To very handy command’s when you are building your labs multiple times when using a Windows Server as a DNS Server
I wanted to do it through Powershell but i think this is the easiest way to do.
dnscmd /zoneexport “wardvissers.nl” “wardvissers.nl”
dnscmd /zoneadd “wardhomelab.nl” /primary /file wardhomelab2.nl.dns /load
A whale ago, I started using Packer for creating Windows Templates for using in my home lab.
I blogged about it here: Windows Server 2025 “Preview” deployment with Packer
So now I want to deploy a template with Terraform, which was created earlier by Packer.
First, we need to ensure we have the Terraform downloaded and the vSphere provider Initialized.
I made my life a little easier to create a PowerShell script that downloads the latest version: Download Terraform.ps1
terraform {
required_providers {
vsphere = {
source = “HashiCorp/vsphere”
version = “> 2.11”
}
}
}
provider “vsphere” {
user = vcenter_username
password = vcenter_password
vsphere_server = vcenter_server
# If you have a self-signed cert
allow_unverified_ssl = true
}
Replace ”vcenter_username”, ” vcenter_password” , ”vcenter_server” with your actual vSphere credentials and server address.
Terraform.ps1
# Go to the Terraform download folder
$terraformfolder = ‘d:\automation\terraform\’
Set-Location $terraformfolder
# Download Terraform plugins
.\terraform.exe init
# Test Run
.\terraform.exe plan
# Run Terraform
.\terraform.exe apply
# Clean Up what you created
.\terraform.exe Destroy
Initialize the Terraform Working Directory: Run the following command in your terminal from the directory where your Terraform configuration file is located:
terraform init
This command will download the vSphere provider and initialize your Terraform working directory. It sets up and downloads the necessary provider plugins for Terraform to interact with vSphere.
Verify the Installation: After running `terraform init`, you should see output indicating that the vSphere provider has been successfully installed. You can now proceed to create Terraform configurations to manage your vSphere resources.
Deploy a Template VM within vSphere
In this example, we are deploying a VM running Windows Server 2022.
Terraform Module Structure
Variables.tf
variable “vsphere_user” {
default = “<your_vcenter_username_here>”
description = “vSphere username to use to connect to the environment – Default: administrator@vsphere.local”
}
variable “vsphere_password” {
default = “<your_vcenter_password_here>”
description = “vSphere vCenter password”
}
variable “vsphere_server” {
default = “<your_vcenter_here>”
description = “vSphere vCenter server”
}
variable “datacenter” {
default = “<your_datacenter_here>”
description = “vSphere datacenter”
}
variable “cluster” {
default = “<your_cluster_here>”
description = “vSphere cluster”
}
variable “network” {
default = “<vcenter_network>”
description = “vSphere network”
}
variable “datastore” {
default = “<your_destination_datastore_>”
description = “vSphere datastore”
}
variable “template” {
default = “<your_template_name_here>”
description = “Template VM”
}
variable “customization_specifications” {
default = “<vcenter_customization_specifications>”
description = “Customization Spec”
}
When you run “.\terraform plan” you do a test run to check your coding 
When you run “.\terraform apply” build your virtual machine
Based on: https://vminfrastructure.com/2025/03/11/deploying-a-vm-using-terraform/
It works but it need some tweaking and fixing.
Adding a TPM2.0 security device does not work right now
Server 2025 customization does not work
Using OpenSSL on Any Platform to get the LDAPS Certificate from the AD Server
Using OpenSSL should work with any Active Directory Server platform. (Windows, Linux etc.). I use Windows in my case
Requirements:
Steps:
3. Save the text file as my_ldaps_cert.pem.
The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS.
Essential Insights on Windows Server 2025
How to do a in place upgrade from a Windows Server 2022 Active Directory controller to a Windows Server 2025 active directory
Finish
When i begon with scripting using PowerShell ISE for Coding.
PowerShell ISE and Visual Studio Code are free coding tools from Microsoft.
But when Visual Studio Code was released back in 2015 i was switching to that. Powershell ISE i still use on a daily base for some basic tasks.
But with de Extenions list for Visual Studio Code getting better and better scripting is much faster and without errors and easyer to read.
The list with favo extensions is getting bigger en bigger.
Which makes my live a little easyer and helpfull.
So the list of my Favorites:
Prettier – Code Formatter
TODO Highlight
Code Spell Checker
Dutch – Code Spell Checker
Code Snap
Error Lens
Hashicorp HCL
HashiCorp Terraform
Because AI is hot I ám currently testing the following plugins
ChatGPT
GitHub CoPilot
GitHub CoPilot Chat
Using the ChatGPT/CoPilot plugins makes scripting even faster
Microsoft has identified an issue that affects Windows Server domain controllers (DCs), and has expedited a resolution that can be applied to affected devices. Out-of-band (OOB) updates have been released for some versions of Windows today, March 22, 2024, to addresses this issue related to a memory leak in the Local Security Authority Subsystem Service (LSASS). This occurs when on-premises and cloud-based Active Directory domain controllers service Kerberos authentication requests.
This issue is not expected to impact Home users, as it is only observed in some versions of Windows Server. Domain controllers are not commonly used in personal and home devices.
Updates are available on the Microsoft Update Catalog only. These are cumulative updates, so you do not need to apply any previous update before installing them, and they supersede all previous updates for affected versions. If your organization uses the affected server platforms as DCs and you haven’t deployed the March 2024 security updated yet, we recommend you apply this OOB update instead. For more information and instructions on how to install this update on your device, consult the below resources for your version of Windows:
Note: The OOB release for Windows Server 2019 will be released in near term.
As Windows Server 2025 Preview is officially released, I wanted to test a automated build of the Windows Server 2025 Preview release. So that I can deploy this in my home lab and going to test the new features if I can find the time….
Hashicorp Packer is a self-contained executable producing quick and easy operating system builds across multiple platforms. Using Packer and a couple of HCL2 files, you can quickly create fully automated template(s) with latest Windows Updates en VMware Tools. When you schedule a fresh builds after patch Tuesday you have always an up-to-date and fully secured template.
When using VMware customization tools. You can spin up vm’s in minutes.
Files you need?
The files and versions I am using at the time of this writing are as follows:
Outside of downloading both Packer and Windows Server 2022 Preview build, you will need the following files:
Other considerations and tasks you will need to complete:
Like other automated approaches to installing Windows Server, the automated Windows Server 2025 Packer build requires an answer file to provide answers to the GUI automatically and other installation prompts that you normally see in a manual installation of Windows Server.
You will find the scripts here: https://github.com/WardVissers/Packer-Win2025
The only problem that I had was: Switching from Nic from Public to Private
# Set network connections profile to Private mode.
Write-Output ‘Setting the network connection profiles to Private…’
do {
$connectionProfile = Get-NetConnectionProfile
Start-Sleep -Seconds 10
} while ($connectionProfile.Name -eq ‘Identifying…’)
Set-NetConnectionProfile -Name $connectionProfile.Name -NetworkCategory Private
I had some time to check out the new version of Server 2025.
For the full upcomming features check: https://ignite.microsoft.com/en-US/sessions/f3901190-1154-45e3-9726-d2498c26c2c9?source=sessions
Download Server 2025 Preview: https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver
Server 2025 will come with a lot of features (My Top 20+):
Need to find some time to dig in
Handy link: https://techcommunity.microsoft.com/t5/windows-server-insiders/announcing-windows-server-preview-build-26040/m-p/4040858
I while ago I started with parker to create simple templates for use in my homelab.
It take some time to find the rights scripts and learning en understanding the HCL2 coding
But in related to Security reasons I want to use a Windows Core Server the smaller footprint.
What is Server Core App Compatibility Feature on Demand: https://learn.microsoft.com/en-us/windows-server/get-started/server-core-app-compatibility-feature-on-demand
Installing Features on Demand through Powerschell contains a bug. You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” or file not found.
To Solve that I created I powerschell script to run the install twice: featuresondemand.ps1
You can find al the needed files on my Public Github Packer repository: https://github.com/WardVissers/Packer-Public
When running is showing like this:
It works for now, but there is one thing that would the hole thing a quiet nicer.
Passwords encrypted in a separate file.
You must be logged in to post a comment.