PowerShell Remoting

Remoting is a feature that helps you manage Windows infrastructure in scale. It uses WS-MAN protocol implemented using WinRM. PS Remoting is enabled by default in Windows Server 2012 and later. It is recommended to turn on remoting because a lot of new graphical administrative tools are making use of PowerShell and PowerShell Remoting in the background.

Here I will be explaining remoting on systems part of same domain.

1:1 Remoting

This case is useful in managing a single system. Enter-PSSession cmdlet can be used for 1:1 remote connection.

Enter-PSSession -ComputerName AD-DNS

In the above screenshot you can see that I connected to AD-DNS from VM01 using Enter-PSSession. Once the session is established you can see the PS prompt changes to "[AD-DNS]:". This means currently you are in the command line prompt of AD-DNS. The next two cmdlets gets the IPV4 address and eventlogs of the remote machine.

1:Many Remoting

This case is useful if you want to run a specific command or task on a set of computers and get the results back to you.

invoke-command -ComputerName VM01, AD-DNS { gsv msiscsi }

What actually happens here is first a PS session is established to the remote machine. Load PowerShell and .NET and the give code is sent across the connection, execute the code on the remote machine, the resultant objects are then serialized into XML, send them across the connection, deserialize the XML to objects and place them in the pipeline of the PowerShell session.

Lets have a look at the below case where we execute gsv msiscsi on the local machine. You can see that the type name is System.ServiceProcess.ServiceController .

When you execute gsv msiscsi on remote machines by adding -ComputerName with the Invoke-Command, you can see the type name changed to Deserialized.System.ServiceProcess.ServiceController .

Another remoting use case given below where you want to check the remaining size of some specific drive on multiple machines.

PS Sessions

When you use the Enter-PSSession or Invoke-Command with -ComputerName parameter a remote session is established and it will run the task which was asked to and it will end the session when the task is complete. In case of Enter-PSSession cmdlet, the PS session will end once the user termiates the session using Exit-PSSession. So always there is an overhead of starting and ending a PS session. There is way to create persistent PS session using New-PSSession cmdlet.

$s1 = New-PSSession -ComputerName AD-DNS

Here $s1 will hold a persistent PS session to computer AD-DNS. Now you can invoke tasks remotely using the session that is already created and opened.

It is the responsibility of the user to remove the PS-Sessions after use. Otherwise it will remain opened and consume resources.

PowerShell Direct

PowerShell Direct is a new feature introduced in PowerShell version 5.1 which supports management of Windows 10 and Windows Server 2016 guest VMs running on Windows 10 or Windows Server 2016 host machines. This simply means you can establish a PowerShell session from the host machine to any of the VMs running on it by just using the VM name and it works even without network connectivity to the VM through a vSwitch. Because the connection is established not via network but over the Hyper-V VM bus. You can even use PS Direct sessions to copy files to a VM which does not have IP connectivity.

Lets have a look into the example below where I have few VMs hosted on Windows Server 2016. I will connect to one of the VM named "AD" using PS direct.

In the above screenshot you can see that a new PS session is established using the VM name. Now lets see how you can copy files to a VM over PS Direct sessions.

Hope this was useful. Happy PS remoting !

Reference ebooks:

Secrets of PowerShell Remoting
Layman's Guide to PowerShell 2.0 remoting

Reference videos:

PowerShell Pipeline and object filtering

Pipeline is a functionality in PowerShell where it allows the output of a cmdlet to be used as input to the next cmdlet in the pipeline and work with them. By default at the end of a pipeline is a special cmdlet called Out-Default. Let's have a look at the example below.

Get-Service | Where-Object {$_.Status -eq "Running"}

The above example will provide you a list of services that are currently running on your machine. Here whats actually happening is objects that are produced by the first cmdlet (Get-Service) is passed to the next cmdlet in the pipeline. The second cmdlet will filter the services that are having "Running" status and displays the final result. "$_" holds the current object in the pipeline. 

Let's go through another example to get Windows event logs for last 24 hours.

