Windows Server 2008 is designed to allow administrators to take snapshots of the Active Directory database. As the name implies, a snapshot is simply an offline, read-only copy of the database.
Creating a snapshot prior to making any major Active Directory modifications gives you a copy of the database to fall back on should the need arise. This way you can compare settings within the live database against the settings contained in the copy. It's even possible to export data from the snapshot and into the live Active Directory database.
Creating an Active Directory snapshot
It may sound a little odd, but the first step in the AD snapshot process is to actually create the snapshot itself. To do so, open an elevated command prompt window and enter the following command:
NTDSUTIL "Activate Instance NTDS" snapshot create quit quit
As you can see in Figure A, though we are entering a single command, Windows actually interprets the individual parts as separate commands. You should be able to use the output from these commands to confirm that a snapshot was created.
Figure A (click to enlarge)
[IMAGE]
Mounting the snapshot
Once the snapshot has been created, it still must be mounted before it can be used. From your elevated command prompt, enter the following commands:
NTDSUTIL
Snapshot
List all
Typically you will see two Active Directory snapshots listed when you enter these commands. The first snapshot bears the current date and time. This is the snapshot that you have just created. If you look back at Figure A, you will notice that there is a line of text that says Snapshot Set {5062af3e-fa88-405c-9f80-b19d0764f706} generated successfully. This is the same number that follows the date on Snapshot 1. Therefo...
To continue reading for free, register below or login
To read more you must become a member of SearchWindowsServer.com
re, we need to tell Windows to mount Snapshot 1, which we can do by entering this command:
Mount 1
You can see what the whole process looks like in Figure B.
Figure B (click to enlarge)
[IMAGE]
Connecting an Active Directory snapshot
Now that we have mounted our snapshot, we must connect a port number to it so that we can browse the snapshot. Normally, LDAP queries are made to Active Directory through Port 389. We can use any port number so long as it isn't already in use. Actually, you will need four sequential port numbers that are free. I recommend using port 30,000, which will cause Windows to make the following port assignments:
Before we can assign the port number, we need to find the location of the Ntds.dit file within the snapshot. Even though the file is normally located at C:\Windows\NTDS, you should still enter the following commands to make sure:
C:
CD\
Dir ntds.dit /s
If you look at Figure C, you will see that the first result that is returned points to C:\Windows\NTDS\ntds.dit. You will also notice that the path contains the code C:\$SNAP_200910132254_VOLUMEC$. You must make note of this portion of the path, as it is different on every server.
Figure C (click to enlarge)
[IMAGE]
Once you know the path to Ntds.dit (including the mount code) and you have chosen a port number, you can mount the snapshot by using the following command:
DSAdmin –dbpath "C:\SNAP_200910132554_VOLUMEC$\Windows\NTDS\ntds.dit" –LDAPport 30000
As shown in Figure D, you will receive confirmation of Active Directory Domain Services startup, but after that the window will appear to lock up. The window hasn't actually locked up, however, and it is important that you keep it open.
Figure D (click to enlarge)
[IMAGE]
Working with Active Directory information
Once you have finally mounted your Active Directory snapshot, you can use it with all of the standard Active Directory tools. To give you an idea of how this works, let's use the snapshot with the Active Directory Users and Computers console.
Once the console opens, choose the Change Domain Controller command from the console's Actions menu. You will now see the Change Directory Server dialog box, shown in Figure E. Select the This Domain Controller or AD LDS Instance option, and then click on the Type a Directory Server Name [port] Here option.
Figure E (click to enlarge)
[IMAGE]
Next, type the name of your domain controller, followed by a colon and the port number that you have selected. For example, in Figure F you can see that I have typed Lab-DC:30000. Click OK and the console will be directed to use the Active Directory snapshot.
Figure F (click to enlarge)
[IMAGE]
Disconnecting the snapshot
When you have finished working with the snapshot, close the console window and switch back to the elevated command prompt window that you left open. Press Ctrl+C and the snapshot will be disconnected.
Next, you must dismount and delete the snapshot. Begin by entering these commands:
NTDSUTIL
Snapshot
List mounted
Once you have verified the number assigned to the snapshot that you want to dismount and delete, you can complete the process by entering these commands:
Unmount 2
Delete 2
Quit
Quit
As you can see, Active Directory snapshots provide a handy way of working with an offline copy of AD. Keep in mind that while it is possible to export Active Directory settings from a snapshot, the snapshot itself is read-only.
[IMAGE] Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit his personal Web site at www.brienposey.com.
