A new tool in Windows Server 2008 that simplifies restoring Active Directory

Windows 2003 introduced the feature of snapshots for backing up critical information from the Active Directory Domain Services using VSS (Volume Shadow Copy Services). The problem was that if the DC needed to be restored from snapshots multiple copies would have to be restored and compared to find the best copy. And DC restoration requires a reboot into Directory Restore Mode which could slow down or take down a domain until the Active Directory files were recovered. With Windows 2008 Server a new tool Dsamain.exe and a improved Ntdsutil .exe make the operation simpler and without requiring reboot.

Dsamain.exe is a new tool that allows you to view a snapshot as a LDAP server so you can browse and compare the contents of the image. The Ntdsutil.exe utility allows you to create, mount and delete VSS snapshots. So if there is a situation where the DC needs to be restored from a Ntdsutil snapshot the Dsamain utility can be used to examine the contents of the snapshot log files and Active directory databases.

Creation and administration of VSS snapshots using Ntdsutil
The first step is to make sure you are logged into a Domain Administrator/ Enterprise Administrator account. You will start by creating a snapshot.

(1) Start->(right click) on Command Prompt->Runas Adminstrator
(2)If the UAC (User Access Control) box opens confirm the action and press continue.
(3)In cmd type “ntdsutil”->enter
(4)Type “snapshot”->enter
(5)Type “activate instance ntds”->enter
(6)Type “create”->enter

Which creates the following message:
Snapshot set {GUID} generated successfully.

The “GUID” is the Globally Unique Identifier for the snapshot.

Then you probably want to check the list of currently mounted snapshots by entering at cmd.
“list mounted”->enter

Which produces a list of mounted snapshots and a index number that can be interchanged for mounting, unmounting or deleting snapshots.

And you can mount your new image by typing at cmd
“mount (index #/GUID)”->enter.

And finally to unmount/delete a snapshot use the following commands.

“unmount (index #/GUID)”->enter

“delete (index #/GUID)->”enter

Type “quit” twice to get out of the ntsdutil menu to the command prompt.

Once mounted you can use Dsamain.exe utility to look at the mounted snapshot.
(1) Start->(right click) on Command prompt->Runas Adminstrator
(2) If the UAC (User Access Control) box opens confirm the action and press continue.
(3) Type out “dsamain /dbpath /ldapport “
(important note the port number should not conflict with any ports that the Domain Controller is using). You should receive a message that “Active Directory Domain Services startup” is complete
(4) Use ldp.exe or Active Directory Users and Computers to access and compare Active Directory data. And restore the best copy.


Tags:

 
 
 

3 Responses to “A new tool in Windows Server 2008 that simplifies restoring Active Directory”

  1. Gravatar of Tomek Tomek
    18. February 2010 at 11:32

    Shameless plug – if You want to try a tool which simplifies recovering data out of the snapshot into directory I wrote one some time ago:

    http://blogs.dirteam.com/blogs/tomek/pages/snapshot-recover-tool.aspx

  2. Gravatar of kamran kamran
    19. February 2010 at 00:48

    Thanks for the link. I will definitely check out your snapshot tool.

  3. Gravatar of Mike Mike
    25. March 2010 at 14:39

    Another tool based on snapshots (though it uses proprietary format) that provides item-level AD recovery capabilities:

    http://www.netwrix.com/active_directory_change_reporting_freeware.html

    The tool is developed by the company I work for (NetWrix) and it’s free with some minor limitations. Doug Tooms from Windows IT Pro reviewed it recently and here is the podcast: http://www.runasradio.com/default.aspx?showNum=150 (The fragment about NetWrix starts at 32:55, but the whole thing deserves listening).

Leave a Reply