How to convert install.esd to install.wim

1. Create folder “C:\Windows10\“.

2. Extract Windows 10 ISO in “C:\Windows10“.

3. Start “Run as administrator” Deployment and Imaging Tools Environment (DISM).

4. Navigate to “C:\Windows10\Sources\“

5. Get available images within the install.esd file and take a note of Index number/Windows version you need.

dism /Get-WimInfo /WimFile:install.esd

6. Export image to a install.wim file.

dism /export-image /SourceImageFile:install.esd /SourceIndex:6 /DestinationImageFile:install.wim /Compress:max /CheckIntegrity

---

Did you find this info about converting .esd to .wim useful? If you think I have explained something wrong or you have some advice for me and other readers, please leave a comment.

Installing and Configuring Microsoft LAPS

1. Download Local Administrator Password Solution (LAPS).

2. Install LAPS on your management machine.

3. For LAPS to function we need to update AD schema with the two new attributes:

• ms-Mcs-AdmPwd – this attribute stores the local administrator password.
• ms-Mcs-AdmPwdExpirationTime – this attribute stores the password expiration time for the local administrator password.

Continue reading →

How to migrate from FRS to DFSR

Migration process from File Replication Service (FRS) to Distributed File System (DFS Replication) is done through four migration states:

1. Start (State 0) – initial default state of a domain controller.
2. Prepared (State 1) – you can roll back to Start state.
3. Redirected (State 2) – you can roll back to Prepared or Start state.
4. Eliminated (State 3) – migration to the Eliminated state CANNOT be reverted!

Before proceeding with migration let’s look at prerequisites.

Continue reading →

PowerShell cmdlets for AD DS

Domain and Forest

Get all Domain Controllers by Hostname, IPv4 and Operating System.

Get-ADDomainController -Filter * | Format-Table Hostname, IPv4Address, OperatingSystem -AutoSize

Gets the domain information for the domain “fabrikam.com”.

Get-ADDomain fabrikam.com

Display domain wide FSMO Roles (RID Master, PDC Emulator, Infrastructure Master).

Get-ADDomain | Format-List RIDMaster, PDCEmulator, InfrastructureMaster

Get the forest information of the “fabrikam.com” forest.

Get-ADForest fabrikam.com

Display forest wide FSMO Roles (Schema Master and Domain Naming Master).

Get-ADForest | Format-List SchemaMaster, DomainNamingMaster

Get the default domain password policy from a specified domain.

Get-ADDefaultDomainPasswordPolicy -Identity fabrikam.com

Continue reading →

How to clear/reset Windows password

Get explicit permission from the owner to hack their computer!
Do NOT use this tool to hack anyone without there permisssion because that would be illegal!

For this task we are going to use security focused Linux distribution Kali Linux . Among many other security tools installed in this distribution we are going to use chntpw utility.

Continue reading →

Deploying Active Directory Federation Services (AD FS) & Web Application Proxy (WAP)

In this post I will show how to deploy AD FS farm in NLB cluster and then how to deploy highly available WAP in NLB cluster on Windows Server 2012 R2.

Overview of my lab setup

LAN – 192.168.1.0/24

• DC – Active Directory Domain Controller, DNS
  • 192.168.1.1
  • 255.255.255.0
  • 192.168.1.254 (pfSense01)
• ADFS01 – Active Directory Federation Services, primary server
  • 192.168.1.2
  • 255.255.255.0
  • 192.168.1.254 (pfSense01)
• ADFS02 – Active Directory Federation Services, secondary server
  • 192.168.1.3
  • 255.255.255.0
  • 192.168.1.254 (pfSense01)
• RSAT – Remote Server Administration Tools server
  • 192.168.1.4
  • 255.255.255.0
  • 192.168.1.254 (pfSense01)
• PC01 – Windows 10
  • 192.168.1.5
  • 255.255.255.0
  • 192.168.1.254 (pfSense01)

• pfSense01 – 192.168.1.254 – 192.168.2.254 (Router/Firewall)

DMZ – 192.168.2.0/24

• WAP01 – Web Application Proxy
  • 192.168.2.1
  • 255.255.255.0
  • 192.168.2.253 (pfSense02)
• WAP02 – Web Application Proxy
  • 192.168.2.2
  • 255.255.255.0
  • 192.168.2.253 (pfSense02)
• PC02 – 192.168.2.3 (Windows 10)
  • 192.168.2.3
  • 255.255.255.0
  • 192.168.2.253 (pfSense02)

• pfSense02 – 192.168.2.253 – 192.168.3.254 (Router/Firewall)

Internet – 192.168.3.0/24

• PC03 — (Windows 10)
  • 192.168.3.1
  • 255.255.255.0
  • 192.168.3.254 (pfSense02)

Continue reading →

How to upgrade Domain Controller to Windows Server 2016

In this post I am going to describe how to upgrade Domain Controller from Windows Server 2012 R2 to Windows Server 2016 Domain Controller.

Recommended way of doing upgrade is to promote clean install of Windows Server 2016 to Domain Controller and demote old one.

Continue reading →

How to use PowerShell DSC to deploy Active Directory on Windows Server 2012 R2

In today’s blog post we will install new Windows Server 2012 AD Forest that contains two Domain Controllers. We are going to use PowerShell DSC to help us make this deployment.

For this example, we have 3 VM’s:

• Router – 192.168.1.1/24
• DC01 (Server 2012 R2) – 192.168.1.2/24
• DC02 (Server 2012 R2) – 192.168.1.3/24
• RSAT (Server 2012 R2) – 192.168.1.4/24

Continue reading →

Active Directory – Directory Partitions

Active Directory database (NTDS.dit) in logically segmented into directory partitions (also referred to as a Naming Context):

Continue reading →

How to configure DHCP Failover using PowerShell on Windows Server 2012 R2

DHCP failover is a feature that enables DHCP servers to maintain high availability by replicating scope information between two DHCP servers in a failover relationship.

Note: first time full scope replication is going to run automatically when you configure failover relationship. After that only IP address leases are replicated on a continual basis. Other configuration changes like reservations, scope options, exclusion ranges etc. need to be replicated manually by running Invoke-DhcpServerv4FailoverReplication cmdlet.

There are two available failover modes:

• Load balance (also known as active-active failover relationship)
• Hot standby (also known as active-passive failover relationship)

Continue reading →