Convert Hyper-V vhd to vhdx and back with PowerShell

October 2nd, 2012 No comments

To convert an vhd disk file to vhdx superduper format with PowerShell you just use the cmdlet Convert-VHD (this work only on hyper-v enabled machines). I read Virtual PC Guys post about how to do it in the GUI and wanted to make a small post about how to do it in powershell

Convert-VHD -Path \\win2012-dc01\vms\old.vhd -DestinationPath \\win2012-dc01\vms\new.vhdx -DeleteSource -ComputerName win2012-hv01

And to go back

Convert-VHD -Path \\win2012-dc01\vms\new.vhdx -DestinationPath \\win2012-dc01\vms\old.vhd -DeleteSource -ComputerName win2012-hv01

And here is a screendump

And if I for example want to convert a number of vhd´s

first I create 5 dummy files, of course in the real life you have some files that already are there ready to be converted.

1..5|%{New-VHD -Path .\vhd$_.vhd -SizeBytes 2GB}
Get-VHD -Path C:\vhds\* | %{Convert-VHD -Path $_.Path -DestinationPath ($_.Path + "x") -DeleteSource}

olala look

If you want to convert back to vhd format you need to be sure that it is not bigger than 2040 GB or it will fail. Good luck!

Categories: Hyper-V, Powershell, Virtualization, Win2012 Tags:

In Windows Hyper-V 2012, Move-VMStorage leaves folders behind

September 26th, 2012 2 comments

I have tested a bit with the WinServ first in the early version 8 and then RC and now RTM, and what I thought was a bug that MS would fix before RTM seems to be still there.

What am I talking about then, well when you do a live or cold storage migration of a VM from for example your local storage to a SMB share either with the gui or preferebly with PowerShell, the built-in function leaves folders behind. And you can see where this is leading when moving a lot of VM´s, several VM´s folders retain with nothing inside and causing confusion!

As you can see on the screendump, the VM 2012 has been moved to another place but the folder still resides with no data in it, the subfolders are there but no disk files. And of course if I use the parameter -RetainVhdCopiesOnSource the folders should stay and also the configuration, vhd files :-)

So I have done a modified Move-VMStorage function that actually removes the source folder also after moving the VM.

Here is the powershell function and a screendump how it actually deletes the folder also, And as you can see, I check if the VM resides on a share or locally on a hyper-v host and then I use Invoke-Command to delete the folder on the host´s local volume. The script can run on any machine that has RSAT-Hyper-V Powershell tools installed and with an account that has rights to delete folders on the shares/hosts.

   An updated Move-VMStorage function
   To also remove the folder where the VM was residing this function also deletes the folder after moving the VM
   Move-VMStorage2 -VM test -ComputerName HV02 -Path \\SMB-srv01\VMs\test
Author: Niklas Akerlund 20120926
function Move-VMStorage2
        # A name of a VM or a VM object
        # The name of the Hyper-V host
        # The path where the VM is going to be relocated to.

        # Lets move and tidy the source folder
        $VM = Get-VM $VM -ComputerName $ComputerName
        Move-VMStorage -VM $VM -DestinationStoragePath $Path
        $VMOldPath = $VM.Path
        if ($VMOldPath.StartsWith("\\")) {
           Remove-Item -Path $VMOldPath -Recurse -Force
            Invoke-Command -ComputerName $VM.ComputerName -ScriptBlock {Remove-Item -Path $Using:VMOldPath -Recurse -Force}

Make sure that you always add the VM´s name to the path otherwise you will put the VM´s folders and files in the SMB folder directly and that will cause a mess and when you run my function it will try to clean that folder and all subfolders wich means all VM´s not running in that folder. Maybe I will add the control that It checks that the path to delete includes the VM name in a future update :-P

Go to the TEC 2012 conference in Barcelona

September 19th, 2012 No comments

This year I will present at the Technology Experts Conference by Quest again. Last year I had a session about how to successfully implement and transition into a Hyper-V platform. And this year I will do two sessions in the virtualization track. There are some very skilled speakers listed and I feel proud to be one of the listed.

Mythbusters go Hyper-V 

Maybe not so much explosions as on TV but I will try to in a fun and entertaining way do some mythbusting in the Hyper-V virtualization world. We will go through some of the common myths out there among IT professionals and implementers. Microsoft Windows Hyper-V has gone through a massive facelift from 2008 R2 to the new 2012 with loads of new functionallity and performance. Maybe you still rely on old information about how to set up and configure your virtualization platform. I have put some of the common claims to test and will show if they are myths or true. Watch out for some irony and jokes during the session.

Powershell is the way to handle Windows Hyper-v 2012

In this session we will look at how to manage Hyper-V in the new Windows Server 2012 with powershell and the cmdlets in the Hyper-v Module. We will look at the new functions that have been released in the new Powershell version 3 and how we can use them when deploying and managing the hosts and the virtual machines. We will in this session go from scratch to a fully deployed environment without using the GUI. In the session we will also look at how to find Hyper-V servers in your Active Directory and what VM´s are running there, we will also look at how to schedule a daily health report on your VM´s and hosts.

Hint to save money on registering:

TEC are offering a discounted 850 Euro rate for  delegates who register by 21 September! To receive the discount code, please email

Categories: Automation, Hyper-V, Virtualization, Win2012 Tags:

Installing vSphere vCenter 5.1 on Windows 2012

September 14th, 2012 10 comments

I have tested to install the new VMware ESXi 5.1 in a VM on my Macbook pro, next step was to get the vCenter 5.1 working on Windows 2012.

I downloaded the evaluation ISO from technet and when using the Easy Install I got an error trying to install the OS on the VM, as you can see on the screendump I get a licensing error, my first thought was that it was an error with my iso download and I then downloaded it again but the error persisted.

When I try to set up a new VM without the Easy Install I get the license agreement without error and could deploy the VM without any errors. Did I say that I am using the latest fusion 5.0.1

So to continue with the install, when the OS is upp and running I also need to download/install .net 3.5 (this is not by default available in win 2012 so I need the Media or an Internet connection). This as the .Net 3.5 is a requirement when installing vCenter.

Then I run the simple install from the media that will install the vCenter server, Single sign-on and Inventory service together.

When the installation is finished everything seems to be installed but the vCenter service will not start. It complained about a service that it depended on that was not existing.

I investigated a bit and the Protected Storage Service was deprecated in windows 2008 and only in read-mode and I could not find it for Windows 2012. So I wanted to remove the dependent services.

So how to do this, I type sc config vpxd depend= “” to remove all dependencies and then I typed sc start vpxd and the service took a bit to start but eventually it got to a running state.

Then I installed the vSphere Client and tried to log in and when the client opened I added the vSphere host without any issues.

Now when I got this running I will continue to install PowerCLI 5.1 and test it with PowerShell 3.0



New job: Product Manager Private Cloud @Lumagate

September 7th, 2012 No comments

Today I have done my last day at Real Time Services and on monday I will start as a Product Manager Private Cloud at Lumagate.

My focus will be on helping customers adopting and implementing a private cloud. It will be very exiting and hopefully some fun developing projects. I will work with both VMware and Microsoft solutions but with a focus on enabling the System Center Suite and automation.

If you want to contact me, this is my new business card:


Categories: General Tags:

VM Monitoring with Windows 2012 Hyper-V failover cluster

September 6th, 2012 No comments

Today I have tested to set up VM monitoring and see how it works.

Kristian Nese has made a blog post about it, I wanted to do a bit more in Powershell, He also points out that it might in some scenarios not be so good to activate this on a VM that have multiple roles and I must agree in that. Another thing to say again is, this can only be done on Windows 2012 VM´s and they haft to either be in the same domain as the failover-cluster or in a trusted domain and also the cluster nodes must be able to connect to the VM over the network.

First for the cluster to be able to see the services that can be monitored I have to allow that in the VM´s firewall, I will also enable Remote Service Management to communicate so I can remotely check services with powershell.

via PS remote I enable the firewall rules

Set-NetFirewallRule -DisplayGroup "Virtual Machine Monitoring" -Enabled true
Set-NetFirewallRule -DisplayGroup "Remote Service Management" -Enabled true

And then I can do some magic in the powershell console to set up the VM monitoring, I use the -OverrideServiceRecoveryActions parameter so the VM monitoring will trigger first no matter what the service is configured to do in the recovery settings.

Get-Service apache -ComputerName pstest

Add-ClusterVMMonitoredItem -Service apache2.2 -OverrideServiceRecoveryActions -VirtualMachine powertest -Cluster hypclu3

Get-ClusterVMMonitoredItem -VirtualMachine powertest -Cluster hypclu3

And in the Cluster Manager it looks like this:


To test this I want to kill the service and for that I can use the Stop-Process, this can not be used in a cmdlet remote so I have to use remoting again so with the Invoke-Command I get the process and kill it :-)

Invoke-Command -ComputerName pstest -ScriptBlock {Get-Process httpd | Stop-Process -Force}

And after just a breath the server reboots :-)

And if I want to remove the monitored services from the VM in the cluster I just run this command:

Get-ClusterVMMonitoredItem -VirtualMachine powertest -Cluster hypclu3 | Remove-ClusterVMMonitoredItem

In this example I have used a third party open source software to show that the monitoring not only just works with Microsoft services. It is as I said in the beginning useful in the right circumstance.

Categories: Hyper-V, Powershell, Virtualization, Win2012 Tags:

Live Migrate VM´s in Hyper-V cluster from RC to RTM node

September 5th, 2012 No comments

Yesterday I upgraded a Hyper-V node in a cluster from RC to RTM, Now I want to live migrate VM´s from the RC node to the RTM and then upgrade that.

As you can see on this screendump I have one node with build number 8400 (RC) and one with 9200 (RTM)

As you can see on this next image I have two VM´s running on my old node and I want to migrate them. The VM´s reside on a SMB 3.0 share and the cluster have a quorum share

And how do I move the VM´s to the other node, yes with powershell also, what you can see is that the Move-ClusterVirtualMachineRole can take the VMid from the VM objects as pipelined input, and that is really nice.

So now I have live migrated over the VM´s from the old RC to the RTM server and I can continue to upgrade that node.

I get an error if I try to live migrate them back to the old node, the only way I can do that is when the VM´s are powered off.


Upgrading my Windows 2012 RC to RTM with Hyper-V VM´s on

September 4th, 2012 No comments

Well the Windows 2012 Launch site is probably a bit overloaded.

Anyway, I have downloaded my iso from the technet plus account and now I will start installing.

Here have Olav made a post about how to upgrade from RC to RTM and it is probably not supported but I tried it anyway.

To download the Windows 2012 you just go to technet and chose the evaluation

When it is downloaded I edit the cversion.ini to 8400 and then start the installation,

I like that the core version is default when starting the installation

And now as you can see I can choose the upgrade option

And lookilooki, I can now upgrade with no complaints, or at least just warnings

 And after quite a bit of waiting and reboots the server is actually upgraded and now I have started my VM´s again (yes with Powershell :-P)

Categories: Hyper-V, Virtualization, Win2012 Tags:

Using PowerShell to get/start VM´s from Hyper-V servers in Active Directory

August 24th, 2012 No comments

Of course I would rather have all my hosts in my System Center VMM 2012 SP1 but if I do not, or I just as an ITPro admin want to check if there are some new Hyper-V servers out there in my Active Directory and if they have VM´s on them I can use PowerShell.

I have looked at Ravikanth´s blog and done some modifications, also I am using the Win2012 and Powershell v3.

I can with the following powershell cmd get all hyper-v virtual machines in my Active Directory (of some reason the VMware machines do not get registered in the AD as virtual machines). With powershell version 3 it autoloads the Active Directory Module, this requires though that I have the feature RSAT-AD-PowerShell installed, easily done with Get-WindowsFeature RSAT-AD-PowerShell | Add-WindowsFeature.

Get-ADObject -Filter 'Name -like "*Virtual*"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") }

I cannot do so much more with this information, what I want is to check a list of Hyper-V servers and also try to get the VM´s on them, sadly only win2012 servers can interact with the hyper-v powershell module and give that info, but hey whom has win 2008 r2 hyper-v servers ;-)

This first query gives me all Hyper-V servers in the domain, 2008->2012

Get-ADObject -Filter 'Name -like "*Hyper-V"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") }

This next query uses that info and asks the Hyper-V servers for their VM´s

Get-ADObject -Filter 'Name -like "*Hyper-V"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") } | %{get-vm -ComputerName $_ -ErrorAction SilentlyContinue} | ft ComputerName,Name,State,Uptime -AutoSize

I can also use this to do things with the VM´s, like starting or stopping, observe that i just want to start the VM´s that start with the name test*.

Get-ADObject -Filter 'Name -like "*Hyper-V"' | %{$_.DistinguishedName.Split(",")[1].replace("CN=","") } | %{get-vm test* -ComputerName $_ -ErrorAction SilentlyContinue} | Start-VM

Set up non-admin account to access WMI and performance data remotely with PowerShell

August 22nd, 2012 2 comments

I am working in a project that want to get performance data from remote servers, this with WMI, the servers belong to an Active Directory but the user collecting is not allowed to be an administrator (As an Administrator this is easy because then you already are in control and in the right groups)

So How do I fix this with preferably PowerShell, Scripting Guy has made a post about how to add users to local groups and Steve Lee on the MSDN WMI Blog has made a post how to add permissions on WMI  so I have combined them and got the solution I want.

The groups I am interested in on the remote computer are  “Distributed COM Users”,”Performance Monitor Users”, to be able to connect and get monitoring data

To get it from the WMI interface I need some permissions there, I only grant read permissions on the root/CIMv2 subtree.

And here is the Powershell that does it, In the screendump you can see that I can use a foreach loop to set the permissions on several computers

# Create Permissions for non-admin user on remote computers
# Niklas Akerlund / 2012-08-22
Param ([switch]$add,
    $ComputerName = "vc",
    $UserName = "olle",
    $DomainName = "vniklas")

# add functions to call
. .\Set-UserLocalGroup.ps1
. .\Set-WmiNamespaceSecurity.ps1

$LocalGroups = "Distributed COM Users","Performance Monitor Users"

if ($add){
	$LocalGroups | %{Set-UserLocalGroup -Computer $ComputerName -Group $_ -Domain $DomainName -User $UserName -add}
	Set-WMINamespaceSecurity root/CIMv2 add "$DomainName\$UserName" Enable,MethodExecute,ReadSecurity,RemoteAccess -computer $ComputerName
} elseif($remove) {
	$LocalGroups | %{Set-UserLocalGroup -Computer $ComputerName -Group $_ -Domain $DomainName -User $UserName -remove}
	Set-WMINamespaceSecurity root/cimv2 delete "$DomainName\$UserName" -computer $ComputerName

To check that I can get the performance data I can use the powershell cmdlet Get-WMIObject , as you can see in the screendump, in the first test I do not have the permissions set but in the second it works..

Here are the functions


# Add/Remove user from local group 		
# Niklas Akerlund/Most code from Scriptingguy Blog

Function Set-UserLocalGroup 
	$de = [ADSI]"WinNT://$Computer/$Group,group" 
	} elseif ($remove){

Set-WmiNamespaceSecurity, there was an error in the original code that I have corrected based on the comments, this error caused the function to always run on the local computer instead of the remote when using the -computer parameter.

