An overview of Windows PowerShell features in Windows Server 8 Developer Preview

This article describes features in a preview of the next version of Windows Server, and features described may and probably will change in the final product.

At the BUILD conference in Anaheim, California in September Microsoft released a preview version of the client and server versions of the next version of Windows. We have looked into some of the new features in Windows Server 8 Developer Preview.

Since Windows 7 and Windows Server 2008 R2, Windows PowerShell is built into the operating system and thus the Preview versions of Windows contain a preview of Windows PowerShell 3.0.

Among many new features in PowerShell 3.0 which we will see used in the next version of Windows Server is workflows. The workflow functionality is based on Windows Workflow Foundation, and provides the ability to run complex and large multi-machine management tasks while being repeatable, parallelizable, interruptible, and recoverable.

For those not able to try out the new Preview versions of Windows, another way to explore Windows PowerShell 3.0 is the Community Technology Preview released shortly after the BUILD conference. To read more about new features in PowerShell 3.0, I would recommend the “PowerShell V3 Featured Articles” page on TechNet Wiki.

PowerShell modules

As we would expect, there is a great number of new PowerShell modules compared to Windows Server 2008 R2. Note that some modules become available when installing a server role, or the Remote Server Administration Tool for a server role. This applies to the modules marked with a * in the below output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
PS> Get-Module -ListAvailable
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Name                      ExportedCommands
---------- ----                      ----------------
Manifest   ActiveDirectory *         {Get-ADRootDSE, New-ADObject...
Manifest   ADDeploymentWF            Invoke-ADCommand
Manifest   ADDSDeployment *          {Add-ADDSReadOnlyDomainContr...
Manifest   ADRMSAdmin *              {Update-RmsCluster, Get-RmsS...
Manifest   AppLocker                 {Set-AppLockerPolicy, Get-Ap...
Manifest   Appx                      {Add-AppxPackage, Get-AppxPa...
Manifest   BestPractices             {Get-BpaModel, Invoke-BpaMod...
Manifest   BitsTransfer              {Add-BitsFile, Remove-BitsTr...
Manifest   BranchCache               {Add-BCDataCacheExtension, C...
Manifest   CimCmdlets                {Get-CimInstance, Get-CimSes...
Manifest   ClusterAwareUpdating      {Get-CauPlugin, Register-Cau...
Manifest   DhcpServer *              {Get-DhcpServerAuditLog, Set...
Manifest   DirectAccessClientComp... {Get-DASiteTableEntry, Set-D...
Manifest   Dism                      Apply-Unattend
Manifest   DnsClient                 {Resolve-DnsName, Get-DNSCli...
Manifest   DnsConfig                 {Get-DNSClient, Set-DNSClien...
Binary     DnsLookup                 Resolve-DnsName
Manifest   DnsNrpt                   {Get-DnsClientEffectiveNrptP...
Manifest   DnsServer *               {Clear-DnsServerCache, Get-D...
Manifest   FailoverClusters          {Add-ClusterCheckpoint, Add-...
Manifest   FileServer                {Get-SmbShareWF, Get-FsrmQuo...
Manifest   GroupPolicy *             {Backup-GPO, Copy-GPO, Get-G...
Manifest   Hyper-V                   {Add-VMDvdDrive, Add-VMNetwo...
Manifest   iSCSI                     {Connect-iSCSIDiscoveredTarg...
Manifest   KdsCmdlets                {Get-KdsRootKey, Add-KdsRoot...
Manifest   Microsoft.PowerShell.Core {Get-Command, Get-Help, Upda...
Manifest   Microsoft.PowerShell.D... {Get-WinEvent, Get-Counter, ...
Manifest   Microsoft.PowerShell.Host {Start-Transcript, Stop-Tran...
Manifest   Microsoft.PowerShell.M... {Add-Content, Clear-Content,...
Manifest   Microsoft.PowerShell.S... {Get-Acl, Set-Acl, Get-PfxCe...
Manifest   Microsoft.PowerShell.U... {Format-List, Format-Custom,...
Manifest   Microsoft.WSMan.Manage... {Disable-WSManCredSSP, Enabl...
Manifest   MicrosoftiSCSITarget      {Add-IscsiVirtualDiskTargetM...
Manifest   MsDtc                     {New-DtcDiagnosticTransactio...
Manifest   NetAdapter                {Rename-NetAdapter, Set-NetA...
Manifest   NetLbfo                   {Get-NetLbfoTeam, Remove-Net...
Manifest   NetQos                    {Get-NetQosPolicy, Set-NetQo...
Manifest   NetSwitchTeam             {Get-NetSwitchTeam, Remove-N...
Manifest   NetTCPIP                  {Get-NetIPAddress, Set-NetIP...
Manifest   netwnv                    {New-NetVirtualizationAddres...
Manifest   NetworkConnectivityStatus {Get-DAConnectionStatus, Get...
Manifest   NetworkLoadBalancingCl...*{Add-NlbClusterNode, Add-Nlb...
Manifest   NetworkSecurity           {New-NetAuthenticationPropos...
Manifest   NetworkTransition         {Get-Net6to4Configuration, S...
Manifest   PKIClient                 {Get-AutoEnrollmentPolicy, S...
Manifest   PrintManagement           {Get-Printer, Remove-Printer...
Manifest   PS_MMAgent                {Disable-MMAgent, Enable-MMA...
Manifest   PSDiagnostics             {Start-Trace, Stop-Trace, En...
Manifest   PSScheduledJob            {New-JobTrigger, Add-JobTrig...
Manifest   PSWorkflow                {Import-PSWorkflow, New-PSWo...
Manifest   RDManagement              {Grant-OrgUnitAccess, Test-O...
Manifest   RemoteAccess *            {Set-DAAppServerConnection, ...
Manifest   ScheduledTasks            {New-JobTrigger, Add-JobTrig...
Manifest   SecureBoot                {Confirm-SecureBootUEFI, Set...
Manifest   ServerManager             {Add-WindowsFeature, Remove-...
Manifest   ServerManagerShell        {WFAddRemoveServerComponentA...
Manifest   SmbShare                  {Get-SmbShare, Remove-SmbSha...
Manifest   SmbWitness                {Get-SmbWitnessCluster, Get-...
Manifest   Storage                   {Add-InitiatorIdToMaskingSet...
Manifest   TelemetryManagement       {Set-CEIP, Set-WER}
Manifest   TroubleshootingPack       {Get-TroubleshootingPack, In...
Manifest   TrustedPlatformModule     {Get-Tpm, Initialize-Tpm, Cl...
Manifest   UserAccessLogging         {Enable-Ual, Disable-Ual, Ge...
Manifest   Wdac                      {Get-OdbcDriver, Set-OdbcDri...
Manifest   Whea                      {Get-WheaMemoryPolicy, Set-W...

