Categories

Active Directory snapshots I

One of the useful, but often overlooked, features of Windows 2008 & 200 R2 is the ability to take snapshots of your AD database.  These can be then mounted and accessed in parallel with your live AD.  Its possible to compare before and after so you can see what changes have been made. In Windows 2008 they can also be used to populate re-animated tombstone objects (in Windows 2008 R2 we’d just recover from the recycle bin).

More information cam be found in these articles.

http://technet.microsoft.com/en-us/library/cc753609(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc731620(WS.10).aspx

This is good functionality BUT the snapshots are managed by ntdsutil. Not my favourite tool. I can never remember the syntax I need so I decided to wrap the ntdsutil calls in PowerShell functions. I’ve created a module of these functions and they’ll be posted on codeplex in the PowerShell Admin Modules project - http://psam.codeplex.com/

First off we need to create a snapshot

 

001
002
003
004
005
006
007
008
009
010
011
012
013

function new-adsnapshot{
[CmdletBinding()]
param()
PROCESS
{
 
if ( -not ([Security.Principal.WindowsPrincipal]
`
 
[Security.Principal.WindowsIdentity]::GetCurrent()).
IsInRole(`
 
[Security.Principal.WindowsBuiltInRole] "Administrator"
) ){
  
Throw "Must run PowerShell as ADMINISTRATOR to perform these actions"
 }
 
 
ntdsutil "Activate Instance ntds" snapshot create quit quit
}#process
}

 

No parameters to this one – we test if running with elevated privileges and then call ntdsutil to create the snapshot.

These functions have to be run on a domain controller or using powershell remoting to a domain controller.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>