dimanche 2 septembre 2012

[Active Directory] Active Directory Snapshots Part 2/3 : Manage Snapshot

After presenting this feature in the previous post, we'll now see how to manage Active Directory Snapshot.

As I said in the previous post, there are two Tools which are used for Active Directory Snapshot : NTDSUTIL and DSAMAIN.


First I will show you how to create and mount snapshot with NTDSUTIL (http://technet.microsoft.com/en-us/library/cc753343(v=ws.10).aspx).

If you work on Active Directory, this tool should be familiar.

First, launch NTDSUTIL, set your Active Directory Database as the active instance, and go in the snapshot options.



Here are the different actions you can make to manage snapshots



Now I create a new snapshot :



I list all snapshots (there is just the one I just create) :



And I mount the snapshot.


That's all for now with NTDSUTIL.


Now we'll use DSAMAIN (http://technet.microsoft.com/en-us/library/cc772168(v=ws.10).aspx) to expose the snapshot data as an LDAP server.


First I copy the path of the snapshot database.




And we now use DSAMAIN. You just have to give the snapshot database path (Be careful if you use Powershell, you have to use single quote and not double quotes for the DBPATH) and the ldap port.

If you have already use DSAMAIN with Windows Server 2008 or 2008 r2, the result was different than mine. Indeed, as I use Windows Server 2012 for my hypervisor and my lab, virtualized domain controller feature are available and that's what you can see here.


Keep this Windows open.


Now you can use several tools to connect to the snapshot.
I'll use ADUC but you can use LDP, ADSIEDIT, ...


You can directly launch ADUC and connect to the snapshot



You can see that the current Directory Server is our snapshot.



Now you can browse your Active Directory Snapshot with ADUC (in read-only) for diagnostic purposes.

You can also mount simultaneously several snapshots :




When your diagnostics are done, stop DSAMAIN (with Ctrl + C)



And then you can unmount the snapshot through NTDSUTIL.


You can also automate the creation of snapshot. For this you have to use scheduled tasks with a one line command : 
ntdsutil "activate instance ntds" snapshot create quit quit

As you can see manage Active Directory Snapshot is very easy.



In the final post, we'll see how to restore attributes from Active Directory Snapshots and I will present you a tool from Fredrik Lindström, Directory Service Comparison Tool.

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)