Technet Edge Video: Azure Overview for IT Pros

Since Twitter came along I no longer need to use my blog for posting links to great content on the web.  However this Technet Edge Video does such a great job of explaining Windows Azure to IT Pros and the role that IT Pros will continue to have in the era of cloud computing I had to post it.

I recently wrote an article Does Cloud Computing Mean You Are Out of Work? While at the MVP Summit I briefly had the chance to discuss this issue with the interviewer in the video, Joey Snow.  Windows Azure, along with cloud computing in general, is causing significant concern among the IT Pro community regarding their future career paths.  If you are an IT Pro do yourself a favor and watch this video to get up to speed on Windows Azure and your role in it.

[mediaplayer src=’’ ]

Original Link:

Windows Server Core: Installing ADDS Role

Windows Server Core is a great option for your domain controllers.  Generally speaking domain controllers should not be doing anything else and are rarely logged into interactively anyways.  However promoting a machine to a domain controller from the command line is not as intuitive as it could should be.

This article is also very helpful if you want to script the promotion of your domain controllers.


Just like on a full server install dcpromo.exe is still used to promote a machine to a domain controller.  One of the nice features of dcpromo.exe is that if the Active Directory Domain Services (ADDS) role is not installed dcpromo.exe will add that role to your server for you.

However if you would like to install the ADDS and DNS roles before you begin the promotion process the command lines would be:

dism /online /enable-feature /featurename:NetFx2-ServerCore

dism /online /enable-feature /featurename:NetFx3-ServerCore

dism /online /enable-feature /featurename:DirectoryServices-DomainController-ServerFoundation

dism /online /enable-feature /featurename:DNS-Server-Core-Role

The full command argument options of dcpromo.exe can be found at the Microsoft TechNet documentation site.

The common arguments used in either a new domain or existing domain scenario are:

unattend Specifies that wizard will not be used (required on core). Can also specify a file location with answers required for promotion to domain controller.
replicaOrNewDomain Specifies whether to add a domain controller to a domain or configure a new domain.Replica – Add to existing domain (used if not specified)
ReadOnlyReplica – Add as RODC to existing domain
Domain – Create new domain
safeModeAdminPassword The password for the Directory Services Restore Mode account.

Creating a new Forest

The bare minimum command to create a new forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:forest

/newDomainDnsName:serk.local /domainNetbiosName:SERK

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

Remember that when you create a new Forest you are really creating a new Root level Domain so a lot of the commands will be referencing domain creation.

The common parameters used when creating a new forest are:

newDomain Specifies if you are creating a new forest, new child domain, or new tree:
Tree – Creates a new tree
Child – Creates a new child domain
Forest – Creates a new forest
newDomainDnsName Specifies the DNS name of the new domain.
domainNetbiosName Specifies the Netbios name of the new domain.
domainLevel (optional) Specifies the domain level to set this new domain to:
0 – Windows 2000 (used if not specified)
2 – Windows 2003
3 – Windows 2008
4 – Windows 2008 R2
forestLevel (optional) Specifies the forest level to set this new forest to:
0 – Windows 2000 (used on Windows 2008 if not specified)
2 – Windows 2003 (used on Windows 2008 R2 if not specified)
3 – Windows 2008
4 – Windows 2008 R2

Creating a new Domain in an existing Forest

The bare minimum command to create a new domain in an existing forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:child

/newDomainDnsName:child.serk.local /parentDomainDNSName:serk.local

/domainNetbiosName:CHILD-SERK /childName:child

/userDomain:serk.local /username:administrator /password:*

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

The bare minimum command to create a new tree in an existing forest is:

dcpromo.exe /unattend /replicaOrNewDomain:domain /newDomain:tree

/newDomainDnsName:tree.local /parentDomainDNSName:serk.local


/userDomain:serk.local /username:administrator /password:*

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

The common parameters used when creating a new domain in an existing forest are:

