This guide provides step-by-step instructions for setting up a proof of concept (PoC) environment where you test the tools and procedures necessary to deploy Windows 10. The PoC enviroment is configured by using Hyper-V and requires a minimum amount of resources. Windows PowerShell commands are provided to set up the test lab quickly. The guide contains detailed instructions for three general procedures: +
This guide provides step-by-step instructions for setting up a proof of concept (PoC) environment where you test the tools and procedures necessary to deploy Windows 10. The PoC enviroment is configured by using Hyper-V and requires a minimum amount of resources. Windows PowerShell commands are provided to set up the test lab quickly. Instructions to "type" Windows PowerShell commands provided in this guide can be typed, but in most cases the preferred method is to copy and paste these commands. If you are not familiar with Hyper-V, review the [terms](#appendix-d-terminology-in-this-guide) used in this guide before starting. + +The guide contains detailed instructions for three general procedures:
C:\>systeminfo
+
...
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
@@ -198,9 +203,10 @@ The lab architecture is summarized in the following diagram:
The Hyper-V feature is not installed by default. To install it, open an elevated Windows PowerShell window and type the following command:
- ```
+
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All
- ```
+
+
This command works on all operating systems that support Hyper-V. When you are prompted to restart the computer, choose **Yes**. The computer might restart more than once. After installation is complete, you can open Hyper-V Manager by typing **virtmgmt.msc** at an elevated command prompt.
You can also install Hyper-V using the Control Panel in Windows under **Turn Windows features on or off** for a client operating system, or using Server Manager's **Add Roles and Features Wizard** on a server operating system, as shown below:
@@ -225,11 +231,11 @@ When you have completed installation of Hyper-V on the host computer, begin conf
-2. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simpler to recognize and type.
+2. Download the file to the C:\VHD directory. When the download is complete, rename the VHD file that you downloaded to **2012R2-poc-1.vhd**. This is done to make the filename simpler to recognize and type.
3. Copy the VHD to a second file also in the C:\VHD directory and name this VHD **2012R2-poc-2.vhd**.
4. Download the [Windows 10 Enterprise ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise) from the TechNet Evaluation Center to the C:\VHD directory on your Hyper-V host.
- - During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English VHD is chosen. You can choose a different version if desired. Note that Windows 10 in-place upgrade is only possible if the source operating system and installation media are both 32-bit or both 64-bit, so you should download the file version that corresponds to the version of your source computer for upgrade testing.
+ >During registration, you must specify the type, version, and language of installation media to download. In this example, a Windows 10 Enterprise, 64 bit, English ISO is chosen. You can choose a different version if desired. Note that Windows 10 in-place upgrade is only possible if the source operating system and installation media are both 32-bit or both 64-bit, so you should download the file version that corresponds to the version of your source computer (computer 2) for upgrade testing.
5. Rename the ISO file that you downloaded to **w10-enterprise.iso**. Again, this is done so that the filename is simpler to type and recognize. After completing registration you will be able to download the 3.63 GB Windows 10 Enterprise evaluation ISO.
@@ -238,7 +244,7 @@ After completing these steps, you will have three files in the C:\VHD directory:
The following commands and output display the procedures described in this section:
-```
+
C:\>mkdir VHD
C:\>cd VHD
C:\VHD>ren 9600*.vhd 2012R2-poc-1.vhd
@@ -249,29 +255,31 @@ C:\VHD>dir /B
2012R2-poc-1.vhd
2012R2-poc-2.vhd
w10-enterprise.iso
-```
+
### Convert PC to VHD
+If you do not have a PC available to convert to VHD, see [Appendix E: Create PC1 VM](#appendix-e-create-pc1-vm).
+
**Important**: Before you convert a PC to VHD, verify that you have access to a local administrator account on the computer. Alternatively you can use a domain account with administrative rights if these credentials are cached on the computer and your domain policy allows the use of cached credentials for login. After converting the computer to a VM, you must be able to sign in on this VM with local administrator privileges, while disconnected from the corporate network.
-####Client computer requirements for this lab:
+#### Client computer requirements for this lab:
-1. You must use a PC that is assigned a system/boot drive letter of **C:**. Computers with other configurations can also be upgraded using PC refresh and replace scenarios, but these systems require more advanced deployment task sequences than those used in this lab. If the computer has multiple hard drives, then only choose the **C:** drive for conversion.