We can see that it is a long list of modules, so let us use Measure-Object to count them:

1
2
PS> (Get-Module -ListAvailable | Measure-Object).Count
65

57 modules were included by default, while an additional 8 become available when installing additional administration tools and server roles. Note that even more modules may be available, since the server we are running in the test-lab does not have all server roles installed.

As you can understand, going through each module in one article is not possible, so we are highlighting some of the more interesting ones.

The Active Directory module which was available in Windows Server 2008 R2 is extended from 76 to 134 cmdlets. Some of the new cmdlets are providing support for managing Active Directory Replication, including sites, site links, subnets, etc. There is also support for managing some new features like Central Access Policies, Central Access Rules, and Claims. If you are interested in learning more about the new claims-based access control features, there are two webcasts on this topic available on Channel 9:

Using claims-based access control for compliance and information governance

Using classification for access control and compliance

Another interesting observation is related to Active Directory Deployment. When the Active Directory Domain Services role is installed, and dcpromo.exe is launched, we are presented with the following message:

The Active Directory Domain Services Installation Wizard is relocated in Server Manager. For more information, see http://go.microsoft.com/fwlink/?LinkId=220921

Dcpromo.exe is replaced by a PowerShell module, ADDSDeployment, which contains 73 cmdlets. When using Server Manager to install a domain controller, we are presented with the PowerShell code which will be run at the end of the wizard:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
PS> Import-Module ADDSDeployment
PS> $pass = Read-Host -AsSecureString -Prompt "Enter Password"
PS> Install-ADDSForest -DatabasePath "C:\Windows\NTDS" ` 
                       -DomainMode "Win8" ` 
                       -DomainName "lab.local" ` 
                       -ForestMode "Win8" ` 
                       -InstallDNS:$true ` 
                       -LogPath "C:\Windows\NTDS" ` 
                       -RebootOnCompletion:$true ` 
                       -SafeModeAdministratorPassword $pass ` 
                       -SYSVOLPath "C:\Windows\SYSVOL"

Although dcpromo could be scripted in an unattended fashion in earlier versions of Windows Server, we welcome the PowerShell module for Active Directory Deployment.

Another note before leaving the Active Directory topic is the Group Policy module, which also was available in Windows Server 2008 R2. This seems to be almost the same, but there is one important new cmdlet: Invoke-GPUpdate.

There are many more interesting modules, like DhcpServer, DnsServer, FileServer, PrintManagement, and Storage, which we will not cover in this article. For your reference, a cmdlet-overview for all modules included in the Windows Server Developer Preview is exported to an Excel spreadsheet available here.

Server Manager

The new Server Manager has the ability to perform operations against multiple machines at the same time, such as adding roles and features. The remoting capabilities in the new Server Manager are based on both PowerShell Remoting (enabled by default in the Preview version) and WMI.

The fact that both the Active Directory Domain Services Installation Wizard and the Active Directory Administrative Center shows the PowerShell code that will execute behind the scenes is very welcome. This is something other Microsoft products, such as Exchange Server 2007/2010 and System Center Virtual Machine Manager have provided for quite some time. A suggestion for this feature to be enabled for all operations in the new Server Manager is available on Microsoft Connect. If this suggestion get enough votes, it may still be possible that Microsoft will implement this feature in the final product, so I strongly recommend that you vote if you agree.

Windows PowerShell Web Access

Another interesting feature available in the Windows Server Developer Preview is Windows PowerShell Web Access, making PowerShell available to web browsers and mobile devices. Imagine that you are not in front of your computer when you get a request to unlock an Active Directory user. You can access Windows PowerShell Web Access from your mobile device connected to the corporate wireless network and run Unlock-ADAccount . Screenshots and installation guidance is available in this blog post.

Conclusion

The PowerShell coverage in the next version of Windows Server is going to be huge, making Microsoft`s flagship Windows Server even more enterprise-friendly in terms of automation and administration.

I will round off this article by encouraging you to download and read what is called the Monad Manifesto – the Origin of Windows PowerShell. This is a document written in August 2002 by the inventor of Windows PowerShell, Jeffrey Snover, describing the vision of the project that later became Windows PowerShell. Another recommended reading is Jeffrey`s recent blog post about the Monad Manifesto.

It is amazing to see how the vision has turned into reality, and also what an important foundation for the next version of Windows Server the new automation framework has become.

Share on: