How to install IIS 8?

IIS 8If you want to host a web site in the Internet or intranets, you’ll need a web server. This article deals with Microsoft web server by the name of Internet Information Services (IIS). The version that is shipped with Windows Server 2012 is IIS 8. So keep reading through the end for installing IIS 8.


  1. Click on Server Manager icon to open it
  2. Click Add roles and features, then click Next
  3. Select Role-based or feature-based installation, and click Next
  4. Choose Select a server from the server pool, select your server, then click Next
  5. Scroll down, select Web Server (IIS), click Add Features, click on Next three times
  6. Leave the default role services intact, then hit on Next, and Install
  7. Wait for the installation to be completed, then click Close
  8. To make sure that IIS is installed successfully, open Internet Explorer and type http://localhost, then hit enter. The result will be the default page like the above picture.

As usual, the second method after GUI, is PowerShell. So,


  1. Open PowerShell console with an administrative right
  2. Type and execute this command:

Install-WindowsFeature Web-WebServer -IncludeManagementTools


Managing Active Directory accounts using PowerShell

powershellYou leaned how to create Active Directory user accounts in “Adding user accounts in Active Directory of Windows Server 2012”, and now you will learn to mange accounts with PowerShell. I list the below PowerShell commands with descriptions.

These commands applies to Windows Server 2008 R2 and Windows Server 2012.

PowerShell command Command description
New-ADUser Creates a new AD user
Remove-ADUser Removes an AD user
Set-ADAccountPassword Modifies the password of an AD account
Set-ADAccountExpiration Sets the expiration date for an AD account
Clear-ADAccountExpiration Clears the expiration date for an AD account
Enable-ADAccount Enables an AD account
Disable-ADAccount Disables an AD account
Unlock-ADAccount Unlocks an AD account
Set-ADUser Modifies an AD user
Search-ADAccount Gets AD user account
Set-ADAccountControl Modifies user account control (UAC) values for an AD account
Get-ADUser Gets one or more AD users
Get-ADUserResultantPasswordPolicy Gets the resultant password policy for a user
Add-ADGroupMember Adds one or more users to an AD group
Remove-ADGroupMember Removes one or more users from an AD group
Add-ADPrincipalGroupMembership Adds a user to one or more AD groups
Remove-ADPrincipalGroupMembership Removes a user from one or more AD groups

Adds users to the Allowed List or the Denied List of the readonly
domain controller (RODC) Password Replication Policy (PRP)


Removes users from the Allowed List or the Denied List of the RODC PRP

Add-ADFineGrainedPasswordPolicySubject Applies a fine-grained password policy to one or more users
Remove-ADFineGrainedPasswordPolicySubject Removes one or more users from a fine-grained password policy

For fetching more information about each command, just put Get-Help before every command to see the full guide for that command.

How to defrag drives with PowerShell in Windows Server 2012?

optimizeBesides repairing disks, defragmenting them is another common server maintenance task. Here is the guide lines for defragmenting drives using PowerShell.

  1. Open PowerShell window
  2. You may want to examine whether disks are fragmented or not, so execute Optimize-Volume D –Analyze –Verbose, where D is your drive letter
  3. You will see the result at the end of report. If necessary to defrag, then run Optimize-Volume D –Verbose 
  4. Wanting to run this command on a remote computer, put –CimSession “Remote Computer Name”, without quotation marks, after the command
  5. At the end, for more information and help, run Get-Help Optimize-Volume, as I did in the above picture

How to repair a disk with PowerShell in Windows Server 2012?

repair-diskSometimes disks got wrong, and you want to repair them. The traditional ways were to use Error Checking or chkdsk command, but a convenient method – that is PowerShell, is also used. 

  1. Open PowerShell console with administrative privileges
  2. Execute Repair-Volume E –Scan (E is your drive letter)
  3. If any errors found, execute Repair-Volume E –Spotfix
  4. Additional parameter is –OfflineScanAndFix, and it is used when you want to do scan and fix the volume simultaneously. Of course it forces Windows to take the volume offline, and then it does the job. If it runs on system drive, it will inevitably scan and fix the volume, the next time you reboot
  5. Wanting to run this command on a remote computer, put –CimSession “Remote Computer Name”, without quotation marks, after the command
  6. At the end, for more information and help, run Get-Help Repair-Volume, as I did in the above picture

Adding user accounts in Active Directory of Windows Server 2012

Active Directory users and computersOne of the first jobs after installing Active Directory, is creating user accounts, in order for the users to be authenticated in Active Directory. The authenticated user; therefore, can access the network resources. In this way an unauthorized user does not have access to the network without administrator’s permission. 

