Installing and Upgrading to Microsoft Server 2012 - Considerations

Installing and Upgrading to Microsoft Server - Considerations

There are several considerations to take into account when upgrading to Server 2012. This article is not so much a how to on how to perform an upgrade, but more a guide on some tips and strategies that can be used to make the move easier for you and your organisation.

Upgrade or Fresh Install?

Server 2012 is the first Microsoft Windows Server that allows you to perform an upgrade instead of needing to perform a fresh install. To be eligible for this feature, the existing operating system needs to be Server 2008 or 2008 R2, both 64 bit.

Also for consideration is if the hosted services and applications on that server are capable of handling an upgrade. For this its best to contact the provider or manufacturer directly. In some cases, it may be possible to test this, especially if you have a relevant test environment. Serious consideration needs to be given to Active Directory and also Microsoft SQL server implementations.Other services that need intense considerations include Federated Services and MS Clustering. Microsoft produces several guidelines that can be obtained on their website and are updated regularly.

These reports an be exported as a Word doc and then provided to relevant managers or seniors for approval.

Planning an Implementation

There are several considerations when planning a Server 2012 deployment as follows:

Practice Makes Perfect

Be sure to test the installation in a VM and be familiar with the processes and what you need. There are several free / cheap hypervisors availiable today including VMWare  Workstation as well as Microsoft Hyper V Server. a trial copy of Windows Server 2012 can be downloaded from the Microsoft Website

Preparing for installation

Microsoft Produces the MAP toolkit as a means to verify (in some detail) whether existing systems are a good candidate for upgrade, and if not why not. This is a free downloaded from Microsoft and can be accessed from here : http://technet.microsoft.com/en-us/library/bb977556.aspx

Beyond the MAP toolkit you will want to be sure that the hardware proposed at least meets the minimum requirements for handling Server 2012. Ideally you will have hardware that exceeds these requirements and also satisfies the requirements for the applications that are to be hosted on the server. A the time of writing the min requirements are:

• CPU - 1.4 GHz 64 Bit
• RAM - 512 MB
• Disk Space - 32 GB

Timing is everything - if you are performing an upgrade make sure that you are doing so in a time that is acceptable to business (perhaps a dedicated maintenance window). taking a system off line in production is not going to make a lot of people happy. Also make sure that you have an up to date and verified backup of any systems that you are tinkering with.

Mass Storage (and other) Drivers

Server 2012 requires digitally signed drivers, and non signed drivers can cause issues in setup. To aleviate this, you can disable this requirement by: Pressing F8 at Startup -> Advanced Boot Options -> Disable Driver Signature Enforcement -> load windows and install driver

F6 is pressed during installation to enable installation of mass storage drivers during install. these may be needed for RAID and other associated disk devices.

  

Delegate Authority in AD to add and remove computers

Delegate Authority in AD to add and remove computers

Delegation of Authority in AD is a good idea to manage the level of access given to technicians. Normally, authenticated users within the AD environment (i.e users) can add up to 10 machines to a domain. after this, the privilege is revoked.

When configuring these settings, it is advisable to set only on the OU's that you wish to delegate the authority on. Many times, its too easy to just want to save time and effort and set this at the top level of the domain, however this will come back to bite you big time if your help desk lackey deletes your domain controllers......

In order to configure the delegate authority to add and remove AD computers do the following:

1. Open up AD users and computers and navigate to the OU that contains the workstations / servers that you wish to delegate. 
2. Right click on the OU and select Delegate Control
3. click Next past the welcome screen
4. select the group  you wish to delegate access too, e.g. a group named helpdesk or level1_techs etc.
5. choose create a custom task to delegate and choose Next
6. select only the following objects in the folder and then select Computer Objects as well as the tick boxes Create selected objects in this folder and Delete Selected objects in this folder. Choose Next
7. In the Permissions window, select:
1. Create all Child Objects
2. Delete all Child Objects
3. Read All Properties
4. Write All Properties
5. Change Password
6. Reset Password
7. Validated Write to DNS Host Name
8. Validated Write to Service Principal
8.  Note that several other sub settings will be enabled after choosing the above settings. Leave these as they are and choose Next
9. Choose Finish to finalize the settings.

And that's it! As always, you should now thoroughly test these settings prior to distributing to them the required users to ensure that they have the required level of permissions (ie not too many and not too few). an easy way to test this would be to get the user to add or re add a workstation to the domain.

of course there are several other things you can do with delegation of authority including assigning permissions for user creation many other settings.

The above article discusses how to delegate authority in a Windows Active Directory domain for adding and removing workstations or computers.

This article can also be located on our sister site DizzyIT.com at http://dizzyit.com/2013/05/23/delegate-authority-ad-add-remove-computers/

Windows 2008 Sever Core / Dos Networking Netsh Commands

Windows 2008 Sever Core / Dos Networking Netsh Commands

Some Common command line tools for Networking in Server 2008 and Dos:

• to set IP in Dos / 2008 server core: netsh interface ipv4 set address name=2 source=static address= mask= gateway=
• use netshell to verify the "name" of the interface: netsh interface ipv4 show interfaces
• to set DNS server IP in server core: netsh interface ipv4 add dnsserver name=2 address= index=1
• to name a server in server core: netsh renamecomputer %computername% /newname: /userd: /passwordd: /reboot:0  .  Note: the dd in passwordd is not a mistype, its the spelling that is used the reboot:0 will force the machine to reboot
• to join a domain:
  netdom join %computername% /domain: /username: /passwordd /reboot:0
• 
  
  to disable firewall: netsh advfirewall set allprofiles state off
• 
  
  use ocsetup command to add / remove roles
• to uninstall DNS: ocsetup DNS-Server-Core-Role /uninstall
• to uninstall DHCP: ocsetup DHCPServercore /uninstall
• to enable remote management so it can be be administered from remote computer:  
  1. WinRM quickconfig (on the remote comp)

Using Powershell to get export of AD users

Using Powershell to get export of AD users

Firstly, you need to import the Power Shell  command tools for AD

import-module activedirectory

Once this has been done, then run this command:

Get-ADUser -filter * -searchbase "OU=blah,OU=blah, ,DC=contoso,DC=microsoft,DC=com" -Properties given

Name, sn, sAMAccountname | select-object givenName,sn,samaccountname,distinguishedname | export-csv accountnames.csv

You can edit this for different results as required.