You need to view the contents of an Active Directory snapshot from two days ago

Your network contains an Active Directory domain named contoso.com. The domain contains a
domain controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?

Your network contains an Active Directory domain named contoso.com. The domain contains a
domain controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 each day.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?

A.
Run the dsamain.exe command.

B.
Stop the Active Directory Domain Services (AD DS) service.

C.
Start the Volume Shadow Copy Service (VSS).

D.
Run the ntdsutil.exe command.

Explanation:
Dsamain.exe exposes Active Directory data that is stored in a snapshot or backup as a Lightweight
Directory Access Protocol (LDAP) server.

http://technet.microsoft.com/en-us/library/cc772168.aspx



Leave a Reply to snoopdog Cancel reply7

Your email address will not be published. Required fields are marked *

20 − twenty =


Jeff

Jeff

Answer isn’t correct. You have to mount the snapshot first with ntdsutil.

Robert

Robert

Agree. Correct answer is D. “What should you do first?” – mount the snapshot

Jombie

Jombie

Agree with “D”.

https://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

“Although it is not a requirement, you can schedule a task that regularly runs Ntdsutil.exe to take snapshots of the volume that contains the AD DS or AD LDS database.

1. Run Ntdsutil.exe to list the snapshots that are available and then mount the snapshot that you want to view.

2. Run Dsamain.exe to expose the snapshot volume as an LDAP server. “

John

John

Agreed, it should be D.

asd

asd

Mount snapshot first with Ntdsutil, then mount snapshot into AD using dsamain.

D

Patrick

Patrick

Step 3: Expose an AD DS or AD LDS snapshot as an LDAP server

——————————————————————————–

By default, you must be a member of the Enterprise Admins groups or the Domain Admins group to run Dsamain.exe and to access the Active Directory data that it exposes. If the snapshot is taken from a domain that no longer exits, you can specify the /allowNonAdminAccess parameter. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To expose an AD DS or AD LDS snapshot as an LDAP server

——————————————————————————–

1.Log on to a domain controller as a member Enterprise Admins groups or the Domain Admins group.

2.Click Start, right-click Command Prompt, and then click Run as administrator.

3. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

4.At the elevated command prompt, type the following command, and then press ENTER. Be sure to include a space between the name of the parameter and the value that you specify.

dsamain /dbpath /ldapport

If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. For example, type:

dsamain /dbpath E:\$SNAP_200704181137_VOLUMED$\WINDOWS\NTDS\ntds.dit /ldapport 51389

A message indicates that Active Directory Domain Services startup is complete.

Allow Dsamain.exe to continue running in the command prompt window while you use an LDAP tool such as Ldp.exe or Active Directory Users and Computers to view the AD DS or AD LDS data in the snapshot.