Upgrading from Server 2008 to Server 2012 R2 – Lessons Learned

I am a member of a terrific IT User group, Carolina IT Professional Group.  This group is focused on educating its members, and giving back to the community.  But what really keeps people to the end are the terrific door prizes.  At the July meeting, I won a copy of Server 2012 R2.  I had been running Server 2008 on my home network and decided that it was time to upgrade.  The first lesson is this:  Server 2008 is the Vista codebase, and Server 2012 R2 is the Windows 8.1 codebase.  You can’t upgrade from Vista to 8.1, nor can you upgrade to 2012 R2 from 2008.

A fresh OS install on my old domain controller — and fresh drives – was appropriate.  I downloaded an evaluation copy of Server 2012 R2 and installed it on one of my more capable workstations.  I installed the appropriate roles, moving AD and DNS over to it.  No problem. After migrating the home directories onto a 2TB drive,  I went on and installed a boot disk to replace the aging mirrored 500GB drives in the old DC.

I then installed my licensed copy of 2012 R2, and went looking for my home directories.   To make a long story short,  lesson two is remembering about the necessity of importing “foreign drives” when you move a disk between Windows installs.  Somehow along the way the security for the home drive folders got hosed, and I took a significant amount of time resetting the ACLs.

I have installed AD and DNS on my permanent DC, and am waiting for things to calm down before I remove those roles from the temporary DC.

The last lesson is this:  Server 2012 R2 has the same idiot UI as 8 and 8.1.  I was happy to find that Classic Shell works just fine at restoring a traditional start menu to Server 2012 R2.  For my thoughts on 8.1 and Classic Shell, visit this blog post.

PowerShell GUI for AD Recycle Bin

The Active Directory Recycle Bin was introduced in Windows 2008 R2.  In this version the Recycle Bin must be enabled, and the only way to undelete a user account is to use the Restore-ADObject command, with pretty arcane parameters.

I wanted to use Well Known GUIDs to refer to the the location of the deleted objects container, and that of the User’s container which I chose as the default location for the restored user object.  The Well-Known GUIDs allow for a constant to be used for these containers.  For example, The WKG for DeletedObjects is 18E2EA80684F11D2B9AA00C04F79F805.  I had hoped to be able to used this directly for the identity for the Restore-ADObject command, but quickly discovered that this was not accepted.  Getting the DN from the WKG turns out to be a pain in the neck, so I modified some code to get this information for any domain in the forest.  How do you get the information for another domain?  The easiest answer, for all of the PowerShell AD commands is to use the -Server switch with the DNSDomain name, instead of a true server name.

The script will let you select the domain to search, and the destination for the restored user object.   PowerShell 3 is required, as I use Out-Gridview to create a list of the user(s) to restore.

The script, Undelete-User.ps1, should make restoring users a little easier. Version 1.2 add a menu which prompts whether you want to commit your changes.
Script Text

Get the Long File Name from the Short File Name

I get some reports which give the path to files as an 8.3 DOS “short” file name, filled with tildes and numbers, such as “c:\progra~2\wid6e1~1\v3.5\sqmapi.dll” for the file “c:\Program Files (x86)\Windows Identity Foundation\v3.5\SqmApi.dll”.  It is easy to go from the long file name to the short file name with a script.  What is less easy is to go the other way, especially when the file is on another computer.

GetLongFileName.vbs  is a vbscript which converts the short file name to a long file name on a local or remote computer. It requires admin rights if the file is on another computer.  The code is interesting because is leverages a temporary shortcut.  It was not my idea, but the original URL I had for the file on MyITForum is no longer valid. Script Text

Finding the Renamed Domain Admin Account

A good practice is to rename the domain administrator account in an Active Directory domain.  When doing auditing, you will want to know what the name of that account really is.  Get-DomainAdmin.ps1 is a script which will give you this information for any domain in your forest.  It requires the ActiveDirectory module to run.

Script Text

Get Holidays for Any Year and Any Country as PowerShell Object

This script started out as a project to figure out how to automate Excel web queries in PowerShell, so MS Excel is a prerequisite for this script.  If you have Excel, but have never used query tables, it is accessible by going to the Data tab, and then choosing “From Web”.  An overview from TechRepublic is here.  Web Queries have been around since Excel 2000, but I think it is a pretty obscure feature.

I was hoping to use the functionality for an internal project which had failed to work satisfactorily with any of the standard ways of pulling down web pages.  When I began to automate Excel in PowerShell, I found that things which I had mastered in VbScript were actually a bit harder in PowerShell.  This script shows the techniques of how to force Excel to close, and how to use SaveAs a CSV file.

Using a Web Query did not work for my internal project either, and this languished in my half-written pile for some time.  Earlier in the week, I had to stay late at the office while waiting for an appointment and decided to take the time to make something practical of what I had worked on.

Holidays can be a difficult to work with when calculating workdays.  I use TimeAndDate.com, which not only pulled off a most excellent domain name, but also is a very good resource for time and date information.  I urge you to visit this page often, especially if you plan to use this script which takes holiday data from them. They have put the data in a very friendly format for web queries; go to the website at http://www.timeanddate.com/holidays/ to see the countries available and their URLs.  Visit the URL for your country to see what sort of data is available from the website.

Get-Holidays.ps1 begins by getting a list of already open Excel process IDs and saves them.  It then opens Excel, does the web query and saves the results as a randomly named CSV file.  I try to close Excel gracefully, then delete the Excel PID which was not open when the script started.  The Import-CSV is used to import the data. (Yes, I know I could have collected it from the spreadsheet directly).  The temporary file is deleted.  The data is manipulated so that the text dates become date objects, and some of the fields are renamed.

The demo date stuff at the bottom shows how to select for a particular type of holiday and how to format the date object to show the date without the timestamp.

I have this written for the US http://www.timeanddate.com/holidays/us/, but you can see that the URL for the  UK it is www.timeanddate.com/holidays/uk/,  and for Canada is www.timeanddate.com/holidays/Canada/.  As written you have to change the the URL in the code to change the country.  I have added example code which gets the US National Holidays for 2015.

Script Text

Combine Multiple Excel Spreadsheets

I create a lot of Excel audit reports in a multi-domain environment.  When they go out, I need to combine the reports from each domain into a single Excel workbook with multiple worksheets.  I found some VBA code on mrexcel.com which was pretty easy to port to vbscript.  I put the script on the desktop and then select all of the files which I want combined, and drop them onto the script.  A new workbook opens with each of the original files as a worksheet page.  The original files are not deleted.  Note that if you line the files up in the order you want them before selecting them, you will get them in the order you want.  I hope you find CombineXLSheets.vbs makes this task a little easier. Script Text

Remote Windows Update 3.1

Looking for a script to run Windows Update remotely?   WindowsUpdate.hta version 3.1 is an HTML application which allows you to connect to a remote machine, determine what patches it requires from Windows Update, and install the patches.  You can schedule a reboot time. This version allows you to look at he Windows Update log, and the log created by the program itself.  There is a button to allow you to change the update source to windowsupdate.com, which is helpful in places where WSUS or SUP is not working properly.  You can install all security patches, or select patches individually.

HTA files are best run from your local drive. Version 3.0 was released in 2011, version 3.1 only changes the background color to blue.  The transition color method I had used for the background is no longer supported in IE, and the program appeared to be broken.

Change _hta.txt extension to .HTA.
Script Text