Managed Service Accounts (For Single Machine)

PowerShell is required to create a service account. Once created it can be managed  in the GUI.


#Create the MSA

New-ADServiceAccount -Name MyAppSrv -RestrictToSingleComputer

#Add the Machine to be used with the account

Add-ADComputerServiceAccount -Identity SRV-01 -ServiceAccount MyAppSrv

#You can test to see if it is working (it won't... yet)

Test-ADServiceAccount -Identity MyAppSrv

#Finally, install the account and test again

Install-ADServiceAccount MyAppSrv

Test-ADServiceAccount -Identity MyAppSrv

#Next, Configure the service to use the account.

Go to your service you wish to run on a service account, on the logon tab, set the credentials for the service as a network account. Use the browse button to find your MSA. Remove the pre-populated password from the fields and save.



Installing and working with Windows Containers in Server 2016

Installing Docker

First, Install "Containers" Feature from Windows Features.

Run PowerShell as administrator:

## Install the module, pull down from internet
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
##Say yes to install Nuget

## Install the package
Install-Package -Name Docker -ProviderName DockerMsftProvider
##Confirm install.


Installing the base OS

You can do this either in PowerShell or CMD (as admin)

docker pull microsoft/nanoserver
docker pull microsoft/windowsservercore

Containers are created in the file system here: C:\ProgramData\Docker\Containers

Here are some basic commands:
docker images - Shows the current images available.
docker run -it mimcrosoft/nanoserver cmd - Runs a new container with a nanoserver base and runs CMD. You can see the container running in C:\ProgramData\Docker\Containers. If you type "hostname" you'll see the hostname is infact a new one, not the name of your physical host.

docker ps -a - Shows all containers currently running on the server and the container ID.

If you "exit" from the cmd, this will stop the container since no processes are running.

If the container stops, you can start it again with:
docker start <containerid>

If you wanted to get into a cmd in the container again you could do:
docker exec -it <containerid> cmd

docker commit <containerid> <name>
docker commit 11dfds1sf1 containerone

docker run --rm <name> <command> -- --rm removes the container once finished.

Setting up Failover Clustering | Server 2016 via PowerShell

Servers in this example:

DC1 - Domain Controller

FS1 - File Server for Shared Storage

Cluster-Host1 - Cluster Node

Cluster-Host2 - Cluster Node

Here is the required networking for this lab:

Production Network - | DC, FS1, Cluster-Host1, Cluster-Host2

Cluster Network - | Cluster-Host1, Cluster-Host2

Storage Network  - | FS1

First we set up the required storage, iSCSI on the file server. This will consist of the shared storage for whatever App and a Quorum disk. Both disks should be formatted as NTFS (this will be done in the powershell below. The PowerShell commands are making use of the Invoke-Command cmdlet, to enable us to run these commands from a domain joined computer with the right admin credentials. Only one of the last two commands are required, depending on if your setting up a domain based cluster or not.

NOTE: During this process in Server 2016 from a Windows 10 Machine running RSAT, I had issues using the GUI to set this up. See for details. 


## iSCSI Initiators (pre-target) ##

# start iscsi initiator service on both nodes
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-Service *iscsi* | Set-Service -StartupType Automatic -PassThru | Start-Service }

# view iscsi initiator addresses
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-InitiatorPort }

# create iscsi target portal for discovery
Invoke-Command Cluster-Host1,Cluster-Host2 { New-IscsiTargetPortal -TargetPortalAddress }

## iSCSI Target ##

# create iscsi lun
Invoke-Command FS1 { New-IscsiVirtualDisk -Path C:\DataDisk.vhdx -SizeBytes 100GB }
Invoke-Command FS1 { New-IscsiVirtualDisk -Path C:\QuorumDisk.vhdx -SizeBytes 1GB }

# create iscsi target
Invoke-Command FS1 { New-IscsiServerTarget -TargetName CL-Target -InitiatorIds "","" }

# assign luns to target
Invoke-Command FS1 { Add-IscsiVirtualDiskTargetMapping -TargetName CL-Target -Path C:\DataDisk.vhdx }
Invoke-Command FS1 { Add-IscsiVirtualDiskTargetMapping -TargetName CL-Target -Path C:\QuorumDisk.vhdx }

## iSCSI Initiators (post-target) ##

# update discovery portal with new target information
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiTargetPortal | Update-IscsiTargetPortal }

# view iscsi targetGet
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiTarget }

# connect initiators to target
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiTarget | Connect-IscsiTarget }

# force the connection to persist (across reboots)
Invoke-Command Cluster-Host1,Cluster-Host2 { Get-IscsiSession | Register-IscsiSession }

##Connect to ONE of the cluster hosts to format the disks. Repeat for each disk. Label Witnes as W and data D.