As usual, my well known two ways:


  1. Hit Windows Key + R buttons, type dsa.msc, and press OK
  2. Active Directory Users and Computers window opens. Remember you can open it via Server Manager too
  3. The easiest way, is to right click Users object on the left bottom side, click on New, then User
  4. Fill the First and Last names as you desire. Mine will be User1. User logon name is User1 too. Click Next
  5. Choose a strong password, and leave the default settings intact. Then Next and Finish
  6. Now I want to make this account, a member of administrators. So on the working window, click on Users, and right click User1 on the left side. Then click on Add to a group…
  7. On Select Groups window, type Domain Admins; Enterprise Admins. Then click on OK twice

As a result, a user, by the name of User1 is created, who is the administrator of both domain and forest.



  1. Open PowerShell console
  2. Type and hit enter this command:

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" -enabled $true -PasswordNeverExpires $false -ChangePasswordAtLogon $true
Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=cyrusbesharat,DC=local" -MemberOf "CN=Enterprise Admins,CN=Users,DC=cyrusbesharat,DC=local","CN=Domain Admins,CN=Users,DC=cyrusbesharat,DC=local"

Managing DNS in Windows Server 2012

DNSIn “How to install DNS on Windows Server 2012 ?” post, I explained DNS installation, and now I talk about managing a DNS server.

If you have installed DNS on a Domain Controller, the administrative job will become so less, because DNS is integrated into Active Directory.

DNS client will update its DNS record automatically if “Register the connection’s addresses in DNS” is selected (by default it is), or your DHCP server can register DNS records on behalf of DNS clients too. So, in most of the time managing DNS is easy. Otherwise, if you want to manually configure it, pay attention to these procedures.


  1. Press Windows Key + R, execute dnsmgmt.msc
  2. On DNS Manager window, right-click your server and click New Zone
  3. On wizard, click on Next. On Zone Type window, select Primary zone (because the first zone must be primary), and check Store the zone in Active Directory (it is selected by default). Then click Next
  4. On Active Directory Zone Replication Scope page, select the default option of To all DNS servers running on domain controllers on this domain : CyrusBesharat.local, click Next then
  5. Be sure to select Forward lookup zone as the default option, and click Next
  6. Type CyrusBesharat for zone name, then click on Next
  7. Check the radio button of Allow only secure dynamic updates (recommended for Active Directory), click on Next, then Finish to close the wizard
  8. Now you should add records to DNS server, so on DNS manager, expand SERVER1, Forward Lookup Zones, then right click  CyrusBesharat, and select New Host (A or AAAA)…
  9. On New Host window, type the name of one of your computers, for example Server2, and below IP address type its IP address like And click Add Host, then confirm OK and close the window


  1. Open PowerShell console
  2. Type and hit enter the below command:

Add-DnsServerPrimaryZone -Name CyrusBesharat -ZoneFile CyrusBesharat.dns
Add-DnsServerResourceRecordA -ZoneName CyrusBesharat –Name Server2 -IPv4Address

Managing DHCP in Windows Server 2012

DHCPI talked about installing DHCP in “How to install DHCP on Windows Server 2012?”, and now we mange the installed DHCP.

The first step in managing a DHCP server, is defining a scope. Scope is an IP address range that  the DHCP is responsible for allocation IP settings to the clients. So for creating a scope, follow my well-known GUI and PowerShell methods.


  1. Hit Windows key + Run to open the run command, execute dhcpmgmt.msc, DHCP console opens. (You can open it via Server Manager too, but my way is more straight forward.)
  2. Expand your server name, mine is server1.cyrusbesharat.local, right-click IPv4, and click New Scope. (You have the chance to have scope on IPv6 environment too, if there exists IPv6 infrastructure)
  3. New Scope Wizard starts. Click on Next
  4. On Scope Name page, type a name for your scope, e.g. LAN, without any description. Then click Next
  5. On IP Address Range, enter next to Start IP address, and next to End IP address
  6. The Length of 8 and Subnet mask of is automatically set. (And if you have sub netting in your network, configure it as appropriate). Then click Next
  7. In the new window, if you have any exclusions; addresses which you don’t want to be assigned by DHCP, put them here. I don’t have, so click on Next
  8. The default lease duration is 8 days. That is; a client can have the assigned IP address for 8 days. If needed, change it, then click Next
  9. Click Next on the new window to configure DHCP options
  10. On default gateway address, put, then click Add. (You can change it according to your own network). Click Next 
  11. On new window, the parent domain of CyrusBesharat.local is entered, and IP address of as my DNS is automatically set. Just click Next
  12. On WINS server page, type the desired name and IP address of WINS server. I don’t use WINS, so I left them blank and hit Next
  13. Click Next to activate scope, then click Finish to complete the new scope wizard


Execute this below command on PowerShell console:
Add-DhcpServerv4Scope -name "LAN" -StartRange  -EndRange -SubnetMask
Set-DhcpServerv4OptionValue -DnsDomain CyrusBesharat.local -DnsServer -Router

To make sure that you have configured DHCP correctly via PowerShell, just run get-dhcpserverv4scope. The result will show accuracy of your job.

%d bloggers like this: