Information Technology Reference
In-Depth Information
From this point on, your path will vary depending on what you're trying to clean
up. You can see a list of current commands at any level of Ntdsutil.exe by pressing
?
.
And you can exit the current level and return to the previous one by typing
quit
or
simply
q
.
7.
Active Directory snapshots are a point-in-time view of Active Directory, which are created by
using the Volume Shadow Copy Service (VSS). You can create a snapshot by using Ntdsutil.exe
and then mount it to view the objects and their properties.
To create a snapshot, run the following command from an elevated cmd or Windows
PowerShell prompt:
ntdsutil snapshot "activate instance ntds" create "list all" quit quit
This command creates a snapshot of the ntds database and then lists all available
snapshots (see Figure 5-20).
FIGURE 5-20
The elevated Windows PowerShell showing Active Directory snapshot creation
You can mount a specific snapshot from its GUID or its index number by using the
following command:
Ntdsutil snapshot "activate instance ntds" "list all" "mount 2" quit quit
The result of this command shows that the database was mounted on the C drive at:
C:\$SNAP_
datetime
_VOLUMEC$ where
datetime
is the date and time of the snapshot you're
mounting. You can now connect to the mounted database using the Dsamain.exe utility:
Dsamain -dbpath "C:\$SNAP_201402251635_VOLUMEC$\Windows\NTDS\ntds.dit" -ldapport 45000