# view disks

# initialize disks as GPT
Initialize-Disk -Number 2 -PartitionStyle GPT

# view partitions

# partition an entire disk
New-Partition -DiskNumber 2 -UseMaximumSize -Driveletter D

# view volumes

# format with a file system
Format-Volume -DriveLetter I -FileSystem NTFS -AllocationUnitSize 4096 -NewFileSystemLabel "IT Data"

## Failover Clustering ##
# install failover clustering feature on both nodes
Invoke-Command Cluster-Host1,Cluster-Host2 { Install-WindowsFeature Failover-Clustering,RSAT-Clustering-PowerShell }

# run cluster validation
Test-Cluster -Node Cluster-Host1,Cluster-Host2

# create a new cluster (single domain)
New-Cluster -Name Cluster1 -Node Cluster-Host1,Cluster-Host2 -StaticAddress -IgnoreNetwork,

# create a new cluster (multi-domain/workgroup - no network name)
New-Cluster -Name Cluster1 -Node Cluster-Host1,Cluster-Host2 -StaticAddress -AdministrativeAccessPoint Dns


Data Deduplication

PowerShell Commands for handing Data Deduplication:

# install data deduplication
Install-WindowsFeature -Name FS-Data-Deduplication

# dedup evaluation tool
ddpeval U:
ddpeval I:
ddpeval V:

# enable data deduplication
Enable-DedupVolume -Volume V: -UsageType HyperV

# view and set volume-wide settings
Get-DedupVolume -Volume V: | Format-List *
Set-DedupVolume -Volume V: -MinimumFileAge 0

# manually run optimization job
Start-DedupJob -Type Optimization -Volume V: -Priority High -Memory 100 -Cores 100

# monitor running jobs

# view overall status
Get-DedupStatus | Format-List *

# view and set schedule
Set-DedupSchedule -Name ThroughputOptimization -Enabled $false

# disable deduplication
Start-DedupJob -Type Unoptimization -Volume V:


Configure a Storage Replica | Server 2016

The below PowerShell commands can be used to configure a Storage Replica.

# install storage replica feature on replication partners
Invoke-Command -ComputerName FS1,FS2 -ScriptBlock { Install-WindowsFeature -Name Storage-Replica,FS-FileServer -IncludeManagementTools -Restart }

# test out a potential partnership
Test-SRTopology -SourceComputerName FS1 -SourceVolumeName R: -SourceLogVolumeName L: `
                -DestinationComputerName FS2 -DestinationVolumeName R: -DestinationLogVolumeName L: `
                -DurationInMinutes 1 -ResultPath c:\logs -IgnorePerfTests

# create a storage replica partnership
New-SRPartnership -SourceComputerName FS1 -SourceRGName FS1RG -SourceVolumeName R: -SourceLogVolumeName L: `
                  -DestinationComputerName FS2 -DestinationRGName FS2RG -DestinationVolumeName R: -DestinationLogVolumeName L:

# view replication status
Get-WinEvent -ProviderName Microsoft-Windows-StorageReplica

# add some files to the source volume
"Hello!" > r:\file.txt
"Was it me," > r:\file2.txt
"you were looking for?" > r:\file3.txt
fsutil file createnew r:\file4.dat 1000000000

# reverse replication
Set-SRPartnership -NewSourceComputerName FS2 -SourceRGName FS2RG -DestinationComputerName FS1 -DestinationRGName FS1RG

# remove replication and clean up
Get-SRPartnership | Remove-SRPartnership

Invoke-Command -ComputerName FS1,FS2 -ScriptBlock {
    Get-SRGroup | Remove-SRGroup