newDomain Specifies if you are creating a new forest, new child domain, or new tree:
Tree – Creates a new tree
Child – Creates a new child domain
Forest – Creates a new forest
newDomainDnsName Specifies the DNS name of the new domain.
parentDomainDNSName Specifies the parent domains DNS name.
domainNetbiosName Specifies the Netbios name of the new domain.
childName Specifies the single-label DNS name of this child domain.  For example you would specify child if the child domain was child.serk.local.
username Username of account to create domain in forest with.  Must be an enterprise admin account.
userDomain Domain of account specified in the /username parameter.
password Password of account specified in the /username parameter.  You can either specify the plain text password, or a * which will cause you to be prompted at run-time.
domainLevel (optional) Specifies the domain level to set this new domain to:
0 – Windows 2000 (used if not specified)
2 – Windows 2003
3 – Windows 2008
4 – Windows 2008 R2

Adding a Domain Controller to an Existing Domain

The bare minimum command to add a domain controller to an existing domain is:

dcpromo.exe /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:serk.local

/userDomain=serk.local /username=administrator /password:*

/safeModeAdminPassword:<Password for Directory Services Restore Mode>

The common parameters used adding a domain controller to a domain are:

replicaDomainDNSName If joining an existing domain then specifies the DNS name of the existing domain.
username Username of account to join domain with.  Must be a domain admin account.
userDomain Domain of account specified in the /username parameter.
password Password of account specified in the /username parameter.  You can either specify the plain text password, or a * which will cause you to be prompted at run-time.
ConfirmGc (optional) Specifies whether the new domain controller should be a Global Catalog server:
Yes – Sets the new DC to be a GC.
No – Does not set the new DC to be a GC. (Used if not specified)
replicationSourceDC (optional) The FQDN of the domain controller to replicate the domain information from during promotion.  If you do not specify a replication source an existing domain controller will be automatically chosen.

Windows Server Core: Installing Roles & Features

Once you have joined your Windows Server 2008 R2 machine to the domain you are ready to install roles and features.  Normally you would do this through server manager but in core there is no GUI so there is no server manager.

Roles and Features Available to Install

To get a list of roles and features available to install you can run the command:

dism.exe /online /get-features

dism.exe is the Deployment Image Servicing and Management Tool.  This command is available on all editions of Win7 and Windows Server 2008 R2.

/online tells dism to work on the currently active installation of Windows.  You can also point it to a stored image even if it is not currently running.

/get-features tells dism to get a list of available features and their current status.  The output of this command on my system (truncated to just a few lines) is:

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Features listing for package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~6.1.7600.16385

Feature Name : NetworkLoadBalancingHeadlessServer
State : Enabled

Feature Name : SUACore
State : Disabled

After the basic header information it shows us a feature and it’s current state.  The first two features are “NetworkLoadBalancingHeadlessServer” which is installed and SUACore which is not installed.

The list of roles and features available are at the bottom of this post along with any relevant notes next to them.

Installing a Role or Feature

To install a role or feature we use the command

dism /online /enable-feature /featurename:<Name of Feature>

To install the .Net Framework 2.0 we would use the command:

dism /online /enable-feature /featurename:NetFx2-ServerCore

Available Roles and Features in Windows Server 2008 R2 Core


NetworkLoadBalancingHeadlessServer Allows the server to be a member of a Windows Load Balancing cluster
SUACore Subsystem for UNIX
SUACore-WOW64 Subsystem for UNIX
BitLocker-RemoteAdminTool Ability to remotely administrate BitLocker on the server
DirectoryServices-DomainController-ServerFoundation Active Directory
DirectoryServices-ADAM-ServerCore Active Directory Lightweight Directory Services (better known as ADAM)
ActiveDirectory-PowerShell Active Directory Powershell Cmdlets
QWAVE QoS Support for audio and video
NetFx2-ServerCore .Net 2.0 Framework
NetFx2-ServerCore-WOW64 .Net 2.0 Framework for x86
NetFx3-ServerCore .Net 3.5 Framework
NetFx3-ServerCore-WOW64 .Net 3.5 Framework for x86
ServerManager-PSH-Cmdlets Powershell Cmdlets for Server Manager
BestPractices-PSH-Cmdlets Powershell Cmdelts for Best Practices Analyzer
PeerDist Branch Cache
VmHostAgent VDI Agent
CertificateServices Active Directory Certificate Services
SMBHashGeneration Branch Cache
FailoverCluster-Core Windows Failover Clustering

Windows Server Core: SConfig

One of the big challenges with installing Windows Server Core is that after the installation you are presented with this:

Server Core CLI

Even if you are comfortable on the windows command line (and let’s be honest here) most of us (pretty close to all of us) would be hard pressed to even set an IP address.  With PowerShell becoming very popular among IT Pros the CLI skills of the average Windows Administrator are improving but PowerShell was not available on core until R2 was released.

In my environments I try to do as much server configuration by group policy as possible so that helps a lot with manual configuration of settings.  However when using Windows Server 2008 Core you are going to have to input some fairly complex commands to get an IP address set and the server joined to the domain.  In R2 though Microsoft has included a tool called SConfig to simplify those initial configuration tasks.  When you run the command it calls itself Server Configuration, but I choose to let the “S” stand for Simple Configuration.

sconfig.exe Main Screen

As you can see the basic commands you need to get your server up and running are here for you.  Generally speaking I simply run command #2 to set the computer name, command #8 to set the IP settings, and command #1 to join the server to the domain.

After that point I like to let Group Policy take over to provide a central point for configuration settings.  If you are not in an Active Directory environment I would recommend scripting out your settings to provide consistency and easy documentation.

Windows Server Core: Overview

Beginning with Windows Server 2008 Microsoft offered the option to install the operating system without large parts of the graphical user interface (GUI).  This means when you logon to the server all you get is a command line prompt.  There is no Windows Explorer, no start menu and no Internet Explorer among others.  You want to set the IP address?  Use the command line.  Want to reboot?  Use the command line.  Want to . . . ?  Well you get the idea.


System Resources: Server core uses less disk space and less memory.  In short there is less running and less installed.  The full installation of Windows Server 2008 R2 is approximately 7.5gb, while in Core it is approximately 3gb.  The disk space savings is not a serious advantage in my mind unless we are looking at a virtual server environment where you would have dozens or hundreds of these machines using a shared resource (the physical machines storage). A default installation of Windows Server 2008 R2 (no 3rd party apps, no roles installed, etc) consumes 385mb of memory after a reboot.  The same setup but a Core install uses 255mb.  That is a 34% decrease in memory usage.  Multiply that by 100 virtual machines in a VMware or Hyper-V farm and that is a serious resource savings.

Security: Since there is simply less stuff installed there is less to patch and less to attack.  The removal of Internet Explorer alone can reduce the number of patches you install significantly.  A component not installed by Core can not be exploited which will provide significant security enhancements.

Raises Required Skill Level of IT Pro: Managing a Server Core system can be significantly harder if you are not comfortable in a command line environment.  Some readers might think this should be in the Dis-advantages section.  However I see it as an opportunity in two ways. First it sets a minimum skill level for any IT Pro working on the system.  I find Server Core is a great way to keep less experienced administrators away from your critical machines. Secondly it forces you to work smarter.  Windows administrators are plagued with never learning how to do something from the command line (and therefore being able to script it, automate, etc) because the GUI tool will get the job done faster than you can learn what the command syntax is.  Once you put yourself in an environment where you do not have a choice you quickly start to grow as a Windows Administrator.  Starting with Windows Server 2008 R2 the .Net framework is available on core and this means that powershell is available.  The best way for a Windows administrator to jump start their career and make significant gains in their productivity is to learn how to use powershell to manage your servers.


Limited Roles Available:The roles available on core are limited.  In Windows Server 2008 R2 Core the roles available are:

  • Active Directory Certificate Services
  • Active Directory Domain Services
  • Active Directory Lightweight Directory Services (aka ADAM)
  • BranchCache Hosted Cache
  • DHCP Server
  • DNS Server
  • File Services
  • Hyper-V
  • Media Services
  • Print Services
  • Web Server (IIS)
    • Note: In Windows Server 2008 the .Net Framework is not available so that means no sites.  In R2 the framework is available.

If you are looking to run a role that is not on the list above you will not be able to use core.  Some common examples are Terminal Services, WSUS, Windows Deployment Services and any other not on the list above.

