Nowadays when companies are integrating their infrastructure to the cloud there might come a lot changes to identities before migration can be started. And when we are talking about changes we are always talking about disaster recovery and rollback options.

In these cases Active Directory database mounting (and of course proper backups) can be very useful.

Pre-requirements and notes:

  • At least Windows Server 2008 Domain Controller
  • All permissions that apply to the data in the snapshot are enforced.
  • By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view a snapshot because it can contain sensitive AD DS data.
  1. Logon to Domain Controller, open cmd.exe and open ntdsutil, activate ntds instance and  create snapshot with following commands

NTDSUTIL – Activate instance ntds – create

1

 

2. Mount snapshot you just created

mount <guid from the snapshot>

2

 

3. Open cmd and use dsmain tool to open and view ADDS database. Mounted drive can be accessed via resource explorer. In my example there are two drives mounted because I have two hard drives in my Domain Controller

3

5

 

4. After you have mounted ADDS database successfully you can browse ADDS database with ldap tool, for example ADUC, LDP, etc just connecting to port 50000 to DC where database has been mounted

6

This is extremely useful if you need information about changed objects afterwards (for example object attributes or group memberships) .

Disconnect from the database

  1. First disconnect from ADDS instance just pressing crtl+C

7

 

2. Unmount the snapshot – unmount <guid>

8