Get-eventlog -LogName System -EntryType Error -After (Get-Date).AddDays(-1) | select EventID, TimeGenerated, Message |  convertto-html | Out-File C:\errorlist.htm

As you can see this example has multiple stages where output produced by one cmdlet is passed to the next cmdlet in the pipeline. Stage 1 filters System event logs with type error in the last 24 hours. The output of stage 1 is passed to next cmdlet in the pipeline which filters EventID, TimeGenerated, and Message. Results from stage 2 are passed to the next cmdlet where it converts the result to HTML and finally passed to the last stage where the final result is written to a file.

Reference video:

Active Directory Audit using PowerShell

Most of the organizations will conduct an audit of their active directory infrastructure once in three or six months as part of a regular clean up and maintenance process. Some of the common activities involved in AD audit process are given below.

• Find all disabled objects like users, computers and service accounts
• Find all accounts which are inactive for the last 90 days
• Find all accounts with a password that will never expire
• Find all users, computers and service accounts that are expired
• Find all users, computers and service accounts that will expire in next 7 days
• Find all accounts that have been locked out

Now let's see how you can use PowerShell to obtain the above information.

Find all disabled objects like users, computers and service accounts:
Search-ADAccount -AccountDisabled | Format-Table Name, ObjectClass -AutoSize

Find all accounts which are inactive for the last 90 days:

Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | Format-Table Name, ObjectClass -AutoSize

Find all accounts with a password that will never expire:

Search-ADAccount -PasswordNeverExpires | FT Name, ObjectClass -A

Find all users, computers and service accounts that are expired:

Search-ADAccount -AccountExpired | FT Name, ObjectClass -A

Find all users, computers and service accounts that will expire in next 7 days:

Search-ADAccount -AccountExpiring -TimeSpan 7.00:00:00 | FT Name, ObjectClass -A

Find all accounts that have been locked out:

Search-ADAccount -LockedOut | FT Name, ObjectClass -A

As per company IT policies, rules and regulations they can decide what actions need to be taken against the audited items. 

Reference: docs.microsoft.com

Objects, properties and methods in PowerShell

An object is something which has a set of properties that describes it and set of methods which are the actions you can perform on it. Lets look into an example.

Get the virtual machines from a Hyper-V host: Get-VM

The result shown in the above screenshot is not just text. These are objects and associated parameters. There are 4 virtual machine objects and its associated properties like Name, State, Uptime etc. The output shows only limited properties but there are more number of properties associated with a virtual machine object.

You can find all the properties and methods available for an object using: Get-Member

Example: Get-VM | Get-Member

Here you can see all the properties and methods available. 

Property

You can select the properties as per requirement.

Get-VM | select -Property Name, IsClustered, MemoryDemand, ProcessorCount, NumaAligned, Generation, Path

To retrieve properties of a specific virtual machine object, use the below:

Get-VM -name AD | select -Property Name, IsClustered, MemoryDemand, ProcessorCount, NumaAligned, Generation, Path

You can assign this to a string variable as shown below:

$vm = Get-VM -name AD | select -Property Name, IsClustered, MemoryDemand, ProcessorCount, NumaAligned, Generation, Path

And the individual properties of that object can be retrieved too!

Method

Example: Get-Service -Name bits

To get all the properties and methods for this object: Get-Service -Name bits | gm

Note: 'gm' is alias for Get-Member

In the above screenshot you can see several methods like start, stop, refresh etc. These are actions that can be performed on the service controller object "Bits".

Below screenshot shows how to start and stop "bits" service using Start and Stop methods.

To start bits service: (Get-Service -Name bits).Start()

To stop bits service: (Get-Service -Name bits).Stop()

Hope it was useful to you. Cheers!

Avoid disasters in PowerShell

WhatIf

If you are unsure about the operation or action that is going to happen after executing a PowerShell cmdlet, use "WhatIf". This will tell you what it will do without actually doing it. So that you will have an understanding of what the cmdlet is going to perform. Consider the below PS statement. 

Get-Service | where {$PSItem.name -eq "bits"} | Start-Service

Lets assume that you are unsure of what the above statement will do. Add -WhatIf at the end and execute it.

Get-Service | where {$PSItem.name -eq "bits"} | Start-Service -WhatIf

Example: WhatIf

The above screenshot explains the operation that will perform if you execute the statement. In this case it will start the BITS service. 