# Copyright (c) Microsoft Corporation.  All rights reserved. 
# For personal use only.  Provided AS IS and WITH ALL FAULTS.
# Set-WmiNamespaceSecurity.ps1
# Example: Set-WmiNamespaceSecurity root/cimv2 add steve Enable,RemoteAccess
Function Set-WmiNamespaceSecurity {
Param ( [parameter(Mandatory=$true,Position=0)][string] $namespace,
    [parameter(Mandatory=$true,Position=1)][string] $operation,
    [parameter(Mandatory=$true,Position=2)][string] $account,
    [parameter(Position=3)][string[]] $permissions = $null,
    [bool] $allowInherit = $false,
    [bool] $deny = $false,
    [string] $computer = ".",
    [System.Management.Automation.PSCredential] $credential = $null)
Process {
    $ErrorActionPreference = "Stop"
    Function Get-AccessMaskFromPermission($permissions) {
        $WBEM_ENABLE            = 1
                $WBEM_METHOD_EXECUTE = 2
                $WBEM_FULL_WRITE_REP   = 4
                $WBEM_PARTIAL_WRITE_REP              = 8
                $WBEM_WRITE_PROVIDER   = 0x10
                $WBEM_REMOTE_ACCESS    = 0x20
                $WBEM_RIGHT_SUBSCRIBE = 0x40
                $WBEM_RIGHT_PUBLISH      = 0x80
        	$READ_CONTROL = 0x20000
        	$WRITE_DAC = 0x40000
        $WBEM_RIGHTS_STRINGS = "Enable","MethodExecute","FullWrite","PartialWrite",<code>
        $permissionTable = @{}
        for ($i = 0; $i -lt $WBEM_RIGHTS_FLAGS.Length; $i++) {
            $permissionTable.Add($WBEM_RIGHTS_STRINGS[$i].ToLower(), $WBEM_RIGHTS_FLAGS[$i])
        $accessMask = 0
        foreach ($permission in $permissions) {
            if (-not $permissionTable.ContainsKey($permission.ToLower())) {
                throw "Unknown permission: $permission</code>nValid permissions: $($permissionTable.Keys)"
            $accessMask += $permissionTable[$permission.ToLower()]
    if ($PSBoundParameters.ContainsKey("Credential")) {
        $remoteparams = @{ComputerName=$computer;Credential=$credential}
    } else {
        $remoteparams = @{ComputerName=$computerName}
    $invokeparams = @{Namespace=$namespace;Path="__systemsecurity=@"} + $remoteParams
    $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
    if ($output.ReturnValue -ne 0) {
        throw "GetSecurityDescriptor failed: $($output.ReturnValue)"
    $acl = $output.Descriptor
    $computerName = (Get-WmiObject @remoteparams Win32_ComputerSystem).Name
    if ($account.Contains('\')) {
        $domainaccount = $account.Split('\')
        $domain = $domainaccount[0]
        if (($domain -eq ".") -or ($domain -eq "BUILTIN")) {
            $domain = $computerName
        $accountname = $domainaccount[1]
    } elseif ($account.Contains('@')) {
        $domainaccount = $account.Split('@')
        $domain = $domainaccount[1].Split('.')[0]
        $accountname = $domainaccount[0]
    } else {
        $domain = $computerName
        $accountname = $account
    $getparams = @{Class="Win32_Account";Filter="Domain='$domain' and Name='$accountname'"}
    $win32account = Get-WmiObject @getparams
    if ($win32account -eq $null) {
        throw "Account was not found: $account"
    switch ($operation) {
        "add" {
            if ($permissions -eq $null) {
                throw "-Permissions must be specified for an add operation"
            $accessMask = Get-AccessMaskFromPermission($permissions)
            $ace = (New-Object System.Management.ManagementClass("win32_Ace")).CreateInstance()
            $ace.AccessMask = $accessMask
            if ($allowInherit) {
            } else {
                $ace.AceFlags = 0
            $trustee = (New-Object System.Management.ManagementClass("win32_Trustee")).CreateInstance()
            $trustee.SidString = $win32account.Sid
            $ace.Trustee = $trustee
            $ACCESS_ALLOWED_ACE_TYPE = 0x0
            $ACCESS_DENIED_ACE_TYPE = 0x1
            if ($deny) {
                $ace.AceType = $ACCESS_DENIED_ACE_TYPE
            } else {
                $ace.AceType = $ACCESS_ALLOWED_ACE_TYPE
            $acl.DACL += $ace.psobject.immediateBaseObject
        "delete" {
            if ($permissions -ne $null) {
                throw "Permissions cannot be specified for a delete operation"
            [System.Management.ManagementBaseObject[]]$newDACL = @()
            foreach ($ace in $acl.DACL) {
                if ($ace.Trustee.SidString -ne $win32account.Sid) {
                    $newDACL += $ace.psobject.immediateBaseObject
            $acl.DACL = $newDACL.psobject.immediateBaseObject
        default {
            throw "Unknown operation: $operation`nAllowed operations: add delete"
    $setparams = @{Name="SetSecurityDescriptor";ArgumentList=$acl.psobject.immediateBaseObject} + $invokeParams
    $output = Invoke-WmiMethod @setparams
    if ($output.ReturnValue -ne 0) {
        throw "SetSecurityDescriptor failed: $($output.ReturnValue)"


Categories: Automation, Powershell Tags: