Hi all,
Today lets go through a very simple step today on how to create a snapshot of AD DS in Windows Server 2012 R2…
But 1st, what’s snapshot and what’s NTDSUTIL?
NTDSUtil in Windows Server 2012 can create and mount snapshots of AD DS.
A snapshot is a form of historical backup that captures the exact state of the directory service at the time of the snapshot.
You can use tools to explore the contents of a snapshot to examine the state of the directory service at the time the snapshot was made, or connect to a mounted snapshot with LDIFDE and export a reimport objects into AD DS.
For this short demo, I use my DC01.comsys.local server.
Lets get started…
1 – On the domain server, which is my DC01.comsys.local, open command prompt and type ntdsutil and press enter…
2- Next, type snapshot and press enter…
3 – Next, type activate instance ntds and press Enter…
4 – Next, type create (this create command is to generate a snapshot of my AD) and press Enter…
5 – Next, make sure you copy the copy the GUID somewhere (highlight the GUID and then copy)…
6 – Next, type quit 2 times to exit from snapshot…
7 – Now, lets make some change to my ADDS by deleting 1 of my AD user, for this demo, I choose my user from Research department…
Once you deleted the user, you need to mount an Active Directory snapshot, and create a new instance so that later we can retrieve back the deleted user…
8 – in CMD, type ntdsutil, then snapshot, then type activate instance ntds, then type list all (please refer to my screen shot)…
9 – Next, you need to mount GUID no (please refer to my screen shot), type mount no and press enter…
10 – once successful, exit the process by typing quit 2 times…
11 – Next, on the CMD, type dsamain /dbpath C:\$SNAP_datetime_volumec$\windows\ntds\ntds.dit /ldapport 50000
** be aware that datetime will be a unique value. There only should be one folder on your C:\ drive with a name that begins with $snap.
12 – Leave Dsamain.exe running, and do not close the CMD…
** A message indicates that Active Directory Domain Services startup is complete…
13 – Next, lets explore a snapshot with Active Directory Users and Computers, on the ADUC, right click Comsys.local and click Change Domain Controller…
14 – type DC01:50000 on the , then click OK…
15 – Next, browse to Research OU and you will notice that our deleted user is now back online…
16 – our last step is to unmount an Active Directory snapshot…
on the command prompt, press CTRL+C to stop DSAMain.exe…
17 – then wrap up the whole process, on the CMD, type :
ntdsutil
snapshot
activate instance ntds
list all
unmount guid (guid is the GUID of the snapshot)
list all
quit
quit
snapshot
activate instance ntds
list all
unmount guid (guid is the GUID of the snapshot)
list all
quit
quit
No comments:
Post a Comment