Utilizing Active Directory snapshots in Windows Server 2008 Windows Server 2008 is designed to allow administrators to take snapshots of the Active Directory database. As the name implies, a snapshot is simply an offline, read-only copy of the database.

Creating a snapshot prior to making any major Active Directory modifications gives you a copy of the database to fall back on should the need arise. This way you can compare settings within the live database against the settings contained in the copy. It's even possible to export data from the snapshot and into the live Active Directory database.

Creating an Active Directory snapshot

It may sound a little odd, but the first step in the AD snapshot process is to actually create the snapshot itself. To do so, open an elevated command prompt window and enter the following command:

NTDSUTIL "Activate Instance NTDS" snapshot create quit quit

As you can see in Figure A, though we are entering a single command, Windows actually interprets the individual parts as separate commands. You should be able to use the output from these commands to confirm that a snapshot was created.

Mounting the snapshot

Once the snapshot has been created, it still must be mounted before it can be used. From your elevated command prompt, enter the following commands:

List all

Typically you will see two Active Directory snapshots listed when you enter these commands. The first snapshot bears the current date and time. This is the snapshot that you have just created. If you look back at Figure A, you will notice that there is a line of text that says Snapshot Set {5062af3e-fa88-405c-9f80-b19d0764f706} generated successfully. This is the same number that follows the date on Snapshot 1. Therefore, we need to tell Windows to mount Snapshot 1, which we can do by entering this command:

Mount 1

Connecting an Active Directory snapshot

Now that we have mounted our snapshot, we must connect a port number to it so that we can browse the snapshot. Normally, LDAP queries are made to Active Directory through Port 389. We can use any port number so long as it isn't already in use. Actually, you will need four sequential port numbers that are free. I recommend using port 30,000, which will cause Windows to make the following port assignments:

30,000 LDAP
30,001 LDAP / SSL
30,002 Global Catalog
30,003 Global Catalog / SSL

Before we can assign the port number, we need to find the location of the Ntds.dit file within the snapshot. Even though the file is normally located at C:\Windows\NTDS, you should still enter the following commands to make sure:

Dir ntds.dit /s

If you look at Figure C, you will see that the first result that is returned points to C:\Windows\NTDS\ntds.dit. You will also notice that the path contains the code C:\$SNAP_200910132254_VOLUMEC$. You must make note of this portion of the path, as it is different on every server.

Once you know the path to Ntds.dit (including the mount code) and you have chosen a port number, you can mount the snapshot by using the following command:

DSAdmin –dbpath "C:\SNAP_200910132554_VOLUMEC$\Windows\NTDS\ntds.dit" –LDAPport 30000

As shown in Figure D, you will receive confirmation of Active Directory Domain Services startup, but after that the window will appear to lock up. The window hasn't actually locked up, however, and it is important that you keep it open.

Working with Active Directory information

Once you have finally mounted your Active Directory snapshot, you can use it with all of the standard Active Directory tools. To give you an idea of how this works, let's use the snapshot with the Active Directory Users and Computers console.

Once the console opens, choose the Change Domain Controller command from the console's Actions menu. You will now see the Change Directory Server dialog box, shown in Figure E. Select the This Domain Controller or AD LDS Instance option, and then click on the Type a Directory Server Name [port] Here option.

Next, type the name of your domain controller, followed by a colon and the port number that you have selected. For example, in Figure F you can see that I have typed Lab-DC:30000. Click OK and the console will be directed to use the Active Directory snapshot.

Disconnecting the snapshot

When you have finished working with the snapshot, close the console window and switch back to the elevated command prompt window that you left open. Press Ctrl+C and the snapshot will be disconnected.

Next, you must dismount and delete the snapshot. Begin by entering these commands:

List mounted

Once you have verified the number assigned to the snapshot that you want to dismount and delete, you can complete the process by entering these commands:

Unmount 2
Delete 2

As you can see, Active Directory snapshots provide a handy way of working with an offline copy of AD. Keep in mind that while it is possible to export Active Directory settings from a snapshot, the snapshot itself is read-only.