Tag: WindowsServer2022

  • How to Map Network Drives via Group Policy

    How to Map Network Drives via Group Policy

    In this blog, you will learn how to map network drives via Group Policy in Windows Server 2022. How can I configure a GPO for mapping shared drives and automatically provide users with access when they log on? Providing users with access to shared folders can be beneficial. It allows you to control your IT infrastructure while allowing people to share the necessary resources.

    Map Network Drives via Group Policy

    Map a Department Network Drive

    I will map network drives with group policy for the Accounts department. I will use item-level targeting, so it only maps this drive for users in the Accounts organization unit.
    You could also use a Security Group to target a certain group of users. This will be mapped to a network share that only the HR department has access to.
    I have created two shared folders (Shared for Accounts department and Users for individuals).

    Open the users’ folder.

    Windows explorer new volume

    Right-click on a user, select properties and verify the permissions.

    Folder properties in Windows

    Active Directory Users and Computers

    We have created organization units (Account, etc.….) in the Active Directory users and computers. I am going to map a network drive for accounts departments. I have moved a user named user2 to the accounts organization unit.

    Active directory users and computers

    Open the Group Policy Management Console by searching in Windows.

    Search group policy management

    In the Group Policy Management Console, click on the group policy object and select Create a new GPO.

    Create new group policy object

    You can name the new GPO whatever you like; I’ve created a map network drive for all computer users.
    I can also add additional drive mappings to this GPO.

    New GPO name

    The new GPO is now created and linked, so it is time to configure the settings.

    Configure GPO Settings

    Right-click on the GPO (Map Network Drives) and select edit.

    Edit group policy objects

    Access User Configuration/Preferences/Windows Settings/Drive Mappings.
    Right-click Drive Maps, Select New and then Mapped Drive.

    Map network drives via GPO

    Configure Drive Mapping Properties

    General Tab Settings
    Action updates
    Locate the path to the shared/folder you want to map a drive.
    Select a drive letter
    Label as: This is optional, but may be beneficial for users.

    Configure map network drive via GPO

    Click on the Common Tab
    Select Run in the logged-on user’s security context.
    Select Item-level Targeting
    Click on the Targeting Button

    Map network drive targeting

    Select New Item
    Select Organization Unit

    targeting Map network drive

    Click on the three dots buttons.

    Map network drive targeting editor

    Select your OU, the one you want to use for this network drive mapping.

    Find custom search

    Click ok.

    Map network drive targeting

    Click the ok button to close the new drive properties.

    New map drive properties

    This completes the GPO settings.

    Group policy management editor

    This will be a user-based GPO, so make sure you link it to a location that will attract users. I have all my users separated into an OU called Accounts so that I can create and link the GPO there.

    Right-click on an Organization Unit and select the existing GPO.

    Group policy management

    Select a group policy object (Map Network Drives) and click ok.

    Link existing group policy objects

    Now you can see the GPO successfully linked.

    Group policy objects link enabled

    Log in with a user’s PC, and you can see the map drive not displayed.

    This PC

    Reboot User’s Computer to Process GPO

    I must reboot the user’s PC or run gpupdate /force.

    Gpupdate /force

    The next time a user from the accounts users logs in, they should be able to see a mapped drive.

    This PC mapped network drives

    In the active directory users and computers, now, any user I put in the HR folder can access this drive. If you don’t want to use an organizational unit, you can also target a group of users by using a Security group.

    Active directory users and computers

    Map a Network Drive Using Group Policy for Individual Users

    This example maps a drive for individuals, providing each user with a personal folder to save files.
    You can create a new GPO or add to an existing one, I have all my drive mappings available in one GPO.

    This example requires a folder to be created on a network share that matches the user’s login name. You will need to modify the NTFS permissions so that only the individual user has permission to access it.

    Create Roaming Profiles

    Roaming profiles allow users to log on to any computer in their organization and have all their personal files and settings available to that computer. This is a powerful feature that is easy to configure.
    Create a folder on your server’s local hard drive.
    Click the folder you created, scroll down, and click Properties.

