Uploading Hyper-V VHDs to Azure

I recently had a project I was working on in which some inherited Azure VMs were missing the Azure agent and nobody knew the passwords for them. After a quick support call to MS it became apparent I would have to delete the VMs and preserve the disks, download disks, load into hyper-v and manually reset the password. In doing this I learned a few gotchas such as not being able to convert the VHD into a bootable Azure disk unless uploading through the Azure Powershell CLI. Here’s my quick how to upload disks guide.

Installing Azure Powershell

First we will need to install the Azure Powershell Module. This can be accomplished by running Powershell as administrator and entering the following:

Install-Module Azure

When prompted press choose A for yes to all. 

Note: If there is any conflict you may need to add the -AllowClobber to the end of the command above.

 

Login To Azure and Get Publish Settings File

First you will need to log into Azure by entering the following in Powershell

Add-AzureAccount

At this point you will be prompted to log into Azure. 

 

The next step will be to get an Azure Publishing Settings file. You can do this by entering the cmdlet below and then importing the file with the following cmdlet:

Get-AzurePublishSettingsFile

Import-AzurePublishSettingsFile -PublishSettingsFile “<path to file>”

 

Select Your Subscription and view Storage Accounts

At this step we will choose which subscription to use (if you have more than one) and list storage accounts so that we know where to upload the disks to. 

Warning: If you attempt to upload the VHD through the web GUI instead of using this method it will be created as a block blob not a page blob which prevents you from being able to convert it to a bootable disk for use in the gallery. The only way to do this correctly at the time of this writing is through the Powershell API.

Get-AzureSubscription

Select-AzureSubscription -SubscriptionId <enter yours here>

Get-AzureStorageAccount 

 

Uploading The Azure VHD and Converting It

At this point we are setup for the part we’ve all been waiting for. Make sure your VHD is not thin provisioned and that the VM has the Azure Agent installed and has been sys prepped (if using as a template).

Add-AzureVhd -LocalFilePath “<file path to your VHD>” -Destination “<URL of storage location with your filename after the last />”

This will create an MD5 hash and upload the disk. 

 

To convert the disk we will want to run the following:

Add-AzureDisk -Diskname ‘<name your disk something relevant>’ -MediaLocation ‘<URL where your disk lives in azure storage>’ -Label ‘<label>’ -OS <Choose Windows or Linux>

Installing Domain Controllers Via Powershell

Anyone who has ever been an AD admin has gone through the fun song and dance of standing up a new domain controller. As an avid user of PowerShell I wanted to provide a quick easy way to standup a new forest and secondary DC without “clicking it to death” rather simply using a couple of quick easy PowerShell statements.

Standing Up First DC (New Forest)
If you are adding a DC to an existing Forest you can skip this section

  • Complete pre-reqs of setting static IP, changing hostname’s etc, then run PowerShell as admin and run the following:
  • Install-WindowsFeature AD-Domain-Services
  • Once the installation has completed the binaries are installed, however the forest has not been created yet. To create a forest run the following cmdlets:

Install-ADDSForest -DomainName example.local -ForestMode <Win2003|Win2008|Win2008R2|Win2012|Win2012R2>

Adding an Additional Domain Controller

  • Complete pre-reqs of setting static IP, changing hostname’s etc, then run PowerShell as admin and run the following:

Install-WindowsFeature AD-Domain-Services

  • Once the binaries install you can promote the DC to an existing domain using the following PowerShell cmdlets:

Install-ADDSDomainController -DomainName example.local -InstallDns -Credential (Get-Credential domainadministrator)

  • Provide a safemode password as prompted

 

Thanks for reading, I look forward to our next post.

Practical Powershell Part 2 of 2

It has been almost a month since the first installment of practical powershell. It’s been an incredibly busy month of finishing my Linux + and LPIC 1 certifications. Now that those are all out of the way it’s time to get back to blogging! For this post I’ll cover several powershell topics that range from the everyday to the not so everyday including adding MAC addresses to DHCP allow lists on DHCP servers configured using the integrated DHCP failover architecture in Server 2012 and later, Adding DNS records, Backing up GPOs, and pulling some important info from Exchange 2010 such as Mailbox size listing and listing whether or not distribution lists are hidden from the global address list.

 

DHCP Whitelisting

While you can manually log into your DHCP server, open the MMC and add the second DHCP server into the MMC, this results in redundant data entry and can be prone to human error. As illustrated in the previous post we will again use the invoke-command and -scriptblock cmdlets to accomplish this task. For the same of demonstration we will refer to the DHCP servers and Server1 and Server 2. Below is an example Powershell one-liner to add this:

Invoke-Command -Computername Server1,Server2 -ScriptBlock {Add-DhcpServerv4Filter -List Allow -MacAddress 00-00-00-00-00-00 

Note that the MAC address must be written in a hyphen separated format, if you attempt to enter this with colons it will fail. Additionally if you wish to keep your DHCP allow list organized you can optionally add a description (personally I use the computer’s hostname) by adding -Description “somehostname” at the end of the above Powershell statement.

