vNiklas Virtualization blog

This year I will present at the Technology Experts Conference by Quest again. Last year I had a session about how to successfully implement and transition into a Hyper-V platform. And this year I will do two sessions in the virtualization track. There are some very skilled speakers listed and I feel proud to be one of the listed.

Mythbusters go Hyper-V 

Maybe not so much explosions as on TV but I will try to in a fun and entertaining way do some mythbusting in the Hyper-V virtualization world. We will go through some of the common myths out there among IT professionals and implementers. Microsoft Windows Hyper-V has gone through a massive facelift from 2008 R2 to the new 2012 with loads of new functionallity and performance. Maybe you still rely on old information about how to set up and configure your virtualization platform. I have put some of the common claims to test and will show if they are myths or true. Watch out for some irony and jokes during the session.

Powershell is the way to handle Windows Hyper-v 2012

In this session we will look at how to manage Hyper-V in the new Windows Server 2012 with powershell and the cmdlets in the Hyper-v Module. We will look at the new functions that have been released in the new Powershell version 3 and how we can use them when deploying and managing the hosts and the virtual machines. We will in this session go from scratch to a fully deployed environment without using the GUI. In the session we will also look at how to find Hyper-V servers in your Active Directory and what VM´s are running there, we will also look at how to schedule a daily health report on your VM´s and hosts.

Hint to save money on registering:

TEC are offering a discounted 850 Euro rate for  delegates who register by 21 September! To receive the discount code, please email TEC2012@quest.com.

Yesterday I upgraded a Hyper-V node in a cluster from RC to RTM, Now I want to live migrate VM´s from the RC node to the RTM and then upgrade that.

As you can see on this screendump I have one node with build number 8400 (RC) and one with 9200 (RTM)

As you can see on this next image I have two VM´s running on my old node and I want to migrate them. The VM´s reside on a SMB 3.0 share and the cluster have a quorum share

And how do I move the VM´s to the other node, yes with powershell also, what you can see is that the Move-ClusterVirtualMachineRole can take the VMid from the VM objects as pipelined input, and that is really nice.

So now I have live migrated over the VM´s from the old RC to the RTM server and I can continue to upgrade that node.

I get an error if I try to live migrate them back to the old node, the only way I can do that is when the VM´s are powered off.

Of course I would rather have all my hosts in my System Center VMM 2012 SP1 but if I do not, or I just as an ITPro admin want to check if there are some new Hyper-V servers out there in my Active Directory and if they have VM´s on them I can use PowerShell.

I have looked at Ravikanth´s blog and done some modifications, also I am using the Win2012 and Powershell v3.

I can with the following powershell cmd get all hyper-v virtual machines in my Active Directory (of some reason the VMware machines do not get registered in the AD as virtual machines). With powershell version 3 it autoloads the Active Directory Module, this requires though that I have the feature RSAT-AD-PowerShell installed, easily done with Get-WindowsFeature RSAT-AD-PowerShell | Add-WindowsFeature.

Get-ADObject -Filter 'Name -like "*Virtual*"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") }

I cannot do so much more with this information, what I want is to check a list of Hyper-V servers and also try to get the VM´s on them, sadly only win2012 servers can interact with the hyper-v powershell module and give that info, but hey whom has win 2008 r2 hyper-v servers

This first query gives me all Hyper-V servers in the domain, 2008->2012

Get-ADObject -Filter 'Name -like "*Hyper-V"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") }

This next query uses that info and asks the Hyper-V servers for their VM´s

Get-ADObject -Filter 'Name -like "*Hyper-V"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") } | %{get-vm -ComputerName $_ -ErrorAction SilentlyContinue} | ft ComputerName,Name,State,Uptime -AutoSize

I can also use this to do things with the VM´s, like starting or stopping, observe that i just want to start the VM´s that start with the name test*.

Get-ADObject -Filter 'Name -like "*Hyper-V"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") } | %{get-vm test* -ComputerName $_ -ErrorAction SilentlyContinue} | Start-VM

I am working in a project that want to get performance data from remote servers, this with WMI, the servers belong to an Active Directory but the user collecting is not allowed to be an administrator (As an Administrator this is easy because then you already are in control and in the right groups)

So How do I fix this with preferably PowerShell, Scripting Guy has made a post about how to add users to local groups and Steve Lee on the MSDN WMI Blog has made a post how to add permissions on WMI  so I have combined them and got the solution I want.

The groups I am interested in on the remote computer are  ”Distributed COM Users”,”Performance Monitor Users”, to be able to connect and get monitoring data

To get it from the WMI interface I need some permissions there, I only grant read permissions on the root/CIMv2 subtree.

And here is the Powershell that does it, In the screendump you can see that I can use a foreach loop to set the permissions on several computers

# Create Permissions for non-admin user on remote computers
#
# Niklas Akerlund / 2012-08-22
Param ([switch]$add,
	[switch]$remove,
    $ComputerName = "vc",
    $UserName = "olle",
    $DomainName = "vniklas")

# add functions to call
. .\Set-UserLocalGroup.ps1
. .\Set-WmiNamespaceSecurity.ps1

$LocalGroups = "Distributed COM Users","Performance Monitor Users"

if ($add){
	$LocalGroups | %{Set-UserLocalGroup -Computer $ComputerName -Group $_ -Domain $DomainName -User $UserName -add}
	Set-WMINamespaceSecurity root/CIMv2 add "$DomainName\$UserName" Enable,MethodExecute,ReadSecurity,RemoteAccess -computer $ComputerName
} elseif($remove) {
	$LocalGroups | %{Set-UserLocalGroup -Computer $ComputerName -Group $_ -Domain $DomainName -User $UserName -remove}
	Set-WMINamespaceSecurity root/cimv2 delete "$DomainName\$UserName" -computer $ComputerName
}

To check that I can get the performance data I can use the powershell cmdlet Get-WMIObject , as you can see in the screendump, in the first test I do not have the permissions set but in the second it works..

Here are the functions

Set-UserLocalGroup

# Add/Remove user from local group 		
#
# Niklas Akerlund/Most code from Scriptingguy Blog http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx

Function Set-UserLocalGroup 
{ 
	[cmdletBinding()] 
	Param( 
	[Parameter(Mandatory=$True)] 
	[string]$Computer, 
	[Parameter(Mandatory=$True)] 
	[string]$Group, 
	[Parameter(Mandatory=$True)] 
	[string]$Domain, 
	[Parameter(Mandatory=$True)] 
	[string]$User,
	[switch]$add,
	[switch]$remove 
	)
	
	 
	$de = [ADSI]"WinNT://$Computer/$Group,group" 
	if($add){
		$de.psbase.Invoke("Add",([ADSI]"WinNT://$Domain/$User").path) 
	} elseif ($remove){
		$de.psbase.Invoke("Remove",([ADSI]"WinNT://$Domain/$User").path)
	}
	
} 

Set-WmiNamespaceSecurity, there was an error in the original code that I have corrected based on the comments, this error caused the function to always run on the local computer instead of the remote when using the -computer parameter.

# Copyright (c) Microsoft Corporation.  All rights reserved. 
# For personal use only.  Provided AS IS and WITH ALL FAULTS.
 
# Set-WmiNamespaceSecurity.ps1
# Example: Set-WmiNamespaceSecurity root/cimv2 add steve Enable,RemoteAccess
Function Set-WmiNamespaceSecurity {
 
Param ( [parameter(Mandatory=$true,Position=0)][string] $namespace,
    [parameter(Mandatory=$true,Position=1)][string] $operation,
    [parameter(Mandatory=$true,Position=2)][string] $account,
    [parameter(Position=3)][string[]] $permissions = $null,
    [bool] $allowInherit = $false,
    [bool] $deny = $false,
    [string] $computer = ".",
    [System.Management.Automation.PSCredential] $credential = $null)
   
Process {
    $ErrorActionPreference = "Stop"
 
    Function Get-AccessMaskFromPermission($permissions) {
        $WBEM_ENABLE            = 1
                $WBEM_METHOD_EXECUTE = 2
                $WBEM_FULL_WRITE_REP   = 4
                $WBEM_PARTIAL_WRITE_REP              = 8
                $WBEM_WRITE_PROVIDER   = 0x10
                $WBEM_REMOTE_ACCESS    = 0x20
                $WBEM_RIGHT_SUBSCRIBE = 0x40
                $WBEM_RIGHT_PUBLISH      = 0x80
        	$READ_CONTROL = 0x20000
        	$WRITE_DAC = 0x40000
       
        $WBEM_RIGHTS_FLAGS = $WBEM_ENABLE,$WBEM_METHOD_EXECUTE,$WBEM_FULL_WRITE_REP,`
            $WBEM_PARTIAL_WRITE_REP,$WBEM_WRITE_PROVIDER,$WBEM_REMOTE_ACCESS,`
            $READ_CONTROL,$WRITE_DAC
        $WBEM_RIGHTS_STRINGS = "Enable","MethodExecute","FullWrite","PartialWrite",`
            "ProviderWrite","RemoteAccess","ReadSecurity","WriteSecurity"
 
        $permissionTable = @{}
 
        for ($i = 0; $i -lt $WBEM_RIGHTS_FLAGS.Length; $i++) {
            $permissionTable.Add($WBEM_RIGHTS_STRINGS[$i].ToLower(), $WBEM_RIGHTS_FLAGS[$i])
        }
       
        $accessMask = 0
 
        foreach ($permission in $permissions) {
            if (-not $permissionTable.ContainsKey($permission.ToLower())) {
                throw "Unknown permission: $permission`nValid permissions: $($permissionTable.Keys)"
            }
            $accessMask += $permissionTable[$permission.ToLower()]
        }
       
        $accessMask
    }
 
    if ($PSBoundParameters.ContainsKey("Credential")) {
        $remoteparams = @{ComputerName=$computer;Credential=$credential}
    } else {
        $remoteparams = @{ComputerName=$computerName}
    }
       
    $invokeparams = @{Namespace=$namespace;Path="__systemsecurity=@"} + $remoteParams
 
    $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
    if ($output.ReturnValue -ne 0) {
        throw "GetSecurityDescriptor failed: $($output.ReturnValue)"
    }
 
    $acl = $output.Descriptor
    $OBJECT_INHERIT_ACE_FLAG = 0x1
    $CONTAINER_INHERIT_ACE_FLAG = 0x2
 
    $computerName = (Get-WmiObject @remoteparams Win32_ComputerSystem).Name
   
    if ($account.Contains('\')) {
        $domainaccount = $account.Split('\')
        $domain = $domainaccount[0]
        if (($domain -eq ".") -or ($domain -eq "BUILTIN")) {
            $domain = $computerName
        }
        $accountname = $domainaccount[1]
    } elseif ($account.Contains('@')) {
        $domainaccount = $account.Split('@')
        $domain = $domainaccount[1].Split('.')[0]
        $accountname = $domainaccount[0]
    } else {
        $domain = $computerName
        $accountname = $account
    }
 
    $getparams = @{Class="Win32_Account";Filter="Domain='$domain' and Name='$accountname'"}
 
    $win32account = Get-WmiObject @getparams
 
    if ($win32account -eq $null) {
        throw "Account was not found: $account"
    }
 
    switch ($operation) {
        "add" {
            if ($permissions -eq $null) {
                throw "-Permissions must be specified for an add operation"
            }
            $accessMask = Get-AccessMaskFromPermission($permissions)
   
            $ace = (New-Object System.Management.ManagementClass("win32_Ace")).CreateInstance()
            $ace.AccessMask = $accessMask
            if ($allowInherit) {
                $ace.AceFlags = $OBJECT_INHERIT_ACE_FLAG + $CONTAINER_INHERIT_ACE_FLAG
            } else {
                $ace.AceFlags = 0
            }
                       
            $trustee = (New-Object System.Management.ManagementClass("win32_Trustee")).CreateInstance()
            $trustee.SidString = $win32account.Sid
            $ace.Trustee = $trustee
           
            $ACCESS_ALLOWED_ACE_TYPE = 0x0
            $ACCESS_DENIED_ACE_TYPE = 0x1
 
            if ($deny) {
                $ace.AceType = $ACCESS_DENIED_ACE_TYPE
            } else {
                $ace.AceType = $ACCESS_ALLOWED_ACE_TYPE
            }
 
            $acl.DACL += $ace.psobject.immediateBaseObject
	    
        }
       
        "delete" {
            if ($permissions -ne $null) {
                throw "Permissions cannot be specified for a delete operation"
            }
       
            [System.Management.ManagementBaseObject[]]$newDACL = @()
            foreach ($ace in $acl.DACL) {
                if ($ace.Trustee.SidString -ne $win32account.Sid) {
                    $newDACL += $ace.psobject.immediateBaseObject
                }
            }
 
            $acl.DACL = $newDACL.psobject.immediateBaseObject
        }
       
        default {
            throw "Unknown operation: $operation`nAllowed operations: add delete"
        }
    }
 
    $setparams = @{Name="SetSecurityDescriptor";ArgumentList=$acl.psobject.immediateBaseObject} + $invokeParams
 
    $output = Invoke-WmiMethod @setparams
    if ($output.ReturnValue -ne 0) {
        throw "SetSecurityDescriptor failed: $($output.ReturnValue)"
    }
}
}

I have made a function to set reservations on VM´s in PowerCLI. The function takes a VM as parameter and also percentage of CPU and Memory you want to reserve.

The function checks the Mhz of the physical CPU from the Host the VM is running on and makes the reservation from this.

In the function I can set both memory and cpu reservation or just one of them

here is a screendump of the function being used

and here is the PowerCLI

function Set-VMReservation{
<#
.SYNOPSIS
Set VM Reservation on Memory and/or CPU

.DESCRIPTION
Use this function set VM reservations 

.PARAMETER MemoryMB
Use this parameter to set the percent of memory reserved for the VM

.PARAMETER CpuMhz
Use this parameter to set the percent of CPU Mhz from the host CPU to be reserved

.NOTES
Author: Niklas Akerlund
Date: 2012-07-19
#>
    param (
   [Parameter(Position=0,Mandatory=$true,HelpMessage="A VM",
    ValueFromPipeline=$True)]
    $VM,
	$MemoryMB = 0,
	$CpuMhz = 0
    )
	$VM = Get-VM $VM
	if ($MemoryMB -ne 0 -and $CpuMhz -ne 0){
		$MemoryMB = $MemoryMB/100
		[int]$MemoryMB = $VM.MemoryMB*$MemoryMB
		$CpuMhz = $CpuMhz/100
		[int]$CpuMhz = ([math]::truncate(((Get-VMHost -id $VM.extensiondata.summary.runtime.host).ExtensionData.Hardware.CpuInfo.hz)/1000000))*$VM.NumCpu*$CpuMhz
		$VM | Get-VMResourceConfiguration |Set-VMResourceConfiguration -CpuReservationMhz $CpuMhz -MemReservationMB $MemoryMB
	}elseif ($MemoryMB -ne 0 -and $CpuMhz -eq 0){
		$MemoryMB = $MemoryMB/100
		[int]$MemoryMB = $VM.MemoryMB*$MemoryMB
		$VM | Get-VMResourceConfiguration |Set-VMResourceConfiguration -MemReservationMB $MemoryMB
	}elseif ($MemoryMB -eq 0 -and $CpuMhz -ne 0){
		$CpuMhz = $CpuMhz/100
		[int]$CpuMhz = ([math]::truncate(((Get-VMHost -id $VM.extensiondata.summary.runtime.host).ExtensionData.Hardware.CpuInfo.hz)/1000000))*$VM.NumCpu*$CpuMhz
		$VM | Get-VMResourceConfiguration |Set-VMResourceConfiguration -CpuReservationMhz $CpuMhz
	}elseif ($MemoryMB -eq 0 -and $CpuMhz -eq 0){
		$VM | Get-VMResourceConfiguration |Set-VMResourceConfiguration -CpuReservationMhz 0 -MemReservationMB 0
	}
}

In this example I have set the CPU reservation to 60 % and Memory to 40 %

This friday I wrote a post about how to change from CMD to powershell and also found Thomas Lee´s posts about it.

What i wrote in my post was that i found the registry key that holds the command prompt but could not alter it. Andrew Morgan had already done all in his post, he also describes how you do, the secret is to take the ownership of the registry part (otherwise it is TrustedInstaller that is owner and that was why I could not change anything), after you change owner you also want to add some permissions, cause Administrator has only read by default.

And why do I want to add an registry key under AlternateShell instead of the Shell registry key that holds Explorer.exe. One reason is that when I enable the GUI from Core mode I do not get the full GUI. So when I run Get-WindowsFeature *gui-shell* | Add-WindowsFeature and then reboot the server it looks like the following screendump:

As you can see in the following screendump and in Andrew´s post, I keep the CMD and just set an new registry key that has a higher value, but not as high as Explorer. Doing this I get the Powershell console when in Core and the Explorer when in Full GUI mode. When in full GUI mode I get a temporary Pagefile error though , the system seems to work correctly.. I have tested the Get-WindowsFeature *gui-shell* | Add-WindowsFeature on an installation where I have not done any alternation with the shells and there the page file dialog appears also so this is caused by another issue that I will investigate in another blog post.

In twitter yesterday I saw that there was a discussion about setting default shell to Powershell in Windows Core, Jeffery Hicks has done this in Windows 2008 R2 and I wanted to test if his little trick worked in Windows 2012 also (by the way, why is it not default by default in 2012 Core? )

I have my testmachine ready and so lets go

Interestingly, When I check the registry I got that my shell in the 2012 Core was Explorer.exe,

but when I got a bit deeper I could see under AlternativeShells that the CMD was there

I tried to edit that but got an error

well lets try to exchange the explorer.exe in shell  to powershell.exe instead, I use the $env:userprofile to get the same directory as with cmd

$shell = "Powershell.exe -NoExit cd `$env:userprofile"
set-itemproperty "hklm:\software\microsoft\windows nt\currentversion\winlogon" shell $shell

And here you can see in my registry, notice that the $env:userprofile is still there thanks to the ` in the string variable and that means that when another user log in they will get their own directory:

 And when I try to log in again I get the Powershell Console by default and also in the “right” directory

Lets hope Microsoft set Powershell console as default also in the Core version when Windows 2012 becomes RTM

Update: I did apparently not follow the tweets so far that I noticed that the PS master Thomas Lee already had made a blog about this, in his post I would just add this to get the users directory

Set-ItemProperty -Confirm  -Path $RegPath -Name Shell -Value 'PowerShell.exe -noExit -Command "$psversiontable; cd $env:userprofile"' 

A colleague wanted a script that could make a Host-VM affinity rule so that certain VM´s that resided on one storage at one site would run on the hosts on that site, the cluster spanns over two sites so the VM´s can run at both sites but one datastore is primary at the first site and the other at the second site.  So He wanted to get the VM´s that have their storage on datastoreLocation1 to be in an host-vm affinity rule “Should Run” on the hosts that is in that site. In this community post I found most of the code, I made som adjustments but mostly the cred goes to @lucd22 and GotMoo.

Here you can see the screendump from the cluster settings

Here is the powerCLI that has been run

One thing here was also that this VMgroup should be updated once a day if there was new VM´s that needed to be included. So this lines should be run in a scheduled task, this will make the DRSVMGroup VMLocationDC1 to be updated with the VM´s currently located at that datastore:

$VM = get-datastore delad02 | get-vm
Update-DrsVMGroup -cluster vmw* -VMs $VM -groupVMName VMLocationDC1

Here are the PowerCLI functions for doing this. As you can see I have an switch parameter for -MustRun, that will create the rule as a Must Run on these hosts.

function New-DRSGroupRule{
<#
.SYNOPSIS
Create a new DRSGroupRule for VMs to reside on some hosts in a cluster

.DESCRIPTION
Use this function to create vms in a group and hosts in a group and a host-vm affinity

.PARAMETER  MustRun
A switch that will create the rule with Must Run on these host, if not set it will create the rule with should run.

.NOTES
Author: Niklas Akerlund / RTS (most of the code came from http://communities.vmware.com/message/1667279 @LucD22 and GotMoo)
Date: 2012-06-28
#>
	param (
	[Parameter(Position=0,Mandatory=$true,HelpMessage="A Cluster",
	ValueFromPipeline=$True)]
	$cluster,
	$VMHosts,
	$VMs,
	[string]$Name,
	[switch]$MustRun
	)
	
	$cluster = Get-Cluster $cluster

	$spec = New-Object VMware.Vim.ClusterConfigSpecEx
	$groupVM = New-Object VMware.Vim.ClusterGroupSpec 
	$groupVM.operation = "add" 
	$groupVM.Info = New-Object VMware.Vim.ClusterVmGroup
	$groupVM.Info.Name = "VM$Name"

	Get-VM $VMs | %{
	$groupVM.Info.VM += $_.Extensiondata.MoRef
	}
	$spec.GroupSpec += $groupVM

	$groupESX = New-Object VMware.Vim.ClusterGroupSpec 
	$groupESX.operation = "add"
	$groupESX.Info = New-Object VMware.Vim.ClusterHostGroup
	$groupESX.Info.Name = "Host$Name"

	Get-VMHost $VMHosts | %{
	$groupESX.Info.Host += $_.Extensiondata.MoRef
	}
	$spec.GroupSpec += $groupESX