    Select folder properties

    Open the sharing tab and click Advanced Sharing.
    Check the Share this Folder and click on Permissions.
    Select Everyone from Group or usernames and click Remove.
    Click Add and add a user to who you want to provide access.
    Click on the security tab and select edit.

    Folder properties security tab

    Select add

    Permissions for shared folder

    Enter a user and select click ok.

    Enter the object name to select

    Allow full control by checking the checkboxes and clicking OK.

    Permissions for share folder

    Active Directory Users and Computers

    Select all users who would like their roaming profile to be created. Right-click and click Properties.

    active directory users and computers

    Check the connect under the home folder and use a letter to map the network drive. Provide the network path of the folder you copied. It should be in the format \ServerName\FolderName\%username%. Click OK. You are creating a roaming profile for Active Directory users.

    Map network drive for user

    Click ok.

    Active directory domain services warning

    Now login with the user’s PC.

    Map network drive

    Please visit Microsoft to learn more about GPO.

    #MapNetworkDrive #GroupPolicy #WindowsServer2022 #gpo

  • Windows Server 2022 Failover Clustering iSCSI Target

    Windows Server 2022 Failover Clustering iSCSI Target

    Let’s have a look at Windows Server 2022 Failover Clustering iSCSI Target setup and configuration. The two-node failover cluster configuration operating Windows Server 2022 with shared disks mapped from the ISCSI san.

    In this guide, I will cover the steps of the creation of a two-node Active/Passive Windows Server Failover Cluster. For the purpose of creating such a cluster it is necessary to have a few things in place, so I thought I should start from the beginning. This guide will brief connection to shared NAS storage using the iSCSI initiator.

    I have experience involving in creating High Availability solutions for Enterprise products and based on that work have a short time ago worked with Windows Failover Clustering and network load balancing clustering in Windows Server 2022. I have built multi-node failover clusters for Hyper-V, SQL Server, different applications, and Network Load Balancing clusters.

    Table of contents

    Summary of Windows Server 2022 Failover Cluster

    Virtual Machines Settings

    Add DNS Records

    Enable Windows Failover Clustering features

    Install Windows Failover Clustering PowerShell

    Configure iSCSI Initiator

    Create Windows Cluster Configuring iSCSI Disk

    Failover Cluster Validate Configuration

    Creating Failover Cluster

    Verify the DNS Configuration

    Summary of Windows Server 2022 Failover Cluster Deployment

    The below steps are the high-level steps required for your Windows Cluster deployment.
    Deploy two Windows Server 2022
    Finish all Windows Updates
    Join Servers to domain
    Each Node will have two network interfaces
    Production Network
    Cluster Network
    Add DNS records
    Primary Server
    Secondary Server
    Cluster Server Name (My-Cluster)
    Attach the same ISCSI disk (LUN) to the primary node and secondary node.
    Install Failover clustering role on both nodes
    Bring the disk online via disk management on the primary node.
    Join nodes to the cluster

    Virtual Machines Settings

    Domain Controller – DC (WS2022-DC)
    IP Address – 192.168.241.100
    iSCSI Server – iSCSI-Shared
    IP Address – 192.168.241.102
    Node 1 – WS2022-01
    Primary Network – Production – 192.168.241.104
    Secondary Network – Cluster – 10.0.0.2
    Node 2 – WS2022-02
    Primary Network – Production – 192.168.241.108
    Secondary Network – Cluster – 10.0.0.3
    Cluster Name – My-Cluster
    IP Address – 192.168.241.112
    Two nodes Network Connections

    Network connections

    Add DNS records for the Virtual Machines.

    DNS Manager

    Windows Failover Clustering in Windows Server 2022

    You can install failover clustering via GUI, In the server manager dashboard, click on Add roles and features.

    Server manager 2022

    Click Next to Continue

    Add roles and features wizard

    Choose Role Based Installation and then click Next.

    Select installation type

    Choose the server and click next.

    Select destination server

    Server Roles, click next

    Select server roles

    Tick failover cluster checkbox.

    Feature failover clustering 2022

    Click on add features

    Select failover clustering tools

    After selecting Failover Clustering, click next.

    Select feature failover clustering 2022

    Click Install

    Confirm installation selection failover

    Click close

    Failover clustering 2022 feature results

    After failover clustering successful installation, it appears in the Server Manager, select Tools, and then select Failover Cluster Manager.

    How to Install failover clustering feature using the PowerShell

    Open Windows PowerShell, type the below command and then press enter.

    Install-WindowsFeature Failover-Clustering –IncludeManagementTools

    Failover clustering PowerShell commands

    Now you can see Failover Cluster Manager in Server Manager tools

    Server manager 2022

    Creating Windows Server cluster – Using iSCSI to connect to shared storage

    Follow the below steps to configure iSCSI.

    Run the iSCSI Initiator from the first Node Server 2022 (WS2022-01).

    Click on tools and then iSCSI initiator

    Server manager 2022

    Select the Yes button to start the iSCSI initiator service and enable it to start automatically every time when a server reboots. You want this service to start automatically so that your cluster nodes will be automatically connected to the shared storage when rebooting.

    Microsoft iSCSI service is not running

    The iSCSI Initiator will popup, click on the Discovery tab.
    Click the Discover Portal button.

    iSCSI initiator properties discovery

    Type the IP Address of the iSCSI shared storage and then click on the Advanced button.

    Discover target portal

    In the Advanced settings from the Local Adapter, the dropdown box chooses Microsoft iSCSI Initiator, and in the Initiator IP box choose the IP Address of the NIC that is dedicated to your iSCSI connection. Click ok twice

    Discover target portal advanced settings

    Choose the LUNs you need to connect to and then click the Connect button.

    iSCSI initiator properties targets

    Click ok

    iSCSI initiator connect to target

    Now you are connected to your iSCSI target.

    iSCSI initiator properties target

    Follow the same steps for the secondary node

    How to create Windows cluster configuring shared disk in the cluster node 1 (WS2022-01)

    We will have a look at configuring the disks we have attached to our prospective cluster nodes.
    Type DISKMGMT.MSC in the run box and then hit enter to open disk management.

    Diskmgment.msc run command

    Now you can see the shared disk (iSCSI) displayed as Offline, Unknown, and Unallocated.
    Right-click on the disk representation and then choose Online.

    Disk management online disk

    Right-click on the disk and then choose Initialize Disk.

    Disk management initialize disk

    Click ok

    Initialize disk

    Right-click on the disk and then choose New Simple Volume.

    Disk management new simple volume

    Click Next

    Welcome to new simple volume

    Click Next

    New simple volume size

    Assign the drive letter by selecting it from the dropdown menu. In this shared disk I am using E. Click Next

    New simple volume drive letter

    Provide a volume label and then click next.

    New simple volume format partition

    Select the Finish button to complete the creation of the volume.

    Completing the simple volume wizard

    Now you can see the shared disk.

    Disk management

    After configuring the disks on the first node, take them offline. Right-click on the disk and select Offline.

    Disk management disk offline

    On the second cluster node (WS2022-02) open disk management by typing DISKMGMT.MSC in run command.

    Right click on the disk and then select Online.

    Disk management disk online

    The disk(s) appear and are formatted with the drive letter.
    If the drive letter doesn’t show then select Rescan Disks from the Action menu.

    Disk management

    If the drive letter is mismatched so needs to match them.
    How to Change Drive Letter

    Failover Cluster readiness check on Primary Node (WS2022-01)

    Now we have successfully mapped two nic’s to both servers, and added the same ISCSI san on both servers, formatted and have a volume up on one server.

    Let’s verify if everything is ok.

    Under Server Manager choose Tools and then select Failover Cluster Manager.

    Server manager

    Under the Action menu, select Validate Configuration.

    Failover cluster manager

    Click Next.

    Validate a configuration wizard

    Click on the browse button.

    Select servers or a clustering

    Type a node name and then click check names.

    Select servers or a clustering

    Select both the nodes and then click ok.

    Select both the nodes and then click ok

    Click ok

    Enter the object name to select

    After selecting the two-node for validation, click next.

    Select servers or a cluster

    Select Run all tests and then click next.

    Validate a configuration run all tests

    Review the configuration and click next.

    Validate a configuration confirmation

    Cluster validation tests will take a while

    Failover cluster validation in progress

    If you get any errors, correct them before you proceed. Once validation completes, view the report and then click Finish.

    Validate configuration failover cluster summary

    Creating Failover Cluster Server in Windows Server 2022

    Click on Create Cluster.

    Failover cluster manager

    Click Next.

    Create cluster wizard

    Select the browse button to search the servers

    Failover clustering select servers

    Creating cluster wizard servers

    Enter the object name to select

    Click next

    Creating cluster wizard servers

    Enter a cluster name, type the IP address and then click Next.

    Access point for administering the cluster

    Tick add all eligible storage….. and then click next.

    Creating cluster wizard confirmation

    Creating New cluster

    Creating New cluster

    Once done, click Finish

    Create cluster wizard summary

    Failover cluster manager.

    Failover cluster manager 2022

    Click on the nodes option and see both the Nodes are up now.

    Failover cluster manager Nodes

    Click on the Storage option, we can see the disk being mapped.

    Failover cluster manager disks

    Verify the DNS Configuration.

    Active directory users and computers

    Verify if the My-Cluster address is pingable.

    Ping command

    For more details please Microsoft

  • How to Migrate Active Directory Server 2012 to 2022

    How to Migrate Active Directory Server 2012 to 2022

    This article will help you to migrate active directory server 2012 to 2022. If you wish to keep the same hardware and the server roles you have already set up without leveling the Windows server, you will have to do an in-place upgrade. In-place upgrades allow us to go from an older operating system to a new one while keeping your settings, server roles, & data thorough.

    I am writing this article, to help Windows admin migrate an existing Active Directory which is working on Windows Server 2012 R2 name (DC2012) to Windows Server 2020 name (DC2022). So, let’s get started.

    Please visit Microsoft Website for Upgrade Overview

    This is a very straightforward procedure, but first, you need to test it in your Test Environment.

    In my test lab, I have two Servers and my local domain Server is (xpertstec.local).

    Virtual MachineOSRoleIP Address
    DC20122012 R2Primary Domain Controller192.168.241.150
    DC20222022Secondary Domain Controller192.168.241.160

    Table of Contents:

    Join Server 2022 to Active Directory

    Install Additional Domain Controller

    Log in with an additional domain controller (DC2022)

    Change the alternative DNS server

    Check the Master Operation role

    Migrating FSMO roles to Windows Server 2022

    Change Active Directory Domain Controller

    Change Schema Master Role

    Change Global Catalog

    Raise Domain and Forest Function Level

    Uninstall Active Directory from Windows Server 2012

    Migrate Active Directory Server 2012 to 2022

    Log in with an additional domain controller

    Server login

    Change the alternative DNS server

    Open your network properties and then change the alternate DNS IP Address.

    internet protocol version 4

    Check the Master Operation role

    Open PowerShell and then enter netdom query fsmo command to check the Master Operation role.

    netdom query fsmo command

    Migrating FSMO Roles to Windows Server 2022 (DC2022)

    Launch active directory users and computers, Right-click on the local domain (xpertstec.local), and then select Operations Masters.

    Change operations master role

    Select the RID tab and then click Change.

    Change operations master RID

    Click yes

    Transfer operations master role

    Click ok

    Operations master successfully transferred

    Click on the PDC tab and then select Change.

    Change operations master PDC

    Click Yes

    Transfer operations master role

    Click OK

    Operations master successfully transferred

    Click on the Infrastructure tab and then select Change.

    Change operations master infrastructures

    Click Yes

    Transfer operations master role?

    Click OK

    Operations master successfully transferred

    Select close

    Change operations master infrastructures

    Change Active Directory Domain Controller

    Still on the DC2012.xpertstec.local server, launch Active Directory Domain and Trusts, right click on Active Directory Domain and Trusts, and then select Change Active Directory Domain Controller.

    Active directory domains and trusts

    Change the Directory Server window, select This Domain Controller or AD LDS instance radio button and select your new Windows Server 2022 which is DC2022.xpertstec.local, and then select ok.

