamation, and if you hover, you should see a link to “Promote this server to a domain controller“. What are you waiting for, Click that link!
    promote
  3. This will open the window title “Active Directory Domain Services Configuration Wizard”
  4. Under the Deployment Configuration, we are creating a new forest, so select the bubble to “Add a new forest”, then enter the new name for your root domain in the text box. Then select “Next
    deploy_config
  5. I am creating a 2012 forest and domain, and I want to install DNS on my first Domain Controller, so I will leave the forest, and domain functional levels alone, and leave the Domain Name System (DNS) server check box selected. Type in a complex password and store it in a safe location for the Directory Services Restore Mode Password. Select “Next
    domain_options
  6. On the DNS Options tab, You will receive a warning on the DNS Options page, that’s okay! We’re installing a DNS server, so select “Next
    dns_options
  7. On the Additional Options tab, The NetBIOS name will be filled in, and should match your Domain Name. There is really no reason to change this, unless you enjoy playing evil practical jokes on your co-workers. Select “Next
    netbios
  8. On the Paths tab, Leave the Paths as default, and select “Next
    paths
  9. Review the options, and select “Next
    review
  10. Next the installer, will check the prerequisites, and if everything checks out, select “Install
    pre-check
  11. On a successful prerequisite check, you have the option to Install. Select “Installinstall_ad installing_ad

 

Nuts & Bolts – Adding the core Domain Controller

Howdy, glad you made it this far! You’re really committed and I’m proud of you. So, quick recap. We have our first Domain Controller installed and online, and we have our 2nd CORE server online, and at the cmd prompt. Because there is a little more fear in using Core mode, I will go ahead and walk through the IP addressing and disabling of the firewall for you.. I know, I’m a real swell dude!

  1. At the command prompt, type sconfig.
    sconfig
  2. (I don’t expect you really need pictures for this part, so I’ll breeze through) — This will open the Server Configuration Dialog. The first thing we will do is change the name of the system. So select #2, I named mine to RDC01.  IMPORTANT NOTE – At this point, you’ll be prompted to reboot. Hold off for now, and we’ll reboot after we set the IP address below.
  3. Next, select #8, and set your Network settings. After you are done here. (you made sure to set your primary DNS server to be the first Domain Controller correct? – if not, go back and change it..)
  4. Press 13 to restart the server
  5. After the server reboots, log back in, and next we are going to disable the firewall. The command to do this is:
    netsh advfirewall set allprofiles state off

    firewall_off

    You should get a simple reply of “Ok.”

  6. Next, just like the GUI install, we need to install the required files for AD DS. To add the ADDS service role files, we use the powershell command:
    Add-WindowsFeature AD-Domain-Services

    First, we have to switch to powershell by typing…. yep you guessed it… powershell
    start_powershell

    Then Type the command above.
    add_adds
    And watch it install the components..
    adds_installing_comp addscomp_installed

  7. After the files are installed, we need to promote and join to the existing domain. The following command is used:
    Install-ADDSDomainController -DomainName newdomain.net -Credential (get-credential newdomain\administrator)

    joinnewdomain

    You will be prompted to authenticate to the primary DC.
    join_auth

    Finally, enter the Safe Mode Password..
    safemode_pw

  8. The next prompt is simply a confirmation of what we’re about to do, so when your ready, select either [Y] or [A]
    confirm_install
  9. And watch it install!
    installing_adds
  10. With any luck, and if you followed all the steps properly, You now have a pair of Domain Controllers. 1 GUI mode DC, and 1 CORE mode DC! Yippee!

And that ladies and Gentlemen is how to install your first empty root domain on server 2012 with 1 GUI mode DC, and 1 CORE mode DC. Please feel free to leave you love/hate in the comments.

Chris

Tagged with: , , , , , ,

So, a little change from the norm, but the family was discussing the Marvel one-shots released with certain movies in the Marvel universe, and a question was brought up, what movies, and what order are these things in. So, the purpose of this post, is to link all of the one-shots in the order they were released. (I’ve only posted the 2 video’s I could find with my limited google-fu)

 1.  The Consultant (2011) — Thor


Marvel One-Shot: The Consultantby DrMalo

2.  A Funny Thing Happened on the Way to Thor’s Hammer (2011) — Captain America: The First Avenger


A Funny Thing Happened on the Way to Thor’s…by eks-diel

3.  Item 47 (2012) — The Avengers

4.  Agent Carter (2013)– Iron Man 3


Agent Carter by dake6

5.  All Hail the King (2014) — Thor: The Dark World

Tagged with: , , , , , , ,

So, most troubleshooting, involves getting the correct information, so you can even begin to look into a problem. Many application related issues, stem from a hardware issue, thus if you use Dell hardware, many times you will be asked to generate a DSET (Dell System E-Support Tool) report from the server in question.

In short, from the Dell support website link, DSET is explained as:

Dell System E-Support Tool (DSET) is a utility that collects configuration and log data for various chassis hardware, storage, software, and operating system components of a Dell PowerEdge server and consolidates the data into a .zip file.
 

On a Windows server, this is an easy task. Simply install the executable on the server, and run it inside of Windows. EasyPeasy, and no outage..

On ESX however, not quite so simple.

There is a way, to simplify the process, with only a single maintenance outage, and after complete, a DSET can be collected remotely from any other Windows system in your environment. These instructions will walk you through installing the prerequisite package on the ESXi host, and then the running of the utility from the Windows machine.

Install the Dell OpenManage Offline Bundle and VIB for ESXi. At the time of this writing, the version was 7.2, released on 3/31/2014 – http://www.dell.com/support/drivers/us/en/19/driverdetails?driverid=MMPDK Note – The OpenManage Server Admin Users guide is helpful with the installation, however, I will outline the steps below.

Using the vSphere CLI

  1. Copy and unzip the OM-SrvAdmin-Dell-Web-7.1.0-<bldno>.VIB-ESX<version>i_<bld-revno>.zip file to a directory on the system. For ESXi 5.0 and ESXi 5.0 P1, copy the unzipped file to the /var/log/vmware folder on the ESXi 5.0 U1 server
  2. Shut down all guest operating systems on the ESXi host and put the ESXi host in maintenance mode.
  3. If you are using vSphere CLI on Windows, navigate to the directory where you have installed the vSphere CLI utilities. If you are using vSphere CLI on Linux, execute the command from any directory
  4. Execute the following command:
    For VMware ESXi4.0/ESXi 4.1:

    vihostupdate.pl –server<IP address of ESXi host>-i -b <path to Dell OpenManage file>

    For VMware ESXi 5.0 U1:

    esxcli –server <IP Address of ESXi 5.0 host> software vib install -d /var/log/vmware/<Dell OpenManage file>
  5. Enter the root username and password of the ESXi host when prompted. The command output displays a successful or a failed update.
  6. Restart the ESXi host system.
  7. Do this for all ESXi hosts you may want to gather this information from.

Next, you need to download the Dell Windows DSET utility which is located here. http://www.dell.com/support/drivers/us/en/19/driverdetails?driverid=44rty

 

Once downloaded, run the installer, and move the bubble to Install DSET Components.

dsetcomp

 

 

 

 

 

 

And then select the first option to install the DSET Collector and DSET CIM Provider. dset_collect_cim

 

 

 

 

 

 

After installation has completed. Open the CLI from your Program Files.

dset

 

 

 

 

 

At the command prompt enter the follow and it will prompt for password:

C:\Program Files (x86)\Dell\AdvDiags\DSET\bin>DellSystemInfo.exe -s HOSTNAME -u root -d hw -n root/dcim/sysman -r dset-name.zip

dsetcli

 

DSET will collect the data, and wrap it into a zip archive. Upload that archive, and troubleshoot away!

Tagged with: , , , ,

Windows Server Core is an installation option for Windows Server 2012 R2. It installs fewer components and administrations options than the full installation of Windows Server 2012 R2. You manage Server Core locally by using Windows PowerShell or a command-line interface, rather than using GUI-based tools. So, where do you click, to install the VMWare tools? Short answer is: You don’t..

If you do the normal, right click on your VM, Guest, Install/Upgrade VMWare Tools,

something interesting happens.. rightclick_vmwaretools

Nothing.. That’s right, nothing happens..

So how do you install the tools?
It’s actually easier than you’d think. We use command line. I know, scary stuff.. Just 1 simple command, and a reboot.

First, change to your CD drive. Probably “D:\”. Then Execute setup64.exe.

vmtools_core_install

Lets step through what the parameters of this command are doing.

/S = telling the script to run Silent

/v = passes the parameters to the msi directly

/qn = does a silent install

REBOOT = R (This one is more of a preference. – “F” here will Alway Prompt for a reboot, and if ignored, will auto reboot, “S” will Suppress the auto reboot, and prompt, and finally, “R” ReallySuppress, won’t prompt at all. )

 

If you choose to Suppress the auto-reboot, you can always issue the following command to reboot server core.

shutdown_reboot

 

This command, simply sends the shutdown command, with the -r (reboot) and the -t (time = 1) parameters. You can leave the -t off, if you like, and the system will reboot within 1 minute.

 

Tagged with: , , , , ,

I think everyone today understands the concept of a Virtual Machine or virtualized environment.
However, in case you are not familiar with the terminology, wikipedia defines a virtual machine as follows:

A virtual machine (VM) is a software implementation of a machine (i.e. a computer) that executes programs like a physical machine.

In today’s blog post, I’m going to simply break down some of the actual files that make up a virtual machine on VMWare Workstation. (These files are identical to any of the files you would additionally find on ESX)
para-widget
A virtual machine is configured with a set of virtual hardware on which a supported guest operating system and its applications use/run. The virtual machine is nothing more then a directory, with a set of files. The virtual machine’s configuration files describe the virtual machine’s configuration, which include all of the virtual hardware, such as CPU, memory, disk, network interfaces, CD-ROM and floppy drives.

NOTE – When naming a VM, a best practice is to avoid using any special characters. That includes spaces in the virtual machines name.

Below is a picture of a test machine I happen to be tinkering with.

vmware_files

In the picture you can see a variety of file types. Except for log files, the name of each files starts with the name of the virtual machine. In this case : (<snoopy>)

A virtual machine consist of the following files:

  • A configuration file (.vmx)
  • A file containing the virtual machine’s BIOS (.nvram)
  • One or more virtual disk files. (.vmdk) The first virtual disk has files <snoopy>.vmdk and <snoopy>-flat.vmdk
  • A virtual machine’s current log file (.log) and a set of files used to archive old log entries with an incrementing number (-#.log)
  • A snapshot description file (.vmsd). This file is empty if the virtual machine has no snapshots.
  • If the virtual machine is converted to a template, and virtual machine template configuration file )(.vmtx) replaces the virtual machine configuration file (.vmx) – Not shown in picture.

The above are the most common files found. A virtual machine have other files as well. For example, there may be files for Raw device mappings (-rdm.vmdk), Snapshot state files (.vmsn), suspended state files (.vmss), team data (.vmtm) and supplemental team data (.vmxf).

There can be other files in the directory, however, those are likely only present while a virtual machine is running.

 
para-widget
For more information,

Tagged with: , , , , ,