	$rule = New-Object VMware.Vim.ClusterRuleSpec
	$rule.operation = "add"
	$rule.info = New-Object VMware.Vim.ClusterVmHostRuleInfo
	$rule.info.enabled = $true
	$rule.info.name = $Name
	if($MustRun){
		$rule.info.mandatory = $true
	}else{
		$rule.info.mandatory = $false
	}
	$rule.info.vmGroupName = "VM$Name"
	$rule.info.affineHostGroupName = "Host$Name"
	$spec.RulesSpec += $rule

	$cluster.ExtensionData.ReconfigureComputeResource($spec,$true)
}

function Update-DrsVMGroup {
<#
.SYNOPSIS
Update DRS VM group with a new collection of VM´s

.DESCRIPTION
Use this function to update the ClusterVMgroup with VMs that are sent in by parameters

.PARAMETER  xyz 

.NOTES
Author: Niklas Akerlund / RTS (most of the code came from http://communities.vmware.com/message/1667279 @LucD22 and GotMoo)
Date: 2012-06-28
#>
	param (
	$cluster,
	$VMs,
	$groupVMName)
	
    $cluster = Get-Cluster $cluster
    $spec = New-Object VMware.Vim.ClusterConfigSpecEx
    $groupVM = New-Object VMware.Vim.ClusterGroupSpec 
    #Operation edit will replace the contents of the GroupVMName with the new contents seleced below.
    $groupVM.operation = "edit" 

    $groupVM.Info = New-Object VMware.Vim.ClusterVmGroup
    $groupVM.Info.Name = $groupVMName 

    Get-VM $VMs | %{
        $groupVM.Info.VM += $_.Extensiondata.MoRef
    }
    $spec.GroupSpec += $groupVM

    #Apply the settings to the cluster
    $cluster.ExtensionData.ReconfigureComputeResource($spec,$true)
}

When I get the time I might add some more functionality to also remove rules and groups.

I made a blog post some time ago, where i created a powerCLI function for creating a VM affinity rule that would keep my VM´s in a vApp together in the cluster for better VM-VM performance. I then checked for MoRef to get the VM correlated between vCloud Director and vCenter.

The answer to my problem was much closer than I thought, the vCloud director creates a folder in the “VM´s and Template view” for each vApp and guess what, all VM´s are in there.. so I do not need to ask the vCloud Director anymore (well if I want the Cloud vApp name I do need to ask it..) but ironically I had not looked there and found out that the folders actually where created for each deployed vCloud vApp :-/

So the code is a bit simpler and to get all VM´s from a folder I just type this, the asterisk is because the folder also gets a unique id

Get-Folder | where {$_.Name -like "ProdvCPod*"} | Get-VM

And then I just need to put those VM´s into an array and create a DRS rule, and here is the function that does this

<#
.Synopsis
   Add an affinity rule for a vCloud Director vAPP
.DESCRIPTION
   This function takes a vApp name (string) as parameter and creates an affinity rule for them to keep them together
.EXAMPLE
   Add-vAppAffinity -CIVApp ProdCust01
.NOTES
Author: Niklas Akerlund
Date: 2012-06-21
#>
function Add-vAppAffinity
{
    Param
    (
        # Parameter for the vAPP
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $CIVApp,

        # If the rule should apply on a different cluster
        $Cluster = "Cluster01"
    	)

	if ($CIVApp -ne " " -or $CIVApp -ne $null -or $CIVApp.length -ne 0 ){
		$Cluster = Get-Cluster $Cluster
		$VAppname = $CIVApp + "*"
		$VMs =  Get-Folder | where {$_.Name -like $VAppname} | Get-VM	
		
		if (!(Get-DrsRule -Cluster $Cluster -Name $CIVApp -ErrorAction SilentlyContinue)){ 
			New-DrsRule -Name $CIVApp -Cluster $Cluster -KeepTogether $true -VM $VMs
		}else{
			Remove-DrsRule -Rule (Get-DrsRule -Cluster $Cluster -Name $CIVApp) -Confirm:$false
			New-DrsRule -Name $CIVApp -Cluster $Cluster -KeepTogether $true -VM $VMs
		}
	}
}

To run it:

and it looks something like this if I check the cluster settings

preferably you have set your DRS cluster to fully automated or not so much will happen

I wanted to create a function that could help an IT Pro Admin with the task to create a clone of a running VM, Yes you can use the Export-VM cmdlet but then your VM must be turned off and in some cases, for example when you want to test a new release or patch on a production system but first test it in a safe environment and you are not allowed to stop the original VM.

The function exists in System Center Virtual Machine Manager but there it also must be turned off

So how do I do? I have made a PowerShell function that take a snapshot, copies the vhd files and creates a new VM, connect the vhd´s and network cards, configures the VM with number of processors, dynamic memory etc.

As the Snapshot merges the vhdx files when the VM is running in this new Hyper-V version I thought it was an sufficient way to solve that the VM actually was not writing to the .vhdx files when I copy them but into the .avhdx diff file.

This is a version 0.1 and yes it need some development but right now I do not have the time to make it supernice,

Here you can see it in action

And when It is finished It looks like this in the gui

And here is the PowerShell function

<#
.Synopsis
   Function to clone a running VM
.DESCRIPTION
   This function can be used to clone a running vm and connect the copied vhd´s and network
.EXAMPLE
   Clone-VM -VMName vmdisktest -VMCloneName vmdisktest-clone -Path c:\VMs
.EXAMPLE
   Clone-VM -VMName vmdisktest -VMCloneName vmdisktest-clone -Path c:\VMs -Switch Private
.Notes
Author: Niklas Akerlund
Date: 2012-06-19
#>
function Clone-VM
{
    [CmdletBinding()]
    [OutputType([int])]
    Param
    (
        # Name of the VM to be cloned
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $VMName,
        [string] $VMCloneName,
        # Where to store the VM-clone 
        [string] $Path,
        # Set to another network switch
        [string] $Switch = " "    
    )

    # Get VM
    $VM = Get-VM $VMName
    $VHDs = Get-VMHardDiskDrive -VM $VM
    #$VHDPath = (Get-VMHardDiskDrive -VM $VM).Path
    $VHDClonePath = "$Path\$VMCloneName\Virtual Hard Disks\"
    
    # Create a new array of VHD info
    $VHDOrg = @()
    foreach ($VHD in $VHDs){
        $data = New-Object PSObject -property @{
            VHDName = (Get-Item $VHD.Path).Name
            VHDPath = $VHD.Path
            ControllerType = $VHD.ControllerType
            ControllerNumber = $VHD.ControllerNumber
            ControllerLocation = $VHD.ControllerLocation

        }
        $VHDOrg +=$data
    }

    $VMNics = Get-VMNetworkAdapter -VM $VM

    # Take snapshot 
    $VM | Checkpoint-VM 

    New-Item -ItemType directory -Path $VHDClonePath

    New-VM -Name $VMCloneName -Path $Path -NoVHD -MemoryStartupBytes $VM.MemoryStartup -BootDevice IDE
    $VMClone = Get-VM -Name $VMCloneName
    Get-VMNetworkAdapter -VMName $VMCloneName | Remove-VMNetworkAdapter
   
    # Configure VM-Clon
    if ($VM.DynamicMemoryEnabled){
        Set-VM -VMName $VMCloneName -ProcessorCount $VM.ProcessorCount -DynamicMemory -MemoryMinimumBytes $VM.MemoryMinimum -MemoryMaximumBytes $VM.MemoryMaximum
    }else{
        Set-VM -VMName $VMCloneName -ProcessorCount $VM.ProcessorCount -StaticMemory
    }

    # Add all network cards
    foreach ($VMNic in $VMNics){
        if ($Switch -eq " "){
            Add-VMNetworkAdapter -VMName $VMCloneName -SwitchName $VMNic.SwitchName -IsLegacy $VMNic.IsLegacy
        }else{
            Add-VMNetworkAdapter -VMName $VMCloneName -SwitchName $Switch -IsLegacy $VMNic.IsLegacy
        }
    }

    # Copy all VHDs
    foreach ($VHDcopy in $VHDOrg){
        
        $Dest = $VHDClonePath + $VHDcopy.VHDName
        Copy-Item -Path $VHDcopy.VHDPath -Destination $Dest
        Add-VMHardDiskDrive -VMName $VMCloneName -ControllerType $VHDCopy.ControllerType -ControllerLocation $VHDCopy.ControllerLocation  -ControllerNumber $VHDCopy.ControllerNumber -Path $Dest   
    }

    # Remove snapshot 
    $VM | Remove-VMSnapshot

}

Good luck in testing, but do take in consideration that this is an copy of the running VM so do not start it at the same time on the same network or you will get IP collision etc, as you can see above I have added an -Switch parameter that you can use to set the network cards of the VM to be connected on another switch to avoid any problems..