    Change directory server

    Right click on Active Directory Domains and Trusts and then click on Operations Manager.

    Active directory domains and trusts

    Click on the Change button to transfer the domain naming master role to the Windows Server 2022 (DC2022).

    Domain naming operations master

    Click Yes

    Operations master successfully transferred

    Click OK

    Operations master successfully transferred

    The Domain naming operations master is now transferred to DC2022.xpertstec.local.

    Domain naming operations master

    In the DC2022.xpertstec.local server, open PowerShell and then enter regsvr32 schmmgmt.dll to change the Schema Master. Click ok

    Regsvr32 schmmgmt.dll PowerShell

    In the next step, we will change Schema Master, type MMC, and then hit enter.

    mmc PowerShell

    Change Schema Master Role

    Click on the File tab and then select Add/Remove Snap-in.

    Console add/remove snap-ins

    Add or Remove Snap-ins console, click on Active Directory Schema, click on Add button and then select ok.

    Add or remove snap-ins

    In the Console Root, right click on Active Directory Schema and then select Change Active Directory Domain Controller.

    Console root change active directory

    Click on DC2022.xpertstec.local server and then select ok.

    Change directory server

    Click ok to proceed

    Active directory schema

    Now again right click on Active Directory Schema and then select Operations Master.

    Console root operation master

    Choose the Change button to transfer the schema master role to Server 2022 (DC2022.xpertstec.local).

    Migrate active directory change schema master

    Click Yes

    Migrate Active directory schema yes

    Click ok to proceed

    Operation master successfully transferred

    Click Close

    Migrate active directory change schema master

    Run PowerShell, and then enter netdom query fsmo command. Now all the FSMO roles have been transferred to Active Directory Domain Controller Server 2022.

    Netdom query fsmo PowerShell

    Transfer FSMO Roles using PowerShell

    Transfer the FSMO role to a different Domain Controller. Open PowerShell as admin rights

    For Forest wide roles

    Get-ADForest | choose schemamaster,domainnamingmaster

    For Domain wide roles

    Get-ADDomain | select ridmaster,pdcemulator,infrastructuremaster

    Get-ADDomain command

    Change Global Catalog

    Launch Active Directory Sites and Services, expand Sites, expand Default-first-site, and then expand DC2022.

    Right-click on NTDS Settings and then choose properties

    Active directory sites and services

    Deselect the Global Catalog box and then click ok.

    NTDS system properties global catalog

    Domain / Forest Functional Level

    Right-click on the local domain and then choose rais domain functional level.

    Active directory users and computers

    Select the available domain functional level here and then click on raise button.

    Raise domain functional level

    Click ok

    Raise domain functional level ok

    Click ok

    Raise domain functional level done

    Raise forest functional level

    Launch active directory domains and trusts

    Right click on it and trust and then select raise forest functional level.

    Active directory domains and trusts

    Select raise

    Raise forest functional level

    Click ok

    Raise forest functional level ok

    Click ok

    Raise forest functional level done

    How to confirm the domain functional levels

    Get-ADDomain | fl Name, DomainMode

    How to confirm forest functional levels

    Get-ADForest | fl Name, ForestMode

    Get-addomain PowerShell

    Now replace the DNS IP address.

    Internet protocol version 4 properties

    How to uninstall Active Directory from Windows Server 2012 R2

    Log in to Server 2012 R2 with domain administrator credentials.

    Run PowerShell and then enter the below command.

    Uninstall-ADDSDomainController -DemoteOperationMasterRole –RemoveApplicationPartition

    Remove domain controller PowerShell

    Type local administrator credentials, confirm it and then press enter.

    Demote domain controller PowerShell

    Type Y and then press enter.

    Uninstall domain controller PowerShell

    Be patient. It will complete in few minutes.

    Uninstalling domain controller PowerShell

    The server will be restarted automatically.

    you're about to be signed out

    After restarting server 2012 R2 please join to workgroup.

    Also, read this article: How to Upgrade Windows Server 2012 R2 to Server 2022