PowerShell Script to move Hyper-V Hosts to special OU and add them to group

Hi,

as another part of my deployment scripts, I developed a small script that does following tasks.

  1. Moves all Hosts with *SVR-HV* from Computers to Hyper-V OU
  2. Creates Group for Hosts
  3. Adds Hosts to group

 

Removed Cluster Node still shows it’s self as a cluster member

Hi guy’s,

one thing some of you maybe notice from time to time. When you evict a node from a cluster it can happen that the cluster node it self says it belongs still to a cluster and your not able to force it into a new one or use the node as independent server.

2015-08-08_20-15-37

 

The reason for that is quite simple. There are some points which are configured in a AD Computer Account and DNS for a Cluster Node. Sometimes it happens, that not all attributes are deleted during evicting the node. Most likely it is the following attribute.

2015-08-08_20-14-47

 

So now there are three way’s to solve the issue:

1. Remove the the failover clutser feature from your node, reboot and reinstall it if needed. That fixes the issue in 80% of all cases (in my personal experience) .

2015-08-08_20-33-10

 

2. Remove the cluster node from active directory, delete the computer objekt and rejoin the node. That work in 100% of all cases because you have a totally new computer object and GUID with no old stuff in.

2015-08-08_20-33-52

3. Or for the guy’s and girls who love some pain. Search your AD Computer Attributes and DNS for all cluster entries where the fault node is still in and edit the entries. I wouldn’t suggest it because it is very risky and takes very long time.

 

Cluster aware update distribution network name failed when using prestaged AD object

While sitting at a customer and configuring Cluster Aware Update for a Scale out Fileserver, I ran in my most beloved known issue with CAU.

Everytime I use a prestaged computer object for cluster aware update cluster resource, I get following error messages:

image001 image002

 

In the first place I thought the delegation ins right but I configured it a short while before and when I let the cluster the CAU Object by its self, everthing is fine.

So it couldn’t be that. So I checked Technet and found the issue on the known issue pages, together with a workaround

Source: http://social.technet.microsoft.com/wiki/contents/articles/13590.known-issues-windows-server-2012-failover-clustering.aspx & https://social.technet.microsoft.com/forums/windowsserver/en-US/acd3522e-7f76-4f53-8746-0676db6b2c38/clusteraware-updating-dns-configuration

Resolution: The easiest way I tried is to reset the DNS record for the cluster object. You can do that by using the powershell command

Get-ClusterResource ‘<your CAU prestaged object’ | Update-ClusterNetworkNameResource

or

Let the Cluster place the CAU object automaticly and than rename it, while using

Rename-ADObject -Identity “CN=<CAU Object Name>,CN=Computers,DC=Contoso,DC=com” –NewName “<your new Object Name>”

 

My planned test environment #2 domain Structure

My test Environment grows. Today I finished the domain structure.

Domain Structure

Domain Structure

I created a one forest, a root domain and two child domains.

The root domain only consist of two domaincontrollers and has no other servers or services at the moment.

The first child domain is my resource domain for physical systems that I need for the lab. It holds my hyper-v hosts, storage systems, switches, firewalls and router. So now you will ask yourself “why so complex and two domains?”. I like to follow some security best practices. One is, that you should split administrativ rights for your Hyper-V hosts and storage systems. That means no administrator who is not part of the environment and allowed to make changes on that systems, should be able to connect to them. The easiest way is to creat a resource and work domain. Both have different administator accounts and because of the root domain and the restricted access to it, you cannot deligate administrators on other domains.

That also prevents your application servers and active directory from corruption, from someone who maybe have occupied your Hyper-V and physical systems.