Tuesday, 25 June 2013

System Center 2012 R2 Preview - Download and Extract Script

Well, System Center 2012 R2 Preview is here a day earlier than I expected.

Eskor Koneti posted a list of the direct download links to the preview bits here:

So I thought I'd wrap them quickly into a PowerShell script that downloads and then extracts all the components ready for install.

I've commented out the DPM download and install as for me it wasn't downloading correctly (either manually or via the script) but feel free to try it.

The script has no error checking and I know could be much smoother, but hey, it's not even 8am here in the UK so what do you expect!

$dwnld = "E:\System_Center_2012_R2"
 if (!(Test-Path -path $dwnld))
  New-Item $dwnld -type directory
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCCM_SCEP.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCCM_SCEP.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCOM.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCOM.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCVMM.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCVMM.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCSM.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCSM.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCO.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCO.EXE")
$object = New-Object Net.WebClient
 $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCAC.exe'
 $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCAC.EXE")
#$object = New-Object Net.WebClient
# $SCCMurl = 'http://care.dlservice.microsoft.com/dl/download/evalx/sc2012/SC2012_R2_PREVIEW_SCDPM.exe'
# $object.DownloadFile($SCCMurl, "$dwnld\SC2012_R2_PREVIEW_SCDPM.EXE")
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCAC.EXE" -Wait -ArgumentList /DIR="$dwnld\SCAC", /VERYSILENT
#Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCDPM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCDPM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCO.EXE" -Wait -ArgumentList /DIR="$dwnld\SCO", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCOM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCOM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCSM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCSM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCVMM.EXE" -Wait -ArgumentList /DIR="$dwnld\SCVMM", /VERYSILENT
Start-Process -FilePath "$dwnld\SC2012_R2_PREVIEW_SCCM_SCEP.EXE" -Wait -ArgumentList /Auto, "$dwnld\SCCM"

Monday, 17 June 2013

Microsoft's "Blue" or R2 Wave

In 9 days we're due to get the Beta versions of Microsoft's next wave of releases (Formerly known as Blue) for Windows 8.1, Windows Server 2012 R2 and System Center 2012 R2.

I'm going to leave Windows (Client and Server) to one side for now as there's enough coverage of those features, but what's publically known in terms of new features and changes for System Center?

So far for System Center 2012, it's been mainly SCVMM features announced, along with some ConfigMgr and Intune details.

Virtual Machine Manager (SCVMM)
  • Management of physical network switches via OMI
  • OOB Service Templates to provision other System Center 2012 R2 components
  • OOB Service Template for Network Virtualisation Gateway with Windows Server 2012 R2
  • Use ODX deployment capability from Libraries sharing the same SAN
  • First node in a tier can run different scripts - helps deploying guest clusters
  • Better Windows Server 2012 IPAM integration
  • Shared VHDX support for guest clustering
  • Dynamic VHDX resizing
  • Linux Dynamic memory support
Configuration Manager (ConfigMgr)
  • Deploy and manage Windows 8.1 and Windows Server 2012 R2
  • Provision certificates, Wi-Fi and VPN profiles
  • Deploy links to web applications
  • RBAC Reporting control
  • Create and modify offline VHD Images
  • Publish VHD to SCVMM for use with templates
  • Auto VPN configuration
  • VPN and Wi-Fi profile configuration
  • Single pane of glass for both Mobile and Devices via Intune into ConfigMgr
  • More MDM policy configuration options
  • Selective wipe rather than just full device wipe
  • The new Server 2012 R2 Work Folders feature configuration
I suppose we're just going to have to wait until next week to get our grubby mits on more information and the ability to have a play.

Wednesday, 12 June 2013

Seize FSMO roles in Server 2012

One of the beautiful things of a test lab is getting to try things you might not get chance to do in a production environment.  So when my main Domain Controller went pop the other day, rather than work on bringing it back online I saw a good chance to test seizing the FSMO roles with PowerShell.

Previously the main way to seize the roles was using the Ntdsutil in Server 2003 & 2008.

Since PowerShell is now my weapon of choice I thought it would be useful to quickly document the method.

Move-ADDirectoryServerOperationMasterRole is the command that is used for this task.  More information on the command can be found here:

You can use either the Role Name or Number to specify which role to move, this table shows the details:

Operation Master Role Name
Use the -Identity switch to specify the target Domain Controller and the –OperationMasterRole to specify which role to transfer. I've also used the -Force command as my current FSMO holder is offline.
I'll be moving all the roles to a target DC called TLDC02.
N.B. To move the SchemaMaster role you'll need to be a member of the Schema Admins group.  My account was also a member of Enterprise Admins when I ran this.
  1. Logon to a working Domain Controller and launch an elevated PowerShell session.
  2. Type: Move-ADDirectoryServerOperationMasterRole -Identity TLDC02 -OperationMasterRole 0,1,2,3,4 -Force

  3. Either type Y on each role move prompt, or type A to accept all prompts
  4. After a while, all the roles should be successfully moved.
Last thing, a couple of PowerShell command just to list the FSMO roles and who now owns them:

Get-ADForest DomainName | FT SchemaMaster,DomainNamingMaster
Get-ADDomain DomainName | FT PDCEmulator,RIDMaster,InfrastructureMaster

One thing to note, only seize the roles if you have no intention of bringing the original holding Domain Controller back online.  Domains don't tend to like having two FSMO role holders...

Tuesday, 11 June 2013

Intune common logon without ADFS (Aka Password "sync")

Recently Microsoft released a new version of it's DirSync tool that enables organisations to synchronise it's Active Directory (AD) User accounts across into the Azure Directory Services used by Intune, Office 365, CRM etc.

This has previously only enabled organisations to reduce the administrative burden of having to recreate all of their accounts for those users they wanted to access online services, but they then had to either issue separate passwords or implement Active Directory Federation Services (ADFS) to offer a truly seamless single sign-on experience for the users.

With this latest release from Microsoft, they have now introduced the ability to also push passwords up into the Azure DS.  Notice the push aspect, not synchronised as the password cannot be changed in the cloud and replicate back into your AD.

While I wouldn't class this as true Single Sign-on (SSO) as your still effectively authenticating against a different directory service, it's still a great option for Microsoft to have added, giving great flexibility for those organisations that want to take the first steps or who can't/don't know how to deploy ADFS.

Nothing has majorly changed during the install (New Azure logo and Install Directory), so rather than re-inventing the wheel, check out the post link below that I did for installing DirSync. I've then run through the differences in the new version below the other post link.


The first thing to note is that you cannot "upgrade" the client as you will be presented with a dialog blocking you from continuing if an older version is installed, so remove the old version first.

The main installation/configuration screen change is this one, which provides the option to push your passwords up along with your users.

Tick the option box to Enable Password Sync and that's it done!

The user account sync element still runs on a 3 hour schedule, but passwords are set to sync within minutes of a change in your local AD.

Intune users can find the new version of DirSync at this link (Requires sign on with an Intune Admin Account):

The TechNet Library article on Implementing Password Sync can be found here: