It's simple, many companies doesn't use this feature in their Active Directory backup and restore policy whereas it should be integrated in this policy as an additionnal tools for diagnostic purposes.
So what is Active Directory Snapshot ?
Active Directory snapshot is a shadow copy, created by the Volume Shadow Copy Service (VSS), of the volumes that contain the Active Directory database and log files.
This feature, introduced with Windows Server 2008, allows you to create read-only snapshots of the Active Directory Database.
Then you can mount this snapshot on a online domain controller for simplifying a recovery process or auditing changes and objects deletion.Why should you use Active Directory Snapshot ?
That's simple, saving time in the recovery process.
Indeed, in the case where you have to restore a backup, you have to determine first which backup is best. You must restore it to a domain controller to view its contents. Each restore operation requires that you restart the domain controller in Directory Services Restore Mode (DSRM) until you find the best backup.
With Active Directory Snapshot you can easily determine which backup is the best without restart the domain controller in Directory Services Restore Mode.
Active Directory Snapshot can also be used to restore objects (we'll see this later) but not natively.
What do you need to use Active Directory Snapshot ?
Two tools are used for Active Directory Snapshot :
- NTDSUTIL
- DSAMAIN
NTDSUTIL (http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx) allows you to manage snapshots (create, delete, mount and unmount snapshot).
DSAMAIN (http://technet.microsoft.com/en-us/library/cc772168(v=ws.10).aspx) allow you to expose the snapshot data as an LDAP server.
Then you can use existing LDAP tools as LDP, ADSIEDIT, ADUC to connect to the snapshot.
That's all for this post, we'll see next how to manage Active Directory Snapshot.
Aucun commentaire:
Enregistrer un commentaire