AD Objects -- Back from the Dead -- Microsoft Certified Professional Magazine Online

AD Objects -- Back from the Dead

Windows Server 2008 has a way of reanimating dead AD objects.

By Greg Shields
07/02/2007

Tombstoning of objects in Active Directory is both a great feature and a great pain -- that is, if you've let deleted objects linger too long before trying to bring them back to life. Reanimation of objects in Active Directory is a pain in Windows Server 2003 because only mandatory attributes are preserved when the object is reanimated.

In Windows Server 2008 however, a new feature has been added into NTDSUTIL that can improve the efficacy of bringing back these old objects. The new SNAPSHOT submenu allows you to create and later mount a snapshot of your AD database using Volume Shadow Copies. Once mounted, this parallel instance can be used in the process of locating -- and potentially exporting -- this missing information back into the production directory.

To create a snapshot, type NTDSUTIL at the command prompt to enter its interactive mode. Then enter SNAPSHOT, followed by CREATE. Mount the snapshot by typing MOUNT {Snapshot GUID}. The result of the CREATE command will provide the GUID of the snapshot just created. Mounting the snapshot makes it available through the file system as a subdirectory of the system drive.

Once mounted, NTDSUTIL can then start the snapshot's Active Directory in parallel with your existing AD using the DSAMAIN command. It does this by using a different set of ports. These ports are not typically configured for use by any systems in your domain and the parallel instance starts as read-only. So, there's little to no chance of affecting your existing Active Directory. To start your parallel Active Directory world, enter the following:

DSAMAIN –dbpath:{PathToMountedAD} -ldapport:{NewLDAPPort} -sslport:{NewLDAPSSLPort} -gcport:{NewGCPort} -gcsslport:{NewGCSSLPort}

For all the new ports above, they'll need to be configured to a port not currently in use by the system. This parallel AD will continue to be operational until a Ctrl+C is pressed in the command window where it was started. While it is running you can use the data in the snapshot along with your favorite Active Directory tools to help you locate the missing information from any accidentally deleted objects.

Tech Help—Just An
E-Mail Away

Got a Windows, Exchange or virtualization question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to the MCPmag.com editors at [email protected]; the best questions get answered in this column and garner the questioner with a nifty Redmond T-shirt.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message, but submit the requested information for verification purposes.)

A discussion of the reanimation and restore of this missing information is a little long for this piece, so check out Microsoft Knowledge Base article 840001 for a very thorough explanation of the process.

About the Author

Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.

Register! Top 5 Hybrid AD Management Mistakes and How to Avoid Them