Active Directory Snapshots in Windows Server 2008

Snapshots is a new feature in Windows Server 2008 Active Directory Domain Services.
It allows you to take live snapshots of the Active Directory Database (ntds.dit).

Click on the image to see my example usage:

image

The snapshot can also be scheduled to be run i.e. on a daily basis by putting this in a cmd-file and scheduling it to run daily:
ntdsutil snapshot “activate instance ntds” create quit quit
exit

As you can see on the image above you can list all snapshot by typing “list all” within the snapshot-context in ntdsutil.
Then you can type “Mount {GUID}” to mount the snapshot in the filesystem.

A utility called dsamain allows us to publish the mounted snapshot as an LDAP-server, which then can be access by i.e. ldp.exe

 

In this example I`ve used a great tool called Directory Service Comparison Tool made by Fredrik Lindström, you can see more info regarding the tool here.

Then I connect to the LDAP-server instance I set up with dsamain:

image

Now we can see modified, added and deleted objects (the snapshot is being compared to the live Active Directory database):

image