Excalibur and Orchestrator Magic

When Citrix released Excalibur they also included a whole bunch of Powershell which allows you to run Powershell cmdlets to alter anything.
If you are inside the Studio console you can see that there is a PowerShell window there, which shows all of the cmdlets that you have run.

and how does this help ? With the combination of Orchestrator, we can add automation to the equation.
What if we could automate the assignment of application to users via Orchestrator? and we could also add an approval workflow if we used it with Service Manager.
If a new users want a set of 20 new desktop for his or hers company we could create a new workflow which would run a PowerShell script against MCS and do this automatically.
However, I’m not going to go ahead of myself here, this is a start post to show what we can do with the provided PowerShell modules.

First I’m going to show how to import the modules that Citrix provides in this release.
Head over to the Studio server and open Powershell ISE
From there you can run this import commands.

There are more modules but these cover most of the administrative tasks.
If you refresh the ISE modules list now, the Citrix components will show up.

If we created a simple “Publish Application task” We can use the New-BrokerApplication to publish notepad.

New-brokerApplication -CommandLineExecutable C:\windows\notepad -displayname notepad -Applicationtype HostedonDesktop

NOTE: A bit of advice if you are unsure of how the cmd should look like, create an application with the wizard and extract the info after using the get-brokerapplication cmdlet.
Now we have a functional PowerShell cmd to publish Notepad to the studio.

So we know now that we have to import the modules first, then we can run the command to publish notepad, but how do to this via Orchestrator?
First set set-executionpolicy unrestricted on the Studio server.

And your script should be saved.

Now we simplest way is to use the Run Command activity in Orchestrator

I saved the script file locally on the Studio server, and the script looks like the output from the PowerShell ISE above.
So when I run this runbook what happens ?

This just publishes the application in Desktop Studio, it still isn’t assigned a user yet, that requires a bit more in PowerShell ill come back to that later this is just to show the abilities you have with Excalibur and PowerShell

Automating Configuration Manager 2012 SP1 with PowerShell

First part of this series, I showed how you could run and install all the necessary prerequisites silent and automated, this time I will write a bit more instead of just adding the commands.
In Service Pack 1, Configuration Manager will finally include cmdlets for PowerShell this allows for a scripted and automated setup process. Therefore I took the liberty of creating this post which will show you how-to.

Now with this you can actually create a script for a new customer (If you already have knowledge of the customers infrastructure) with contains all the necessary you need to setup a fully site. Then where you are at the customer, run the script and take the rest of the day of.

Now what do we need in order to setup a fully Configuration Manager site?

We need a boundary group (Which contains a boundary, refer my earlier post –> ) Which again contains a distribution group and is assigned a site.
And we need to activate discovery objects to fetch information such as Users, Group, Computer objects.
We also need to setup AD publish (In case we did a manual ConfigMgr site agent install we wouldn’t have to setup this but for the administration ease we are going to do so)
Next we are going to Create Computer Collection which is going to include our test servers. We are also going to Create User Collection b
After that we are going to Create an application which we are going to deploy to our computer collection

All using PowerShell.
Now in order to start PowerShell against Configuration Manager, just click the file button inside the Console and press the Connect using PowerShell.

You can use the get-command –module ConfigurationManager to show all the commands available for Configuration Manager
You can also use the get-help cmdlets if you are unsure of the parameters that you need to use.
Also you can use the get-help cmdlets –examples if you want to show some examples.

NOTE: Will trying to get this fully automated, I find its hard with the current release of the PowerShell cmdlets but still I’ve gotten far.  So this post will be updated periodically.

Create a new Boundary: New-Cmboundary -type ADsite -value “Default-First-Site-Name”

Create a new BoundaryGroup: New-CmboundaryGroup -name Test -DefaultSiteCode TST

Add boundary to group: Add-CMBoundaryToGroup -Boudaryid 16777218 -GroupName “Test”

I got this BoundaryID using Get-CMboundary since the command didn’t parse the value ID properly.

You can use the Get-Cmboundary and Get-CmBoundaryGroup to view the values. And you need to add the site code to the command so it assigns
that as the default site for the boundary group.

