If you’ve played around with Windows Server 2008 Active Directory Domain Services, you will probably be familiar with the snapshot feature within NTDSUTIL. The feature allows you to take snapshot of the volumes that host the AD components and to then mount the snapshot. Once mounted, you can use DSAMAIN.EXE to expose a read-only copy of the AD database to your favourite browsing tool (LDP.EXE, ADSIEDIT.MSC, DSA.MSC, ADFIND.EXE, etc.). The process for doing this is well documented elsewhere, so I don’t intend to reproduce it here.
Microsoft recommends that you schedule regular snapshots, as this provides you with a quick method of checking the contents of the directory at different time slices in the past. One advantage of this that you can quickly identify which backup to use when needing to authoritatively restore accidentally deleted AD objects from backup.
What isn’t quite so well documented it the process to schedule regular snapshots. It took me a little while to configure this properly, so I thought I would share it with you here.
Windows Server 2008 comes with a re-vamped Task Scheduler. You can configure tasks using both the UI as well as the command line (schtasks.exe). I prefer to use the command line as it has the advantage of allowing you to set tasks to run under the SYSTEM account. It is also the only option if you are using Server Core, unless you want to open the firewall to allow remote task scheduling from a computer running the full version.
Here’s the command line I use. Note that it’s all on one line – wrapped here to fit page
SCHTASKS /Create /RU SYSTEM /SC DAILY /TN MYTASKS\DS_SNAPSHOT /TR "%windir%\system32\ntdsutil.exe sn \"ac i ntds\" create q q" /ST 05:00
It is worth pulling the command arguments apart to explain them better:
/Create – pretty obvious. It instructs schtasks to create a new task.
/RU SYSTEM – the task will run under the SYSTEM account. Note that you don’t need to specify a password when using SYSTEM.
/SC DAILY- the task will run daily
/TN MYTASKS\DS_SNAPSHOT – I’ve called the task name DS_SNAPSHOT and this will be created within the MYTASKS task folder. The folder will be created automatically if it does not already exist.
/TR “%windir%\system32\ntdsutil.exe sn \”ac i ntds\” create q q” – This is the task action. It runs NTDSUTIL with arguments. Note that the double quotation marks within the arguments have to be escaped with the backslash character
/ST – the start time for the task will be 5am.
The command line shown above assumes that you are working on the local machine on which you want to create the task. If defining the task for a remote computer, use the additional command line options shown below.
SCHTASKS /Create /s MYSERVER /U administrator /P xxxxx /RU SYSTEM /SC DAILY /TN MYTASKS\DS_SNAPSHOT /TR "%windir%\system32\ntdsutil.exe sn \"ac i ntds\" create q q" /ST 05:00
Once you’ve run the command you can verify the settings in the Task Scheduler UI.
If you’re feeling brave you can also have a look at scripting the task creation, as described here.