Friday 2 August 2013

Active Directory Snapshots with Windows Server 2008



Using Active Directory Snapshots


Snapshots are a feature of Active Directory introduced in Windows Server 2008. In order to use them you don’t have to have your domain running in Windows Server 2008 mode but you do need at least one Windows Server 2008 or Windows Server 2008 R2 domain controller.

 Snapshots are created and manipulated using the ntdsutil.exe command line utility. Once you have an Active
Directory snapshot you can export it using dsamain.exe (otherwise known as the Active Directory database mounting tool), and you can then interact with it using any Active Directory or LDAP tool. To work with Active Directory snapshots you need to be a member of either the Domain Admins or Enterprise Admins group. The process of creating an Active Directory snapshot is reasonably straightforward:

With your server booted into normal mode open a command prompt by clicking Start, type “cmd“, and press enter.

We are going to use the ntdsutil again for creating the Active Directory snapshots. The commands are:
ntdsutil
snapshot
activate instance ntds
create
quit
quit
How to Backup and Restore Active Directory on Server 2008 - 12
So now that you have a snapshot of AD, how do you access the data? First we need to mount the snapshot using ntdsutil. The commands are:
ntdsutl
snapshot
list all
mount 1 — (Note: You should mount the correct snapshot you need; for this example there is only 1.)
quit
quit
How to Backup and Restore Active Directory on Server 2008 - 13
Your snapshot is mounted, but how do you access the data? We need to use the dsamain command to accomplish this. Then we need to select an LDAP port to use. The command is as follows:

dsamain –dbpath c:\$SNAP_200905141444_VOLUMEC$\WINDOWS\NTDS\ntds.dit –ldapport 10001
The result should look like this:
How to Backup and Restore Active Directory on Server 2008 - 14

 Now we need to go to Start, Administrative Tools, then Active Directory Users and Computers.
Right click Active Directory Users and Computers and select Change Domain Controller.
How to Backup and Restore Active Directory on Server 2008 - 15

In the area that says < Type a Directory Server name [:port] here > enter the name of your server and the LDAP port you used when running the dsamain command.
For my example it would be: WIN-V22UWGW0LU8.HOME.LOCAL:10001
How to Backup and Restore Active Directory on Server 2008 - 16
Now you can browse the snapshot of Active Directory without affecting anything else negatively.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)