.Net Framework: As noted in the above section the .Net Framework is not available on Core until R2.  The most notable places this is an issue is if you want to run sites or if you want to use PowerShell.  Both of these are pretty painful because core makes a great OS for a web server farm and PowerShell makes a great command line interface to manage an OS from. However unless you have licensing issues preventing you from upgrading there is no reason not to move to R2.  Think of R2 as a really good service pack.  It is an incremental upgrade so it’s already heavily tested, it has a good track record already, and it provides a lot of polish that Windows Server 2008 was missing (such as the .Net Framework on Core). As long as I am encouraging you to upgrade to R2 take note that it is only available in x64 so that means if you have REALLY old hardware you will not be able to run R2.  Also watch out for some 3rd party apps which have not updated their products to officially support R2.  For example VMware (ESX, workstation, etc) has to be upgraded to a certain version to officially support R2 (although I have seen it work on versions that supports Windows Server 2008).

3rd Party Applications: Some third party applications simply do not work without a GUI.  Make sure that your anti-virus, backup agents, monitoring agents, inventory agents, etc will install and allow you to do any management you need to do within core.  One piece of software that is notorious for keeping people off of core is network card management software.  If you want to (for example) team a pair of network cards using the Intel or Broadcom software last I heard those do not work on core.


Windows Server Core in the right situations is a great operating system.  Keep an eye on this blog over the next few weeks as I will be publishing some details on how to manage the core operating system.

Hibernation Enabled in Windows Server 2008

I think Microsoft made a mistake by having hibernation enabled by default on Windows Server 2008 and above.  Hibernation is an amazing feature on laptops, even on workstations sometimes.  However I have never seen hibernation used on a server.

What bothers me about hibernation being enabled is that it creates a hibernation file that is the same size as your memory.  It does this because the hibernation process writes the contents of the memory to disk so that the machine can be powered off.

On physical servers this is not a serious issue because disk space is rarely an issue.  However on virtual machines disk space for each guest is sometimes dialed in pretty tightly and so a large useless file like that can really be problematic.  If you are so inclined it is extremely easy to disable hibernation from the command line:

powercfg –h off

Where appropriate I use a group policy object to run this command on login for my servers or at the very least disable hibernation on VM templates in my environments.

Does Cloud Computing Mean You Are Out of Work?

I was recently asked on Twitter if I thought that cloud computing was going to mean less work for IT Pros.  Here are my thoughts in bullet point format for easy consumption:

  1. The computer meant less work for all kinds of office workers who’s jobs were replaced by computers.  However companies that brought in computers became more efficient, grew as a business, and quickly had more (better?) work for those employees to be doing.
  2. Java/C# is more efficient (from a labor perspective) and less error-prone than C/C++ which is more efficient and less error-prone than assembly.  We use these better “tools” to produce better and less error-prone programs with a lot less effort.
  3. When NT started to replace Novell it left a lot of systems administrators who did not update (upgrade?) their skills with limited work options.  In this industry we are expected to almost continually be updating our skill set.  When anyone working in technology stops learning they quickly become less and less relevant.

Do I think that a drastic shift to cloud computing will mean those at the bottom of the IT Pro totem pole will be in trouble?  Yes.  Does that bother me?  No.  The IT Pro profession is not going anywhere.

  1. The cloud vendors are going to need people to run their clouds, and they are going to need highly skilled, highly paid, and highly respected IT Pros to do that job.  IT Pros that install the operating system from a CD need not apply.
  2. I am an IT Pro but by and large the job I do is not being replaced by the cloud.  I architect IT solutions to meet business needs.  Cloud Computing has just given me another tool to offer my clients to meet those needs.
  3. The IT Pros that right now do a job that a script could do in a fraction of the time are giving us all a bad name.  If I was paying someone to create accounts all day I would not be happy.  I would much rather pay someone like me (and hopefully you) to automate that process based off of HR data (just as an example).

Cloud Computing is a new technological challenge we are faced with.  Learn to adapt.  Stop trying to determine how to hold onto the job you have and start trying to determine how to get the next job that you want.