Get info from Active Directory Forest: New-CMactiveDirectoryForest -ForestFqdn demo.local -EnableDiscovery $true

Install Configuraiton Manager Agent: Install-CMClient -DeviceName ConfigMgr -includeDomainController $false -AlwaysInstallclient $false -SiteCode TST

Create a new device collection: New-CMdevicecollection -name “My Servers” -LimitingCollectionName “All Systems” -RefreshType Manual

Still more to come

Windows Server 2012 deployment via PowerShell

Now with the release of Windows Server 2012, Microsoft has added a huge huge huge improvement in PowerShell, there are about 2400 cmdlets available, and Microsoft have said that there are more to tome.
Just to display how easy it is, I thought Id give a walkthrough deployment of a simple Server 2012 farm.
Including
1x AD Domain Controller
1x RDS server session deployment with remoteapps.
1x File Server using data DE duplication and used for serving the user profile disks on the RDS server with NIC teaming. And Having 3 disks in a storage space and volumes using disk parity.

Now we are going to host all of these 3 servers on a WS2012 Hyper-V server. So first of we create a virtual network where these hosts are going to be.

First we create the switch

New-VMswitch –name vm-switch –switchtype internal

Then we create the first virtual machine and add it to that internal network.

New-VM -NewVHDPath e:\vm\ad.vhdx -NewVHDSizeBytes 20GB -BootDevice CD -MemoryStartupBytes 2GB -Name AD
Remove-VMNetworkAdapter –VMName AD –Name “Network Adapter”
Add-VMNetworkAdapter -VMName AD -Name “Network Adapter” -SwitchName vm-switch

After that we can boot the first computer. This is going to be our domain controller, and for the purpose of this demonstration we are going to install this as a Server Core server. (Server Core is a stripped down server which basically gives you an command prompt that you can work from.
IF you wish to manage the server you either need to use sconfig, PowerShell or Server Manager

If you wish to install full GUI on it afterwards you can do this using the commands

Install-WindowsFeature server-gui-mgmt-infra,server-gui-shell -source:wim:d:\sources\install.wim:4 –restart

If you look at the last command there you see that I needed to specify the source (Because when I install with Server Core it removes all the unnecessary binaries from the install so you need to insert the installation media and in my case it was ISO file on the D: drive.  And I also needed to specify the install WIM file and the WIM file contains the images for Datacenter and Standard Core and with GUI so the number 4 states Datacenter with GUI.

When the server is up and running we have to configure the network, domain name and such.

New-Netipaddress –ipaddress 192.168.0.1 –interfacealias «Ethernet» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses 192.168.0.1
Rename-computer adds
Restart-computer

This will add the IP address of 192.168.0.2 on the interface Ethernet with a subnet mask of 255.255.255.0 /24
And set the DNSclient to itself (since the ADDS installs DNS as well)
Renames the computer ADDS and does a restart.

After that we install ADDS. This is the simplest setup and uses most of the default values.

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSForest –DomainName test.local
Restart-computer

This will install a ADDS domain service on this server (as well including DNS server) with the domain name of test.local
after that you have to restart the computer. When the server is finished booting, you have a fully functional domain server so now its time to install the RDS server.

New-VM -NewVHDPath e:\vm\rds.vhdx -NewVHDSizeBytes 20GB -BootDevice CD -MemoryStartupBytes 2GB -Name RDS
Remove-Vmnetworkadapter –Vmware RDS –name “network adapter”
Add-VMNetworkAdapter -VMName AD -Name “Network Adapter” -SwitchName vm-switch

So now we run the same create vm command as we ran before just change the name and file name.
We install a full server with GUI this time since we want the remote desktop users to get a full desktop
After the server is finished installing we need to setup the basic stuff as we did before.

New-Netipaddress –ipaddress 192.168.0.2 –interfacealias «Ethernet» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses 192.168.0.1
Rename-computer rds
Add-Computer -Domainname test.local –Credential
Restart-computer

This time we set the DNS client to point to the AD server. And change its name and join it to the domain. After the restart we have to install the RDS server role.
As we are going to host all the server roles on the same server (not very secure or recommended but simple  

New-RDSessionDeployment -ConnectionBroker test02.test.local -WebAccessServer test02.test.local -SessionHost test02.test.local

Restart-Computer

 

Remove-RDSessionCollection QuickSessionCollection

New-RDSessionCollection -Collectionname Statistikk -sessionhost test02.test.local -connectionbroker test02.test.local

New-RDremoteApp -Collectionname Statistikk -Alias Notepad -Filepath C:\windows\system32\notepad.exe -ShowInWebAccess 1 -ConnectionBroker test02.test.local -Displayname skriveskrive

Now what this does is to 1: Install the RDS server roles and point to where each server role is located, and then restart the computer.
After that is done it removes the QuickSessionCollection as is created by default when using Quick Deployment.

Creates a new collection and points to which sessionshost and connection broker is included in this collection.
Then it publishes the application Notepad and makes in available to users via the RDweb portal.  And note I didn’t set up user profile disk on the RDS server yet since we need to set up the file server before we do that.

Now we have to create the file server, now this server needs to have multiple network cards and multiple disks in order to have High-availability.
So we start by creating the VM with multiple nics and hdds.

New-VM -NewVHDPath e:\vm\rds.vhdx -NewVHDSizeBytes 20GB -BootDevice CD -MemoryStartupBytes 2GB -Name FS

New-Netipaddress –ipaddress 192.168.0.3 –interfacealias «Ethernet» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias “Ethernet” -ServerAddresses 192.168.0.1
Rename-computer fs
Add-Computer -Domainname test.local –Credential
Restart-computer

So here we create a fileserver virtual machine with 2 NICs and 3 virtual harddrives.
Drive 2 and 3 will be used for a storage pool with mirrored setup. Now setting up two virtual drives in a mirrored setup doesn’t make much sense but this is just to show how easy and flexible the deployment is.
Now after the server is finished installign and has joined the domain we can start by setting up the NIC teaming.

New-lbfoteam –name Test –Teammembers «ethernet 2», «ethernet» -loadbalancingalgorithm Ipaddresses –teamingmode switchindependent –teamnicname SuperPowah

You can run the command

get-lbfoteam and get-lbfoteamnic

To see the status of the team and the NIC (If its up and down or not )
Now what this does is to create a new load balance and failover team called Test, and it includes the two interfaces ethernet 2 and ethernet and the load balancing algorithm is based on IP addresses, and I choose the teaming mode switch independent and the team nice is called SuperPowah. Now that we have done that the first NIC loses it’s IP address settings so now we have to setup an IP setting for the new NIC name SuperPowah

New-Netipaddress –ipaddress 192.168.0.3 –interfacealias «SuperPowah» –Prefixlenght 24
Set-DnsClientServerAddress -InterfaceAlias “SuperPowah” -ServerAddresses 192.168.0.1

Next we have to install the dedup features (Which is not installed by default. )

Install-windowsfeature FS-data-deduplication

By default the schedule for a dedup job is set to default 5 days, but that can be changed. You can also run it manually by running the command.

Start-dedupjob –volume e: –type optimization

You can view the status by running the command

Get-dedupjob
get-dedupstatus

If you wish to remove dedup from a disk you can run the command

Start-dedupjob –volume e: –type unoptimization

Next we create a new folder on the new share then we share the folder.

mkdir userdata on C:\
new-smbshare –path c:\userdata –name userdata

Now after that share is created. We have to update the RDS collection configuration

Set-RDSessionCollectionConfiguration –Collectionname statistikk –EnableUserProfileDisk –diskpath \\fs\userdata –MaxProfileDiskSizeGB 40

So there you go, I will try to update this with some other scenarios as well.

Administer Other Windows Server from Server Manager 2012

Now the new Server Manager is a lifesaver, it allows to manage multiple servers from one console. By default it is only supported for Windows Server 2012 but by downloading Windows Management Framework 3.0 and .Net 4 you can manage older versions as well. (2008, 2008R2)

You can download the needed files from here –>

http://www.microsoft.com/en-us/download/details.aspx?id=29939
http://www.microsoft.com/nb-no/download/details.aspx?id=17718

(If you try to manage an older version you can get this error)

And you need to install these on the servers you need to manage.
After these are installed you need to run some commands.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

Configure-SMRemoting.ps1 -force -enable

After that is done, you can now manage your other servers.

‘

You can see that now the AD server (DC) is added and AD role is added on the side as well

Powershell for remote desktop services

With Microsoft RDS its hard to manage a large infrastucture since you need to manage each server individually. If you have Citrix you have a single console to do everything. But with Windows you have one server that has the Web-interface, you have one server that has the load-balancing role ( broker ) and then you have each TS.

So if you need to do changes to a farm, you would have to logon to the spesific server to remove it from the farm. Of course this would be a pain in the a** if you didn’t have Powershell

Microsoft has done great job to provide Powershell cmdlets for almost every server role in Windows 2008.

You can see the cmdlets avalible here -> http://bit.ly/AlHd8t

But let’s say you want to script a server to join a spesific farm and it will participate in load-balancing, and publish 3 custom applications to display on the  webinterface.

First of you  have to import the module for rds.

Import-Module RemoteDesktopServices

Then you have to change to a virtual directory rds

set-location rds:

If you do a dir there you will see what it contains.

PS RDS:\> dir
Directory: RDS:
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
RDSConfiguration Container – Get-Item, Get-ChildItem
RemoteApp Container – Get-Item, Get-ChildItem

The container RDSconfiguration contains the settings in the Remote Desktop Session Host Configurtion and the RemoteApp contains the same for RemoteApp Manager
And since they are containers you can’t do much at this level. So If we change to Remoteapp manager.

Directory: RDS:\RemoteApp dir
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
Port Integer 3389 – 1-65535 Get-Item, Set-Item
ServerName String  - Get-Item, Set-Item
ColorDepth Integer 5 – 1, 2, 3, 4, 5 Get-Item, Set-Item
AllowFontSmoothing Integer 1 – 0, 1 Get-Item, Set-Item
CustomRDPSettings String authentication le… – Get-Item, Set-Item
DisableUnlistedPrograms Integer 0 No 0, 1 Get-Item, Set-Item
RDPSetting String redirectclipboard… – Get-Item
DeviceRedirectionSettings Container – Get-Item, Get-ChildItem
RemoteDesktopAccess Container – Get-Item, Get-ChildItem
DigitalSignatureSettings Container – Get-Item, Get-ChildItem
GatewaySettings Container – Get-Item, Get-ChildItem
RemoteAppPrograms Container – Get-Item, Get-ChildItem, New-Item
WebAccessComputers Container – Get-Item, Get-ChildItem, New-Item

If you want to change a setting here. You can use the Set-item name and value.
Like
set-item port 3388 (This will change the port RDP uses)

Publishing an application

So in order to publish a application here. We will have to change to the RemoteAppPrograms directory. And use the command.

PS RDS:\RemoteApp> new-item .\RemoteAppPrograms -name ‘calc’ -applicationpath c:\windows\system32\calc.exe

This  will create a remoteapp and by default it will publish it to Remote Desktop Web Interface.
We can look at the settings by moving to the calc folder and do dir.

PS RDS:\RemoteApp\RemoteAppPrograms\calc> dir
Directory: RDS:\RemoteApp\RemoteAppPrograms\calc
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
DisplayName String Windows Calculator – Get-Item, Set-Item
Path String c:\windows\system… – Get-Item, Set-Item
PathExists Integer 1 – 0, 1 Get-Item
IconPath String c:\windows\system… – Get-Item, Set-Item
IconIndex Integer 0 – Get-Item, Set-Item
IconContents String 0,0,1,0,5,0,64,64… – Get-Item
CommandLineSetting Integer 0 – 0, 1, 2 Get-Item, Set-Item
RequiredCommandLine String – Get-Item, Set-Item
ShowInWebAccess Integer 1 – 0, 1 Get-Item, Set-Item
RDPFileContents String redirectclipboard… – Get-Item
UserAssignment Container – Get-Item, Get-ChildItem, New-Item

Something we should have done before publishing the application is to join the server to a farm and participate in load-balancing.

First we can look at the settings for the server.

PS RDS:\RDSConfiguration\ConnectionBrokerSettings> dir
Directory: RDS:\RDSConfiguration\ConnectionBrokerSettings
Name Type CurrentValue GP PermissibleValues PermissibleOperations
—- —- ———— — —————– ———————
ServerPurpose Integer 0 No 0, 1, 2, 3 Get-Item, Set-Item
FarmName String No Get-Item, Set-Item
LoadBalancingState Integer 0 No 0, 1 Get-Item, Set-Item
ServerWeight Integer 100 No 100-10000 Get-Item, Set-Item
ConnectionBroker String No Get-Item, Set-Item
IPAddressRedirection Integer 1 No 0, 1 Get-Item, Set-Item
CurrentRedirectableAddresses Container – Get-Item, Get-ChildItem, New-Item
RedirectableAddresses Container – Get-Item, Get-ChildItem

In order to make a server join the farm, you have to type the command.
Set-item -path RDS:\RDSconfiguration\ConnectionBrokerSettings\Serverpurpose -value 3 -ConnectionBroker test -Farmname TEST -CurrentRedirectableaddresses 192.168.0.24

By using these commands you can script an innstallation of terminal server.