Confirm

Lets consider another scenario where you want to confirm the action from the user before actually executing it straight away. You can use "Confirm" in this case. See the below example. 

Clear-EventLog -LogName System -Confirm

Example: Confirm

Get Windows event logs for last 24 hours using PowerShell

Analyzing Windows event logs is one of the daily tasks of most IT administrators. And especially if you have more number of servers in your ownership, filtering the relevant events using PowerShell will save a lot of time.

Here I am showing an example of filtering errors from System logs of last 24 hours.

Get all system event logs: Get-eventlog -LogName System
Filtering error events: Get-eventlog -LogName System -EntryType Error
Filtering again to last 24 hours: Get-eventlog -LogName System -EntryType Error -After (Get-Date).AddDays(-1)

Now you may want to select the event id, time generated and corresponding message and then write it to a html file.

Get-eventlog -LogName System -EntryType Error -After (Get-Date).AddDays(-1) | select EventID, TimeGenerated, Message |  convertto-html | Out-File C:\errorlist.htm

Reference: Get-Help Get-eventlog -ShowWindow

Microsoft PowerShell Help System

In this article I will explain briefly about the different ways of using "help" in PowerShell. "Help" is the most important and useful thing that you should be familiar with while kick-starting PowerShell (PS) learning. This post is aimed at beginners who are new to PS.

If you are using PS Version 3.0 or higher you can always update the help system online. To check the version of PS: $PSVersionTable

To update help online: update-help -Force

This will download and install latest help content on your machine.

Now, lets have a quick look at how the PS cmdlets are organized. Take the example of update-help itself and you can see its a verb-noun format. Update is a verb which is an action and help is the noun. 

If you are not sure about the different verbs available in PS, list all the verbs using: get-verb 

To find out all the 'Get' commands, you can simply use: get-help Get*

Lets pick Get-Service as an example and want to know more about this cmdlet. You can use the help system in the following ways.

Get-Help Get-Service

Get-Help Get-Service -Detailed

Get-Help Get-Service -Full

Get-Help Get-Service -Examples

Get-Help Get-Service -ShowWindow

Get-Help Get-Service -Online

Reference video: 

Managing Microsoft Windows Server infrastructure using Honolulu

Honolulu is a browser based management tool set that helps in the administration of Windows servers, failover clusters and hyper-converged clusters in your environment. Microsoft has released the evalution version few days back. You can download the .msi package from https://aka.ms/HonoluluDownload . The application manages Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 through the Honolulu gateway that you can install on a Windows Server 2016 or Windows 10. The gateway uses Remote PowerShell and WMI over WinRM to manage the servers. If you are having Windows Server 2012/ 2012 R2 in your environment and planning to manage them using Honolulu then you will need to install Windows Management Framework (WMF) version 5.0 or higher on those servers.

The installation is very much straight forward. For the purpose of testing I installed it on a Windows Server 2016. Below screenshot shows the home screen which displays all the available connections. You can use the Add button to add stand alone servers, failover clusters and hyper-converged clusters. Here I have a Failover Cluster with four nodes.

You can set the credentials required to manage your servers and clusters using the Manage As option. Once you select that option, it will ask you to provide the username and password.

You also have a drop down option on the home page to select installed solutions.

Now lets have a quick look at the failover cluster overview.

You can view various details as shown below.

Disks

Networks

Roles

You can also set the preferred owners and start up priority for your virtual machine by selecting the VM and clicking Settings button.

Preferred Onwers and Startup Priority

Failover and Failback policy

Virtual machines

This shows the total number of virtual machines and its state. The resource usage shows the total cluster resource utilization. I think it would make more sense if Microsoft adds the resource usage information in the cluster overview page. You can click on VIEW ALL EVENTS to view the events page.

Events

To manage any of the cluster member nodes, you can select the respective server and click Manage as shown below.

Nodes

It will redirect to server manager page where you have multiple options to manage your server.

Server manager

You can use the server manager page to add/ remove roles and features, manage services, create/ enable/ disable firewall rules, create vswitches, install windows updates, restart the server etc.