 

Adding DNS Records

While not exactly a common everyday scenario, you may find yourself in a place where you need to rapidly create numerous DNS records, perhaps this is for a new zone or you are rolling out a series of servers that will need to be added to DNS. While it is arguably easier to use the dnsmgmt.msc GUI tools, Powershell wins if you decide to script this out. The  basic powershell cmdlet for all DNS records is Add-DnsServerResourceRecord(A,CNAME,MX,etc). This most common usage will be A records since these are often the most common record types entered into DNS. The below example shows the creation of an A record for a server named DAL-MEM27 in the zone named bigcompany.com.

Add-DnsServerResourceRecordA -Name “DAL-MEM27” -ZoneName “bigcompany.com” -AllowUpdateAny -IPv4Address “172.16.2.26” -TimeToLive 01:00:00

Additional resource record types can be created in powershell as well. For more information on this, refer to any of the Microsoft technet articles associated with the topic.

 

Backing up GPOs

Let’s face it, if you’ve been a Windows administrator in an environment with more than 10 client machines, you’re inevitably using group policy to some extent. Whether it’s a handful of IE settings, mapping network drivers, running scripts, installing software, etc, your group policies have take some time, thought, and finessing. Whether it’s to protect yourself from accidental changes or deletions or GPOs or part of your DR strategy, it’s a good idea to periodically take backups of your GPOs. The first way I will illustrate below is taking a backup of all GPOs and dumping them on a share via UNC path or by referencing a local destination. If you want to automate this process, you could turn this into a powershell script and leverage task scheduler to run this backup periodically for you.

Backup-Gpo -All -Path \Fileservermygpobackups -Comment “Scheduled GPO Backup”

If you’re interested in backing up a single GPO, this can be done one either by explicitly calling the GPO by its name or by referencing it’s GUID. To find the GUID of the GPO in question, you can go to \domain.localsysvolpolicies to view the GPOs in their folder titles by the GUID name. In the example below we’ll look at backing up the GPO by GUID to a local location, followed by an example of backing up a GPO by name to file share.

Backup-Gpo -GUID yourguidhere -Domain “bigcompany.com” -Server DC-01 -Path C:BackupRepoGPOBackup

Backup-Gpo -Name DriveMapScript -Path \Fileserverdrivemapscriptgpobackup 

To restore your backed up GPOs, you can either import them or use the Restore-GPO or Import-GPO cmdlets.

 

Exchange Mailbox Size Report

For the past year and half I have worked for an organization that has ridiculously large volumes of email. This has lead to the need to audit mailbox sizes about once per quarter to identify mailboxes with extreme space usage to see if we can reduce some space either through archival or deletion of mail. The below Powershell cmldet needs to be run on the Exchange Shell (please note I have only used this in Exchange 2010 but it should also work for Exchange 2013):

Get-Mailbox | Get-MailboxStatistics | Sort-Object TotalItemSize -descending | ft displayname,totalitemsize | Export-Csv -Path C:MailboxSizeAudit.csv

If you don’t want a CSV file to be created you an simply leave off the final pipe and everything after it.

 

Exchange Distribution List Hidden From GAL True/False

In many organizations, it’s commonplace to create distribution lists for former employees and direct their mail to a supervisor and possibly anyone else who will be taking on that individuals work. However most of the time we don’t want these ex-employees cluttering up the global address list. However auditing whether or not the option to hide from exchange address book is checked or not for each distribution list is a very tedious manual process involving a great deal of clicking, cursing, and drinking coffee. Another common attribute in my environment is to ensure the require sender authentication option is disabled for ex-employee distrubtion lists. However we do want this enabled or large internal DLs to prevent spam. This simple Powershell command string below will export a CSV list that you can import into Excel and filter using table formatting to quickly and effectively audit your distribution lists and associated attributes.

Get-DistributionGroup -ID “*” | Select Name,OrganizationalUnit,HiddenFromAddressListEnabled,RequireSenderAuthenticationEnabled | Export-Csv -Path C:ReportsDL_Hidden_Status.csv

 

I’m sure this will not be the last Powershell blog post, as Powershell is a topic near and dear to my heart. Thanks for sticking with me through my almost month long absence from blogging. I look forward to dedicating more time to more frequent blogging.