Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?
A.
Run the dsamain.exe command.
B.
Stop the Active Directory Domain Services (AD DS) service.
C.
Start the Volume Shadow Copy Service (VSS).
D.
Run the ntdsutil.exe command.
Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory
Access Protocol (LDAP) server.
Ref: http://technet.microsoft.com/en-us/library/cc772168.aspx
First you need mount snapshot by ntdsutil and then use dsamain
Not true, see: https://technet.microsoft.com/en-us/library/cc753609(v=ws.10)
“You are not required to run the ntdsutil snapshot operation to use Dsamain.exe. You can instead use a backup of the AD DS or AD LDS database or another domain controller or AD LDS server. The ntdsutil snapshot operation simply provides a convenient data input for Dsamain.exe.”
the snapshots are just lying in VSS store but they are not mounted!
so you have to use ntdsutil first to choose the right one and then mount before using dsamain…
just running dsamain would only work if you had the snapshots available in valid file system somewhere
https://technet.microsoft.com/en-us/library/cc731620.aspx
Before you can run the snapshot subcommand, you must run the activate instance subcommand in Ntdsutil to set an active instance….
You are NOT required to run the snapshot subcommand to use Dsamain.exe. Instead, you can use a backup of the AD DS or AD LDS database or another domain controller or AD LDS server. Running the snapshot subcommand simply provides convenient data input for Dsamain.exe.
https://technet.microsoft.com/en-us/library/cc772168.aspx
So I think it should be D.
(you have to find out the name of the snapshot to mount that is 2 days old)
D
confirmed in 2 books. Answer is D.
you create the snapshot via ntdutil
you mount the snapshot via ntdutil
you connect to the mount using the dsamain.exe
you use ad users and computers to view the snapshot using the output of dsamain
The question asks what should you do FIRST. It should be to first stop the ADDS service. The answer is B.
Dev7, where you got konwledge that you have to STOP ADDS??
In below document it is writen stright that:
“Manages snapshots of the volumes that contain the Active Directory database and log files, which you can view on a domain controller without starting in Directory Services Restore Mode (DSRM).”
(https://technet.microsoft.com/en-us/library/cc731620(v=ws.10).aspx)
Above Kurt had gave very good explanation of the process, and the correct answer – D.
Sorry I was reading optimizing an offline ADDS where you had to use the command
net stop ntds
Ntdsutil.exe
activate instance ntds
files
compact to “”
quit
quit
😀
Provided answer correct: http://windowsitpro.com/windows-server-2008/using-active-directory-snapshots-and-dsamain-tool
Look at 9th paragraph.
The thing is that the question says “You need to view the contents of an Active Directory snapshot..what to do first?”
To view the content you can use ntdsutil to mount the snapshot and see its content on Windows Explorer mounted folder/drive. This will show all the files that are into the snapshot.
To view information like AD Objects you will need to use dsamain, which not necessarily needs a mounted snapshot by ntdsutil according to Microsoft Documentation.
So, for this question, to see the contents only, I believe the answer is ntdsutil first and only.
I would go with D because it is not specified which content it is.