If you have a lot of user groups and simply want to copy/clone one users group membership to another user, then with PowerShell that’s quite simple to do.
Solution: Copy User Membership
Here I have two users ALane who is a member of a few groups and APatel who is simply a member of domain admins.
Although we can see above what groups ALane is a member off let’s prove that will PowerShell.
I’ve been aware of Windows Terminal for a while, I’ve just never felt the need to set it up. Most of my work for the website involves me taking screenshots on Windows Server OS. So, when I decided to take a look at it I had to jump through a few hoops to get it to work, in the words of Juan Sánchez Villalobos Ramírez, Chief metallurgist to King Charles V of Spain, “I would save you that pain”. (If you get that reference, we can be friends).
Solution: Windows Terminal on Server 2022
So, Windows Server OSs cannot access the Windows Store, so you need to manually download the app packages (msibundle) then install them with PowerShell. If you want to install on Server 2022 then don’t download the Windows 11 package, if you do and try and install it you will see something like.
Deployment failed with HRESULT: 0x80073CFD, A Prerequisite for an install could not be satisfied. Windows cannot install package Microsoft.WindowsTerminal_1.16.10262.0_x64__8wekyb3d8bbwe because this package is not compatible with the device. The package requires OS version 10.0.22000.0 or higher on the Windows.Desktop device family. The device is currently running OS version 10.0.20348.1668
I walked back though a few versions before I realised you need to download the Windows 10 versions. go here and check for the latest version.
Previous Windows Server Versions: In some cases you may need to download and install the Preinstall kit (See above page for download link) Simply download it as a Zip file, extract it, and then use Add-AppxPackage to install the msibundle for that first. But for Server 2022 you don’t need to do that.
Firstly, you need to download another package as it’s a pre-requisite, the following commands will download and install it.
“Hi thanks for your video. I have two win 2012 DC DHCP on a failover/load balance config and want to migrate to new Win 2022 VMs. What’s the exact procedure? If it’s a single VM it’s easy but I’m not sure about if it’s on a failover setup.”
Well migrating the domain controller element I’ve covered before.
But what if you have your DHCP servers deployed in HA – be that Load Balanced, or Hot Standby (failover)?
How do you migrate DHCP to a new platform then ?
Solution: Migrate DHCP HA
There was very little information I could find on this subject, you can drop down to one DHCP server and perform a simple migration to Server 2022 then setup HA again of course, but I think the following solution is much more elegant, and there’s NO DOWNTIME to worry about.
Windows Migrate DHCP HA – Step 1 Remove HA
In my example I have some 2012 R2 Servers running DHCP (it does not matter if they are in Load balancing mode or Hot Standby, the approach is the same just the commands will vary.
I’ve got two new Windows Server 2022 servers updated and added to the domain ready to take on the DHCP HA roles.
The first thing I’m going to do is remove the failover partnership. You can do this on either of the legacy DHCP servers but the one you run the command on will be the DHCP server that remains operational after you remove the partnership (in this case 2012-dhcp-1.dingdong.com).
Use the following syntax, the first command gets the failover groups name, you then delete that failover group.
Windows Migrate DHCP Failover – Step 3 Create HA to Server 2022
We will now create a failover partnership to the first of our two new Windows Servers.
Firstly we need to install the DHCP role on BOTH of our new Windows Servers, register them in AD, and change a registry key to stop server manager bugging you about running the DHCP setup wizard.
Windows Migrate DHCP Failover – Step 4 Break Replication
If you are replicating many scopes then wait a while for the servers to be ‘in sync’, the next step seems counter intuitive, as you are going to delete the very thing you have just created, but this procedure is carried out on the NEW DHCP SERVER NOT THE LEGACY ONE, (so the DHCP scope is removed from the last remaining legacy DHCP server.)
On the first new DHCP server execute the following commands. (same commands you used above in step 1).
Windows Migrate DHCP Failover – Step 6 Deploy new DHCP HA Configuration
Lastly, we setup a new failover relationship that is setup the same as the one we setup in step 3, but this time with the last remaining new DHCP server.
Way back when I started doing tech (in the days of Novell 4 and NT4), my mantra was, if you must deny something then you’ve done something wrong. Now I work for a UK based MSP that offers SPLA licensing to clients.
Unlike typical RDS licensing, With SPLA this requires every ‘capable‘ AD user that ‘can‘ RDP onto a server (regardless of it’s a Session Host RDS Server or not) needs to have an RDS SAL.
So, when audited and hit with a big licensing bill, the clients first question is usually “How do I reduce this?“
Solution: Deny RDS
Create a new security group (don’t use domain users!) Give it a sensible name i.e. GS-Deny-RDS-Access (GS for Global security, and I don’t like spaces in names, as it makes scripts easier to write!)
Obviously put in the users you want to explicitly deny RDS access to.
Create (or edit an existing) Group policy linked either to the OU that contains your servers (remember domain controllers are in a different OU, so link it there also). Or If you’re lazy like me simply link it to the root of the domain.
Edit the policy and navigate to.
[box]
Computer Configuration > Policies > Windows Settings > Security Settings > User Rights Assignment > Deny Log on through Remote Desktop Services
[/box]
Enable the policy > Browse to and select the group you created earlier.