Reference: Microsoft 

Best practices while building a Hyper-V host

This article explains briefly about some of the best practice considerations while building a stand-alone Hyper-V 2012 R2/ 2016 host. You can use any compatible hardware, but here I will be explaining using Dell PowerEdge servers as I am working with them everyday.

1. Select proper hardware
   
   
   You have to be really careful before purchasing a server. Analyze the requirements first and work a bit on capacity planning too. For example, PowerEdge R630 will be a good choice to start with as it is a 1U system with 2 processors. It can have up to 1.5 TB memory, but generally most SMB customers go with somewhere around 128 GB. Choosing the right network controller is also very important as it directly impacts the data transfer performance of the virtual machines. If you are planning to use converged networking on the host, select appropriate adapter. I recommend using one 10G dual port network card at the minimum for a converged network configuration. If you are looking for redundancy at network card level, then you can go with two 10G dual port cards. You can also go forward with multiple dual port or quad port 1G cards as per your requirements in case of budget limitations.  
   
   
2. Number of disks, type of disks and RAID controller
   
   
   On a stand alone host, mostly customers will be using the local drives and if they need additional storage it will be provisioned from a SAN. The number of disks and the type of disks (SSD, SAS, NL-SAS etc.) will have direct impact on performance at storage level. Also, it is very important to select the right RAID controller. RAID types supported, size of controller cache, read/ write policies etc. are some of the major parameters that you have to consider while choosing the RAID controller card. Dell uses PERC (PowerEdge RAID Controller). For example, you can select PERC H730P which has 2 GB cache memory and a BBU and supports RAID levels 0,1,5,6,10,50 and 60. H710P also supports 4 KB block size disk drives. For more info please have a look at my article RAID configuration using PERC.
   
   
3. Always use and follow HCL (Hardware Compatibility List)
4. Configure out-of-band management. Dell uses iDRAC which helps you to manage your server remotely
5. Update BIOS, firmware and drivers to the latest and greatest version
6. Make sure you install all the necessary Windows updates
7. Partition style, file system and AUS (Allocation Unit Size) of the drive where VM files will be saved
   
   
   Say, you are going to save all the VM files in drive D. While creating this drive select GPT partition style. If you are running Hyper-V 2012 R2, then use NTFS file system with AUS 64 KB. If you are having Hyper-V 2016, then use ReFS with 4 KB AUS. Please refer this MSFT article for more info.
   
   
8. Always create a NIC team and select right teaming modes
   
   
   The most widely used teaming mode is switch independent + dynamic load balancing as it is the least complicated in terms of configuration and has no dependency on your switches. But if your switches support VLT (for Dell) or vPC (for Cisco) technology then the best teaming mode will be LACP + dynamic load balancing which provides you redundancy as well as aggregated throughput of all the active links in the team.
   
   
9. Use separate VLANs for different types of traffic
   
   It is recommended to use separate VLANs for management, VM traffic, iSCSI, live migration and iDRAC.
   
   
10. If using converged networking assign proper minimum bandwidths. Reference article for QoS recommendations linked here.
11. Use minimum number of vSwithes
12. Configure MPIO if adding additional storage from a SAN
13. Set jumbo frames for iSCSI interfaces 
14. Disable NetBIOS over TCP/ IP and DNS registration on iSCSI NICs
    
    Please check my post: Best practice recommendations for iSCSI network adapters
    
    
15. Enable shared nothing live migration. For more info please check my previous post 
16. If using 10G NICs make use of VMQ
    
    Please have a look at this MSFT article which provides you tips on VMQ CPU assignment
    
    
17. Add exclusions for VHD/ VHDX files from scanning if antivirus is installed
18. Run necessary stress tests to benchmark the system
    
    
    Benchmarking helps to get an overview of the IOPS numbers in the best/ worst case scenarios, so that you can provision your workload accordingly avoiding IO congestion at storage level. You can use synthetic benchmarking tools like iometer, diskspd etc. for conducting stress tests. Also go through my article:  How to calculate total IOPS supported by a disk array. But please note that these calculations doesn't take in to account on the effect of controller cache. That means the actual IOPS values while benchmarking the system will be higher than that of the values you got from the formula which is because of the effect of cache. When you select a write-back policy, all write IOs will land directly on the controller cache and will be acknowledged. Later those will be flushed to the disk array. Larger the cache size higher the IO performance. This shows the importance of choosing the right RAID controller.
    
    
19. Choose OS power plan High Performance
20. Make sure PSRemoting is enabled
21. Enable proper monitoring either using a monitoring tool or custom scripts
22. As a DR plan you can consider using Hyper-V replica
23. Enable RDP
24. I strongly recommend to create a diagram to visualize connectivity of the host to your network
25. Organize VM files and folders properly as shown below

Here all VMs are stored in E:\VM folder

Virtual hard disks, VM config files, Snapshot files etc. of each VM is organized in a proper folder structure

I hope this will be helpful if you are totally new to Hyper-V and please feel free to let me know if you have any other best practice suggestions which I missed to mention here. Cheers!

Some of the coolest features/ enhancements in Hyper-V 2016

VM compute resiliency: This will help providing resiliency to transient issues like a temporary disconnection of a cluster node due to some network issues or if the cluster service itself on the node crashes etc. The VMs will still continue working "Unmonitored" even if the node falls out of cluster membership into an isolated state. Here the unmonitored state of the VM implies that it is no longer monitored by cluster service. The default resiliency period is 4 minutes. This means the Unmonitored VMs will be allowed to run on that isolated node for 4 minutes and after that VMs will be failed over to a suitable node/ nodes in the cluster. And that particular node which is isolated is moved to a down state. The cluster service itself is now not a necessary dependency for a VM to run. As long as connectivity exists the VM will continue working.

Node quarantine: If a cluster node is isolated certain number of times (default is 3) within an hour it will be moved to quarantine state and the VMs running on it (if any) will be failed over to another suitable node/ nodes in the cluster. 

Event 1 - cluster service stopped on node A - node A isolated (down) - cluster service restarted - node A online
Event 2 - cluster service stopped on node A - node A isolated (down) - cluster service restarted - node A online
Event 3 - cluster service stopped on node A - node A down - node A quarantined

The node will be quarantined for a period of 2 hours by default. But the administrator can manually start the cluster service on that node to join it back to the cluster.

VM storage resiliency: If there is a storage interruption, the VM identifies it and it will pause all the IO's for a certain duration and once the storage is available all IO operations will be resumed. This is very helpful in case of transient storage issues, saving the VM from blue screening or crashing. If the storage path is not back online after a certain period of time, it will pause the VM. Once storage comes back it auto resumes.

VM memory run time resize: You can now increase/ decrease RAM of a running VM.

Hot add/ remove VM network adapters: VM network adapters can also be added or removed on the fly.

Cluster OS rolling upgrades: With this feature you can upgrade your Hyper-V 2012 R2 cluster to Hyper-V 2016 cluster without shutting down the cluster. You can upgrade your existing cluster in 2 ways. Either you can add new 2016 nodes to the 2012 R2 cluster, migrate workload to new 2016 nodes and evict old nodes. Or you can evict one of the existing 2012 R2 node, do a clean installation of 2016, add it back to the cluster and do the same for rest of the nodes. Once all the nodes are 2016, you can update cluster functional level to 2016.

Best practices while virtualizing Microsoft SQL servers using Hyper-V

-Limit min and max memory for SQL server
-Use fixed size VHDX
-Split data and log files into separate VHDX disks
-Use multiple SCSI controllers
-Right sizing and not over allocating resources
-Making use of multiple RAID disk groups (for sequential and random access)
-For tier-1 mission critical applications use RAID 10 for data, log files, and tempDB for best performance and availability
-For lower tier SQL workloads when cost is a concern, data and tempDB can be on RAID 5
-Use of SSDs or tiered storage for higher IOPS
-If using VMQ on Hyper-V environment, on the guest OS side you can enable vRSS for processing network load across multiple CPUs
-I prefer using fixed size memory for SQL VMs
-Exclude SQL DB related files  from (*.mdf, *.ldf, *.ndf, *.bak, *.trn) on access antivirus scan
-Disable content indexing on SQL data/ log/ tempDB drives
-Enable lock pages in memory (group policy setting)
-DB IFI (Instant File Initialization)
-Set OS power plan to high performance
-OS performance options - visual effects - adjust for best performance