-2. If the PC is running Windows 7, then it must use the Master Boot Record (MBR) method for storing partition information, not the GUID Partition Table (GPT) method. This is because a generation 2 VM is required to support GPT, and Windows 7 is not supported for generation 2 VMs. Alternatively, you can convert the VHD to use MBR, but this procedure is somewhat complex. If you must create a bootable generation 1 VHD from a physical host that uses GPT, see [Appendix C: Convert GPT to MBR](#appendix-c-convert-gpt-to-mbr)
- - To determine the storage method on a computer running Windows 7, open a command prompt and type **DISKPART**, then type **list disk**. Disks that use GPT will have an asterisk under **Gpt** in the command output. If the computer is running Windows 8 or a later OS, you can also type **Get-Disk** at an elevated Windows PowerShell prompt to identify the partition style.
+1. You must use a PC that is assigned a system/boot drive letter of **C**. Computers with other configurations can also be upgraded using PC refresh and replace scenarios, but these systems require more advanced deployment task sequences than the sample ones used in this lab. If the computer has multiple hard drives, then only choose the **C** drive for conversion.
+2. If the PC is running Windows 7, then it must use the Master Boot Record (MBR) method for storing partition information, not the GUID Partition Table (GPT) method. This is because a generation 2 VM is required to support GPT, and Windows 7 is not supported in Hyper-V as a generation 2 VM. Alternatively, you can convert the VHD to use MBR, but this procedure is complex. If you must create a bootable generation 1 VHD from a physical host that uses GPT, see [Appendix C: Convert GPT to MBR](#appendix-c-convert-gpt-to-mbr)
+ >To determine the storage method on a computer running Windows 7, open a command prompt and type **DISKPART**, then type **list disk**. Disks that use GPT will have an asterisk under **Gpt** in the command output. If the computer is running Windows 8 or a later OS, you can also type **Get-Disk** at an elevated Windows PowerShell prompt to identify the partition style.
3. If the PC is running Windows 8 or later and uses the GPT method for storing partition information, then you must create a generation 2 VM to mirror the PC in Hyper-V.
-####To convert a PC to VHD:
+#### To convert a PC to VHD:
1. Download the [Disk2vhd utility](https://technet.microsoft.com/en-us/library/ee656415.aspx), extract the .zip file and copy **disk2vhd.exe** to a flash drive or other location that is accessible from the computer you wish to convert.
>You might experience timeouts if you attempt to run Disk2vhd from a network share, or specify a network share for the destination. To avoid timeouts, use local, portable media such as a USB drive.
2. On the computer you wish to convert, double-click the disk2vhd utility to start the graphical user interface.
-3. Select the checkboxes next to the **C:\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{** - see the example below. **Important**: You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is using the GPT partition method. In this case, see the [requirements](#client-computer-requirements-for-this-lab) in this section for more information.
-4. Specify a location to save the resulting VHD or VHDX file (F:\VHD\w7.vhdx in the following example) and click **Create**. If your Hyper-V host is running Windows Server 2008 R2 you must choose VHD, otherwise choose VHDX. See the following example:
+3. Select the checkboxes next to the **C:\** and the **system reserved** (BIOS/MBR) volumes. The system volume is not assigned a drive letter, but will be displayed in the Disk2VHD tool with a volume label similar to **\\?\Volume{**. See the following example. **Important**: You must include the system volume in order to create a bootable VHD. If this volume is not displayed in the disk2vhd tool, then the computer is using the GPT partition method. In this case, see the second item in the [requirements](#client-computer-requirements-for-this-lab) list in this section for more information.
+4. Specify a location to save the resulting VHD or VHDX file (F:\VHD\w7.vhdx in the following example) and click **Create**. Note: Hyper-V on Windows Server 2008 R2 does not support VHDX. See the following example:
@@ -282,79 +290,80 @@ w10-enterprise.iso
6. When the Disk2vhd utility has completed converting the source computer to a VHD, copy the VHDX file (w7.vhdx) to your Hyper-V host in the C:\VHD directory. There should now be four files in this directory:
- ```
+
C:\vhd>dir /B
2012R2-poc-1.vhd
2012R2-poc-2.vhd
w10-enterprise.iso
w7.VHDX
- ```
+
+
### Resize VHD
The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to 80GB to support installing imaging tools and storing OS images.
1. To add available space for the partition, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
- ```
+
Resize-VHD –Path c:\VHD\2012R2-poc-2.vhd –SizeBytes 80GB
$x = (Mount-VHD –Path c:\VHD\2012R2-poc-2.vhd -passthru | Get-Disk | Get-Partition | Get-Volume).DriveLetter
Resize-Partition -DriveLetter $x -Size (Get-PartitionSupportedSize -DriveLetter $x).SizeMax
- ```
+
2. Verify that the mounted VHD drive is resized to 80 GB, and then dismount the drive:
- ```
+
Get-Volume -DriveLetter $x
Dismount-VHD –Path c:\VHD\2012R2-poc-2.vhd
- ```
+
### Configure Hyper-V
-Note: The Hyper-V Windows PowerShell module is not available on Windows Server 2008 R2. For more information, see [Appendix B: Configuring Hyper-V on Windows Server 2008 R2](#appendix-b-configuring-hyper-v-on-windows-server-2008-r2).
+**Important**: You should take advantage of [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs and between VMs. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also copy and paste files directly from one computer to another by right-clicking and selecting copy on one computer, then right-clicking and selecting paste on another computer.
-**Important**: You should take advantage of [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) when completing instructions in this guide. Enhanced session mode enables you to copy and paste the commands from the Hyper-V host to VMs and between VMs. After copying some text, you can paste into a Windows PowerShell window by simply right-clicking. Before right-clicking, do not left click other locations as this can empty the clipboard. You can also
New-VMSwitch -Name poc-internal -SwitchType Internal -Notes "PoC Network"
New-VMSwitch -Name poc-external -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name -Notes "PoC External"
- ```
+
**Note**: The second command above will temporarily interrupt network connectivity on the Hyper-V host.
- >Since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. This is automated in the example here by filtering for active non-virtual ethernet adapters using the Get-NetAdapter cmdlet ($_.Status -eq "Up" -and !$_.Virtual). If your Hyper-V host is dual-homed with multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the NetAdapterName. The NetAdapterName value corresponds to the name of the network interface you wish to use, for example if the network interface you use on the Hyper-V host to connect to the Internet is named "Ethernet 2" then type the following command to create an external virtual switch:
+ >Since an external virtual switch is associated to a physical network adapter on the Hyper-V host, this adapter must be specified when adding the virtual switch. This is automated here by filtering for active non-virtual ethernet adapters using the Get-NetAdapter cmdlet ($_.Status -eq "Up" -and !$_.Virtual). If your Hyper-V host is dual-homed with multiple active ethernet adapters, this automation will not work, and the second command above will fail. In this case, you must edit the command used to add the "poc-external" virtual switch by inserting the NetAdapterName. The NetAdapterName value corresponds to the name of the network interface you wish to use. For example, if the network interface you use on the Hyper-V host to connect to the Internet is named "Ethernet 2" then type the following command to create an external virtual switch:
- ```
+
New-VMSwitch -Name poc-external -NetAdapterName "Ethernet 2" -Notes "PoC External"
- ```
+
2. At the elevated Windows PowerShell prompt, type the following command to determine the megabytes of RAM that are currently available on the Hyper-V host:
- ```
- (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue
- ```
- >This command will display the megabytes of RAM available. On a Hyper-V host computer with 16 GB of physical RAM installed, 12,000 MB of RAM or greater should be available if the computer is not also running other applications. On a computer with 8 GB of physical RAM installed, at least 5000 MB should be available. If the computer has less RAM available than this, try closing applications to free up more memory.
+ + (Get-VMHostNumaNode).MemoryAvailable ++ + >This command will display the megabytes of RAM available. On a Hyper-V host computer with 16 GB of physical RAM installed, 10,000 MB of RAM or greater should be available if the computer is not also running other applications. On a computer with 8 GB of physical RAM installed, at least 4000 MB should be available. If the computer has less RAM available than this, try closing applications to free up more memory. 3. Determine the available memory for VMs by dividing the available RAM by 4. For example: - ``` - (Get-Counter -Counter @("\Memory\Available MBytes")).countersamples.cookedvalue/4 +
+ (Get-VMHostNumaNode).MemoryAvailable/4
2775.5
- ```
+
+
In this example, VMs can use a maximum of 2700 MB of RAM each, to run four VMs simultaneously.
4. At the elevated Windows PowerShell prompt, type the following command to create three new VMs. The fourth VM will be added later.
- >**Important**: Replace the value of 2700MB in the first command below with the RAM value that you calculated in the previous step:
+ >**Important**: Replace the value of 2700MB for $maxRAM in the first command below with the RAM value that you calculated in the previous step.
- ```
+
$maxRAM = 2700MB
New-VM -Name "DC1" -VHDPath c:\vhd\2012R2-poc-1.vhd -SwitchName poc-internal
Set-VMMemory -VMName "DC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
@@ -366,7 +375,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most
New-VM -Name "PC1" -VHDPath c:\vhd\w7.vhdx -SwitchName poc-internal
Set-VMMemory -VMName "PC1" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes $maxRAM -Buffer 20
Enable-VMIntegrationService -Name "Guest Service Interface" -VMName PC1
- ```
+
**Note**: The RAM values assigned to VMs in this step are not permanent, and can be easily increased or decreased later if needed to address performance issues.
@@ -374,95 +383,112 @@ Instructions to "type" commands provided in this guide can be typed, but in most
1. At an elevated Windows PowerShell prompt on the Hyper-V host, start the first VM by typing the following command:
- ```
+
Start-VM DC1
- ```
+
+
2. Wait for the VM to complete starting up, and then connect to it either using the Hyper-V Manager console (virtmgmt.msc) or using an elevated command prompt on the Hyper-V host:
- ```
+
vmconnect localhost DC1
- ```
+
+
3. Click **Next** to accept the default settings, read the license terms and click **I accept**, provide an administrator password of **pass@word1**, and click **Finish**.
4. Click the **Ctrl+Alt+Del** button in the upper left corner of the virtual machine connection window, and then sign in to DC1 using the local administrator account.
5. Right-click **Start**, point to **Shut down or sign out**, and click **Sign out**. The VM connection will reset and a new connection dialog box will appear enabling you to choose a custom display configuration. Select a desktop size, click **Connect** and sign in again with the local Administrator account. Note: Signing in this way ensures that [enhanced session mode](https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect) is enabled. It is only necessary to do this the first time you sign in to a new VM.
6. If DC1 is configured as described in this guide, it will currently be assigned an APIPA address, have a randomly generated hostname, and a single network adapter named "Ethernet." Open an elevated Windows PowerShell prompt on DC1 and type or paste the following commands to provide a new hostname and configure a static IP address and gateway:
- ```
+
Rename-Computer DC1
New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.1 –PrefixLength 24 -DefaultGateway 192.168.0.2
Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
- ```
+
+
>The default gateway at 192.168.0.2 will be configured later in this guide.
+
7. Install the Active Directory Domain Services role by typing the following command at an elevated Windows PowerShell prompt:
- ```
+
Install-WindowsFeature -Name AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
- ```
+
8. Before promoting DC1 to a Domain Controller, you must reboot so that the name change in step 3 above takes effect. To restart the computer, type the following command at an elevated Windows PowerShell prompt:
- ```
+
Restart-Computer
- ```
+
9. When DC1 has rebooted, sign in again and open an elevated Windows PowerShell prompt. Now you can promote the server to be a domain controller. The directory services restore mode password must be entered as a secure string. Type the following commands at the elevated Windows PowerShell prompt:
- ```
+
$pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
Install-ADDSForest -DomainName contoso.com -InstallDns -SafeModeAdministratorPassword $pass -Force
- ```
+
+
Ignore any warnings that are displayed. The computer will automatically reboot upon completion.
+
10. When the reboot has completed, reconnect to DC1, sign in using the CONTOSO\Administrator account, open an elevated Windows PowerShell prompt, and use the following commands to add a reverse lookup zone for the PoC network, add the DHCP Server role, authorize DHCP in Active Directory, and supress the post-DHCP-install alert:
- ```
+
Add-DnsServerPrimaryZone -NetworkID "192.168.0.0/24" -ReplicationScope Forest
Add-WindowsFeature -Name DHCP -IncludeManagementTools
netsh dhcp add securitygroups
Restart-Service DHCPServer
Add-DhcpServerInDC dc1.contoso.com 192.168.0.1
Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2
- ```
+
+
11. Next, add a DHCP scope and set option values:
- ```
+
Add-DhcpServerv4Scope -Name "PoC Scope" -StartRange 192.168.0.100 -EndRange 192.168.0.199 -SubnetMask 255.255.255.0 -Description "Windows 10 PoC" -State Active
Set-DhcpServerv4OptionValue -ScopeId 192.168.0.0 -DnsDomain contoso.com -Router 192.168.0.2 -DnsServer 192.168.0.1,192.168.0.2 -Force
- ```
+
+
>The -Force option is necessary when adding scope options to skip validation of 192.168.0.2 as a DNS server because we have not configured it yet. The scope should immediately begin issuing leases on the PoC network. The first DHCP lease that will be issued is to vEthernet interface on the Hyper-V host, which is a member of the internal network. You can verify this by using the command: Get-DhcpServerv4Lease -ScopeId 192.168.0.0.
12. Add a user account to the contoso.com domain that can be used with client computers:
- ```
+
New-ADUser -Name "User1" -UserPrincipalName user1 -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
- ```
+
+
13. The DNS server role will also be installed on the member server, SRV1, at 192.168.0.2 so that we can forward DNS queries from DC1 to SRV1 to resolve Internet names without having to configure a forwarder outside the PoC network. Since the IP address of SRV1 already exists on DC1's network adapter, it will be automatically added during the DCPROMO process. To verify this server-level DNS forwarder on DC1, type the following command at an elevated Windows PowerShell prompt on DC1:
- ```
+
Get-DnsServerForwarder
- ```
+
+
The following output should be displayed:
- ```
+
+
UseRootHint : True
Timeout(s) : 3
EnableReordering : True
IPAddress : 192.168.0.2
ReorderedIPAddress : 192.168.0.2
- ```
+
+
If this output is not displayed, you can use the following command to add SRV1 as a forwarder:
- ```
+
+
Add-DnsServerForwarder -IPAddress 192.168.0.2
- ```
+
+
14. Minimize the DC1 VM window but **do not stop** the VM.
Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain.
15. Using an elevated Windows PowerShell prompt on the Hyper-V host, start the client VM (PC1), and connect to it:
- ```
+
+
Start-VM PC1
vmconnect localhost PC1
- ```
+
+
16. Sign on to PC1 using an account that has local administrator rights.
>PC1 will be disconnected from its current domain, so you cannot use a domain account to sign on unless these credentials are cached and the use of cached credentials is permitted by Group Policy. If cached credentials are available and permitted, you can use these credentials to sign in. Otherwise, use an existing local administrator account.
+
17. After signing in, the operating system detects that it is running in a new environment. New drivers will be automatically installed, including the network adapter driver. The network adapter driver must be updated before you can proceed, so that you will be able to join the contoso.com domain. Depending on the resources allocated to PC1, installing the network adapter driver might take a few minutes. You can monitor device driver installation by clicking **Show hidden icons** in the notification area.
@@ -474,7 +500,7 @@ Instructions to "type" commands provided in this guide can be typed, but in most
To open Windows PowerShell on Windows 7, click **Start**, and search for "**power**." Right-click **Windows PowerShell** and then click **Pin to Taskbar** so that it is simpler to use Windows Powershell during this lab. Click **Windows PowerShell** on the taskbar, and then type **ipconfig** at the prompt to see the client's current IP address. Also type **ping dc1.contoso.com** and **nltest /dsgetdc:contoso.com** to verify that it can reach the domain controller. See the following examples of a successful network connection:
- ```
+
ipconfig
Windows IP Configuration
@@ -503,19 +529,20 @@ Instructions to "type" commands provided in this guide can be typed, but in most
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE FULL_SECRET WS 0xC000
- ```
+
+
>If PC1 is running Windows 7, enhanced session mode is not available, which means that you cannot copy and paste commands from the Hyper-V host to a Windows PowerShell prompt on PC1. However, it is possible to use integration services to copy a file from the Hyper-V host to a VM. The next procedure demonstrates this. If the Copy-VMFile command fails, then type the commands below at an elevated Windows PowerShell prompt on PC1 instead of saving them to a script to run remotely. If PC1 is running Windows 8 or a later operating system, you can use enhanced session mode to copy and paste these commands instead of typing them.
20. Minimize the PC1 window and switch to the Hyper-V host computer. Open an elevated Windows PowerShell ISE window on the Hyper-V host (right-click Windows PowerShell and then click Run ISE as Administrator) and type the following commands in the (upper) script editor pane:
- ```
+
(Get-WmiObject Win32_ComputerSystem).UnjoinDomainOrWorkgroup($null,$null,0)
$pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
$user = "contoso\administrator"
$cred = New-Object System.Management.Automation.PSCredential($user,$pass)
Add-Computer -DomainName contoso.com -Credential $cred
Restart-Computer
- ```
+
>If you do not see the script pane, click **View** and then click **Show Script Pane Top**.
@@ -526,16 +553,17 @@ Instructions to "type" commands provided in this guide can be typed, but in most
21. Click **File**, click **Save As**, and save the commands as **c:\VHD\pc1.ps1** on the Hyper-V host.
22. In the (lower) terminal input window, type the following command to copy the script to PC1 using integration services:
- ```
+
Copy-VMFile "PC1" –SourcePath "C:\VHD\pc1.ps1" –DestinationPath "C:\pc1.ps1" –CreateFullPath –FileSource Host
- ```
+
+
>In order for this command to work properly, PC1 must be running the vmicguestinterface (Hyper-V Guest Service Interface) service. If this service is not installed, you can try updating integration services on the VM. This can be done by mounting the Hyper-V Integration Services Setup (vmguest.iso), which is located in C:\Windows\System32 on Windows Server operating systems that are running the Hyper-V role service. Otherwise, just create the file c:\pc1.ps1 on the VM and type the commands into this file manually. Be sure to save the file as a Windows PowerShell script file with the .ps1 extension and not as a text (.txt) file.
23. On PC1, type the following commands at an elevated Windows PowerShell prompt:
- ```
+
Get-Content c:\pc1.ps1 | powershell.exe -noprofile -
- ```
+
>PC1 is removed from its domain in this step while not connected to the corporate network so as to ensure the computer object in the corporate domain is unaffected. We have not also renamed PC1 to "PC1" in system properties so that it maintains some of its mirrored identity. However, if desired you can also rename the computer.
@@ -544,79 +572,88 @@ Instructions to "type" commands provided in this guide can be typed, but in most
25. Minimize the PC1 window but do not turn it off while the second Windows Server 2012 R2 VM (SRV1) is configured. This verifies that the Hyper-V host has enough resources to run all VMs simultaneously. Next, SRV1 will be started, joined to the contoso.com domain, and configured with RRAS and DNS services.
26. On the Hyper-V host computer, at an elevated Windows PowerShell prompt, type the following commands:
- ```
+
Start-VM SRV1
vmconnect localhost SRV1
- ```
+
+
27. Accept the default settings, read license terms and accept them, provide an administrator password of **pass@word1**, and click **Finish**. When you are prompted about finding PCs, devices, and content on the network, click **Yes**.
28. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM.
29. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands:
- ```
+
Rename-Computer SRV1
New-NetIPAddress –InterfaceAlias Ethernet –IPAddress 192.168.0.2 –PrefixLength 24
Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.0.1,192.168.0.2
Restart-Computer
- ```
+
+
30. Wait for the computer to restart, then type or paste the following commands at an elevated Windows PowerShell prompt:
- ```
+
$pass = "pass@word1" | ConvertTo-SecureString -AsPlainText -Force
$user = "contoso\administrator"
$cred = New-Object System.Management.Automation.PSCredential($user,$pass)
Add-Computer -DomainName contoso.com -Credential $cred
Restart-Computer
- ```
+
+
31. Sign in to the contoso.com domain on SRV1 using the domain administrator account (enter contoso\administrator as the user), open an elevated Windows PowerShell prompt, and type the following commands:
- ```
+
Install-WindowsFeature -Name DNS -IncludeManagementTools
Install-WindowsFeature -Name WDS -IncludeManagementTools
Install-WindowsFeature -Name Routing -IncludeManagementTools
- ```
+
+
32. Before configuring the routing service that was just installed, verify that network interfaces were added to SRV1 in the right order, resulting in an interface alias of "Ethernet" for the private interface, and an interface alias of "Ethernet 2" for the public interface. Also verify that the external interface has a valid external DHCP IP address lease.
To view a list of interfaces, associated interface aliases, and IP addresses on SRV1, type the following Windows PowerShell command. Example output of the command is also shown below:
- ```
+
Get-NetAdapter | ? status -eq ‘up’ | Get-NetIPAddress -AddressFamily IPv4 | ft IPAddress, InterfaceAlias
IPAddress InterfaceAlias
--------- --------------
10.137.130.118 Ethernet 2
192.168.0.2 Ethernet
- ```
+
+
In this example, the poc-internal network interface at 192.168.0.2 is associated with the "Ethernet" interface and the Internet-facing poc-external interface is associated with the "Ethernet 2" interface. If your interfaces are different, you must adjust the commands provided in the next step appropriately to configure routing services.
33. To configure SRV1 with routing capability for the PoC network, type or paste the following commands at an elevated Windows PowerShell prompt on SRV1:
- ```
+
Install-RemoteAccess -VpnType Vpn
cmd /c netsh routing ip nat install
cmd /c netsh routing ip nat add interface name="Ethernet 2" mode=FULL
cmd /c netsh routing ip nat add interface name="Ethernet" mode=PRIVATE
cmd /c netsh routing ip nat add interface name="Internal" mode=PRIVATE
- ```
+
+
34. The DNS service on SRV1 also needs to resolve hosts in the contoso.com domain. This can be accomplished with a conditional forwarder. Open an elevated Windows PowerShell prompt on SRV1 and type the following command:
- ```
+
Add-DnsServerConditionalForwarderZone -Name contoso.com -MasterServers 192.168.0.1
- ```
+
+
35. In most cases, this completes configuration of the PoC network. However, if your corporate network has a firewall that filters queries from local DNS servers, you will also need to configure a server-level DNS forwarder on SRV1 to resolve Internet names. To test whether or not DNS is working without this forwarder, try to reach a name on the Internet from DC1 or PC1, which are only using DNS services on the PoC network. You can test DNS with the ping command, for example:
- ```
+
ping www.microsoft.com
- ```
+
+
If you see "Ping request could not find host www.microsoft.com" on PC1 and DC1, but not on SRV1, then you will need to configure a server-level DNS forwarder on SRV1. To do this, open an elevated Windows PowerShell prompt on SRV1 and type the following command.
**Note**: This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name:
- ```
+
Add-DnsServerForwarder -IPAddress (Get-DnsClientServerAddress -InterfaceAlias "Ethernet 2").ServerAddresses
- ```
+
+
36. If DNS and routing are both working correctly, you will see the following on DC1 and PC1:
- ```
+
PS C:\> ping www.microsoft.com
Pinging e2847.dspb.akamaiedge.net [23.222.146.170] with 32 bytes of data:
@@ -629,14 +666,15 @@ Instructions to "type" commands provided in this guide can be typed, but in most
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
- ```
+
+
37. Verify that all three VMs can reach each other, and the Internet. See [Appendix B: Verify the configuration](#appendix-b-verify-the-configuration) for more information.
38. Lastly, because the client computer has different hardware after copying it to a VM, its Windows activation will be invalidated and you might receive a message that you must activate Windows in 3 days. To extend this period to 30 days, type the following commands at an elevated Windows PowerShell prompt on PC1:
- ```
+
slmgr -rearm
Restart-Computer
- ```
+
## Appendix A: Verify the configuration
@@ -644,7 +682,7 @@ Use the following procedures to verify that the PoC environment is configured pr
1. On DC1, open an elevated Windows PowerShell prompt and type the following commands:
- ```
+
Get-Service NTDS,DNS,DHCP
DCDiag -a
Get-DnsServerResourceRecord -ZoneName contoso.com -RRType A
@@ -653,7 +691,8 @@ Use the following procedures to verify that the PoC environment is configured pr
Get-DhcpServerInDC
Get-DhcpServerv4Statistics
ipconfig /all
- ```
+
+
**Get-Service** displays a status of "Running" for all three services.
Get-Service DNS,RemoteAccess
Get-DnsServerForwarder
Resolve-DnsName -Server dc1.contoso.com -Name www.microsoft.com
ipconfig /all
netsh int ipv4 show address
- ```
+
+
**Get-Service** displays a status of "Running" for both services.
whoami
hostname
nslookup www.microsoft.com
ping -n 1 dc1.contoso.com
tracert www.microsoft.com
- ```
+
+
**whoami** displays the current user context, for example in an elevated Windows PowerShell prompt, contoso\administrator is displayed.Add-WindowsFeature -Name Hyper-V -``` +An example that uses Hyper-V WMI to create a virtual switch on Windows Server 2008 R2 is provided below. -``` +
$SwitchFriendlyName = "poc-internal" $InternalEthernetPortFriendlyName = $SwitchFriendlyName $InternalSwitchPortFriendlyName = "poc" @@ -728,39 +769,63 @@ $InternalLanEndPoint = gwmi -namespace root\virtualization -query $query $Result = $VirtualSwitchManagementService.ConnectSwitchPort($InternalSwitchPort, $InternalLanEndPoint) $filter = "SettingID='" + $InternalEthernetPort.DeviceID +"'" $NetworkAdapterConfiguration = gwmi Win32_NetworkAdapterConfiguration -filter $filter -``` +## Appendix C: Convert GPT to MBR >Conversion of a disk directly from GPT to MBR without data loss is not possible without the use of external, specialized applications and tools. However, it is possible to create an image of the GPT disk and then restore this image to an MBR disk using standard tools. At a high level, this can be done by obtaining an image of the source drive, creating a blank MBR-formatted disk, applying the source drive image to the MBR disk, and then configuring the MBR disk to boot the applied image. This procedure is described below: -1. Open an elevated command prompt and type the following command: +First I capture a VSS image of the GPT disk: - ``` - mountvol S: /S - ``` -2. Close and restart the Disk2VHD application. -3. Clear the **Use Volume Shadow Copy** checkbox. -4. Select the C: and S: drives to convert, and then click **Create**. +1. Create VHD (function thanks to Senthil Rajaram). -mount-vhd -path D:\vhd\w7.VHDX +function CreateVHD ($VHDPath, $Size) +{ + $drive = (New-VHD -path $vhdpath -SizeBytes $size -Dynamic | ` + Mount-VHD -Passthru | ` + get-disk -number {$_.DiskNumber} | ` + Initialize-Disk -PartitionStyle MBR -PassThru | ` + New-Partition -UseMaximumSize -AssignDriveLetter:$False -MbrType IFS | ` + Format-Volume -Confirm:$false -FileSystem NTFS -force | ` + get-partition | ` + Add-PartitionAccessPath -AssignDriveLetter -PassThru | ` + get-volume).DriveLetter + Dismount-VHD $VHDPath +} -dism /Capture-Image /ImageFile:d:\w7.wim /CaptureDir:H:\ /Name:w7 <--this takes a long time +Be sure to use a size sufficient for the backup (i.e. 100GB) and specify a path to a USB drive. For Windows 7 to mount the drive it must be .vhd not .vhdx. - mount-vhd -path 'D:\vhd\w7-gen1\Virtual Hard Disks\w7-gen1.vhdx' +CreateVHD F:\pc1.vhd 100GB - New simple volume, created drive G: ---- -dism /Apply-Image /ImageFile:D:\w7.wim /Index:1 /ApplyDir:G:\ -boot to install disk and repair this +2. Insert USB into client and mount using disk management. It is possible also using diskpart but easier with disk manager. Note the drive letter of the mount. Assuming G: -the idea here is to create a MBR VHD, then restore the wim to that. +wbadmin start backup -backupTarget:g: -include:c: -quiet + +- this takes a few minutes then you see: + +Creating a backup of volume C(C:), copied (98%). +Creating a backup of volume C(C:), copied (98%). +Creating a backup of volume C(C:), copied (99%). +Creating a backup of volume C(C:), copied (99%). +Creating a backup of volume C(C:), copied (100%). +The backup operation successfully completed. +Summary of the backup operation: +------------------ + +The backup of volume C(C:) successfully completed. + +C:\> + +Note: Alternatively you can back up the client to a network share, then access the network share from system restore. + +3. Detatch the VHD, remove the USB, insert USB in Hyper-V host. + +4. Create new VM with blank VHD, add the usb vhd as secondary. remove it later...no need to keep the image on the same disk. ---note another possible option is to create a backup, choose USB as the destination, then create VM, boot from DVD, and restore from backup usign tools. ---also try https://community.spiceworks.com/topic/435119-can-i-virtualize-a-uefi-server-into-a-hyper-v-virtual-machine <-- does not work ### Appendix D: Terminology used in this guide @@ -784,6 +849,10 @@ See the following table for a list of terms used in this guide. +### Appendix E: Create PC1 VM + +Here is where I provide a procedure to create a blank client VM. + ## Related Topics