Step-By-Step: Deploying a Domain Joined Nano Server via PowerShell
There are many ways to deploy and manage Nano Server as detailed in the following video:
Recently I’ve put together a PowerShell module called DeployImage with the intent to simplify the deployment of a WindowsIMage file. In this case, my goal was to make NanoServer an easily deployable option for the average system administrator. So began my experimentation with Windows Server 2016 to get a fully deployed Nano server online.
Deploying Nano Server is no different than deploying any other WIM file except for the fact that you must compensate for is it is headless environment.
This requires a plan to have certain tasks completed within the server without actually touching it. These tasks include:
- Assigning a Static IP address
- Naming the workstation
- Joining it to a Domain
STEP 1: Creating the unattend.xml file
Most of this could be completed through PowerShell remotely via WinRM and adding it to TrustedHosts. However the preference here is to have the system up and running and completed in a more fully automated fashion.
The following cmdlet to obfuscate the creation of the XML within the DeployImage module was added. The following Cmdlet can be used to create an unattend.xml:
New-UnattendXMLContent -Computername Contoso-Nano1 -Timezone ‘Eastern Standard Time’ -Owner ‘Contoso’ -Organization ‘Contoso’ -AdminPassword ‘P@ssw0rd’
This will generate the XML content for a Computer with the following specs
Name : Contoso-Nano1
TimeZone : Eastern Standard Time
Owner : Contoso
Organization : Contoso
Password : P@ssw0rd
(The Password referred to is the Default Administrator account)
# Create the Unattend.xml file
#
$XMLContent=New-UnattendXMLContent -Computername Contoso-Nano1 -Timezone ‘Eastern Standard Time’ -Owner ‘Contoso’ -Organization ‘Contoso’ -AdminPassword ‘P@ssw0rd’
New-Item -ItemType File -Name Unattend.xml -Force | Out-Null
Add-content Unattend.xml -Value $XMLContent
Once completed, the Unattend.xml file will need to be copied into the Destination file structure under C:\Windows\system32\sysprep.
STEP 2: Assigning a Static IP
Next, we'll need to assign a static IP address for said server.
NOTE: Nano Server is STILL in technical preview and so unfortunately the following two options can’t use at this time:
- PowerShell Cmdlets for the Network Stack
- Configuring the IP address using Unattend.xml
Nano Server can be accessed directly through the text console and can be configured with an IP address post install.
At present NetSH.exe can still be utilized to configure the required settings.
The default network adapter name in Nano Server is called Ethernet. In this scenario the following will be assigned to said Nano Server:
IPv4 Address : 192.168.1.10
Subnet : 255.255.255.0
Gateway : 192.168.1.1
DNS Server : 192.168.1.5
These settings can be assigned with two lines from NetSh.exe
netsh interface ipv4 set address Name=”Ethernet” static 192.168.1.10 255.255.255.0 192.168.1.1
netsh dns set dnsservers name=”Ethernet” source=static address=192.168.1.5
To configure this once the Nano server boots up requires a script called SetupComplete.cmd which exists at C:\Windows\Setup\Scripts.
Upon initial startup after processing Unattend.xml and before the login screen the script will execute. So we can build this script to auto configure our network with a little PowerShell and a HereString.
$IPAddress=’192.168.1.10’
$Subnet=’255.255.255.0’
$Gateway=’192.168.1.1’
$DNS=’192.168.1.5’
$SetupCompleteCMD=@”
netsh interface ipv4 set address Name=”Ethernet” static $IPAddress $Subnet $Gateway
netsh dns set dnsservers name=”Ethernet” source=static address=$DNS
“@
New-Item -ItemType File -Name SetupComplete.cmd -Force | Out-Null
Add-content SetupComplete.cmd -Value $SetupCompleteCMD
STEP 3: Join the Nano Server to a Domain
Remember Nano Server is STILL in technical preview and so unfortunately some options can’t use at this time. First there is no directly way through the Emergency console to add this to a Domain. In fact there is no command that creates the account in Active Directory. Nano Server does however support an Offline Domain join.
Establishing an offline Domain join requires the following three steps:
- Create the offline Join file
- Copy the file to the workstation/server
- Execute an offline Join with the provided file
In this scenario we would like to join a workstation to a Domain with the following settings.
Domain : Contoso
Computer : Contoso-Nano1
Filename : domainjoin.djoin
Djoin.exe command is needed to create the file on the computer with the RSAT tools for Active Directory. This can be run manually for the stated configuration in the following manner:
Djoin.exe /Provision /Domain Contoso /Machine Contoso-Nano1 /Savefile domainjoin.djoin
This can also be run in PowerShell by providing objects to store the information.
$Domain=’Contoso’
$Computername=’Contoso-Nano1’
$Filename=’domainjoin.djoin’
Djoin.exe /Provision /Domain $Domain /Machine $Computername /Savefile $Filename
Next the file needs to be copied to the destination file system. Ideally the file needs to be in the same folder as the Setup\Scripts folder.
The following command needs to be run on the destination system directly to join this system to a Domain and does not require to be on the network to make this work once the file is the destination system as this is an offline domain join
Djoin.exe /RequestODJ /loadfile C:\Windows\setup\scripts\domainjoin.djoin /windowspath c:\windows /localos
Now to make this work we’ll be using the same process as detailed with SetupComplete.cmd and a HereString only we’ll be appending it to the NetSh.exe content.
$Filename=’C:\Windows\setup\scripts\domainjoin.djoin’
$SetupCompleteCMD=@”
netsh interface ipv4 set address Name=”Ethernet” static $IPAddress $Subnet $Gateway
netsh dns set dnsservers name=”Ethernet” source=static address=$DNS
djoin /requestodj /loadfile $Filename /windowspath c:\windows /localos
shutdown -f -r -t 0
“@# Create the new one
#
Remove-Item -Path SetupComplete.cmd -Force -ErrorAction SilentlyContinue
New-Item -ItemType File -Name SetupComplete.cmd -Force | Out-Null
Add-content SetupComplete.cmd -Value $SetupCompleteCMD
With the Unattend.xml and the Setupcomplete.cmd in the appropriate locations the boot code needs to be injected into the Nano Server to boot up, be named as it should be, have an IP address assigned and joined to the appropriate Domain.
If you’d wish to take a deeper look at the script performing this in action just access: DeployImage from www.powershellgallery.com .
Once you install the module, which has been Windows 10 tested with the Windows 10 ADK installed, you can execute the following Cmdlet to get the sample scripts.
Copy-DeployImageSample
Just open up the script called DeployNanoServerVHDDomain.ps1 and run it.