Sunday, 25 March 2012

Automating The Creation Of Active Directory Snapshots


Automating The Creation Of Active Directory Snapshots


Windows Server 2008 has a new feature allowing administrators to create snapshots of the Active Directory database for offline use. There are quite a few scenarios for using AD snapshots. For example, if someone has changes properties of AD objects and you need to revert to their previous values, you can mount a copy of a previous snapshot to an alternate port and easily export the required attributes for every object that was changed. These values can then be imported into the running instance of AD DS. You can also restore deleted objects or simply view objects for diagnostic purposes.



 you've learned that the NTDSUTIL command is nested. Therefore, you can enter the entire sequence of commands in one long line, and put that into a batch file or script, then configure that batch or script to run at a specific time by using Task Scheduler.
In order to automate the creation of an Active Directory snapshot follow these steps:
  1. Create a new batch file with the following lines:
  2. @echo off
    ntdsutil snapshot "activate instance ntds" create quit quit
    exit
    
    Save the file as "ad-snapshot.bat" or similar, and place it in a location of your choice. I used C:'Scripts.
  3. Check to see if the script works by manually running it once. You need to run is after logging in as a member of the Domain Admins group to one of your Windows Server 2008 Domain Controllers.

  4. Open Task Scheduler from the Administrative Tools folder, or from Server Manager > Configuration.
  5. On the left node, right-click Task Scheduler (Local) and choose Create Basic Task.

  6. In the Create Basic Task window, give the new task a name and description. I used "Create AD snapshot". Click on the Next button.

  7. In Task Trigger window, select the appropriate schedule for the task to run. I used Weekly. Click on the Next button.

  8. In Weekly window, select the appropriate schedule for the task to run. I used Friday at 8:00PM. Click on the Next button.

  9. In Action window, select Start a Program. Click on the Next button.

  10. In Start a Program window, browse to the batch file you've created. Click on the Next button.

  11. In Summary window, browse to the batch file you've created. Click on the Finish button.

  12. Back in the Task Scheduler console, in the Task Scheduler Library area, check to see if the task was properly configured.

  13. Double-click on the task and take a look at the General tab. By default, the task is configured to only run when a user is currently logged on to that computer. Being a Domain Controller, it's most likely that that will not happen that often. We want to configure the task to run even when no user is logged on, and we will do this by supplying a user name and password for the task to run as. Click on the "Run whether user is logged on or not" checkbox. Then click on the "Change User or Group" button.

  14. In the Select User or Group window, enter the name of the user that the task will run as. You can use the Administrator's account, but it's better if you create a special account for such scripts. I used the Administrator's default account for the purpose of this article. Click Ok.

  15. Enter the password for the account you chose, then click Ok.

  16. To check if the task runs correctly, you can right-click on it and select Run. You can then look at the current snapshots to see if a new one has been created.
The task you've created will run at the specified interval.

No comments:

Post a Comment