You need to view the contents of an Active Directory snapshot from two days ago

Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 eachday.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?

Your network contains an Active Directory domain named contoso.com. The domain contains a domain
controller named DC1 that runs Windows Server 2012 R2.
You create an Active Directory snapshot of DC1 eachday.
You need to view the contents of an Active Directory snapshot from two days ago.
What should you do first?

A.
Start the Volume Shadow Copy Service (VSS).

B.
Run the dsamain.exe command.

C.
Run the ntdsutil.exe command.

D.
Stop the Active Directory Domain Services (AD DS) service.

Explanation:
1. ntdsutil.exe to mount the snapshot
2. dsamain.exe to expose it as LDAP server
3. ldp.exe to view content
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx
http://www.petri.co.il/working-active-directory-snapshots-windows-server-2008.htm

← Previous question

Next question →

Leave a Reply 5

anon

I think you need to stop the AD DS service first…

Reply

den

no, answer is C because when you create a snapshopt then it just resides in VSS store without being mounted. So you have to pick the right one and mount it first, which is being done using ntdsutil

Reply

Dude

I believe this should be dsamain.exe

https://technet.microsoft.com/en-us/library/cc772168.aspx

NTDSUTIL will take the ntds snapshot but then is mountable using dsamain

Reply

Hassan

You need to mount the right snapshot. How do you know which one? by listing the snapshots using NTDSUTIL.

Here I am, giving answer to all you fellow Microsoft geeks

Reply

Alex

i’m so glad that this page shows the correct answer,FIRST is ntdsutil,THEN DSamain,if i relied solely on my 411 dump i wouldve missed it,gotta double check everything 🙂

Reply