Windows Server 2008 + Knowing what is in your AD Tool Kit

Work in progress…

AD Recycle bin
http://koppihle3.blogspot.com/search?q=recycle

AD Tombstoning 
http://technet.microsoft.com/en-us/magazine/2007.09.tombstones.aspx

Video 1 of 1 (demo on restoring an AD object)
http://www.youtube.com/watch?v=hs3YqQVv-M0

AD LDS backup (Windows Backup or dsdbutil)
http://technet.microsoft.com/en-us/library/cc730941(v=ws.10).aspx

AD LDS restore (Windows Backup or dsdbutil)
http://technet.microsoft.com/en-us/library/cc725903(v=ws.10).aspx

AD LDS editing
http://technet.microsoft.com/en-us/library/cc732675(v=ws.10).aspx

AD AD LDS Snapshots step by step
http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx

Video 1 of 4 (explanation of who what and why)
http://www.youtube.com/watch?v=36cqfV38Q5Y
Video 2 of 4 (minute 6 is start of demo of process)http://www.youtube.com/watch?v=JUoiq_wYSUg'
Video 3 of 4 (this is video is the gold of the demo) http://www.youtube.com/watch?v=dQxCjmh_v8E
Video 4 of 4 (continued explanation including limitations)http://www.youtube.com/watch?v=Vn7DCDZYVNQ

Here are screen shots from my AD Snaphots Lab:

Snapshot Creation (input highlighted):

clip_image001

Snapshot Mount (input highlighted):

clip_image002Note: leave this window open

Snapshot View from Explorer:

clip_image004

Note: You may be able to restore files and folders by browsing the now mounted snapshot using explorer to copy/paste items.

Accessing Snapshot Using dsamain using port 50389 (input highlighted):

clip_image005

Note: You MUST leave this open till you are done working with the DB

Note: Please see unmounting instructions below

Opening mounted snapshot using LDP.exe:

Select Connection:

clip_image006

Enter in server name and port you assigned. In this cas 50389:

clip_image007

After it loads Bind the connection:

clip_image008

Opening mounted snapshot using ADSIedit.msc:

Select Action Connect to as shown below

clip_image009

Select Advanced: (demo is on same system)

clip_image011

Enter in the port and select OK:

clip_image013

You can then view the data additionally as shown below you can mount your current live instance as well and compare:

clip_image014

Google or Bing for “Directory Service Comparison Tools” to find tools to compare and restore from snapshots.

Unmounting Snapshot

When finished go to the dsamain command prompt window that is still open. Press Ctrl+C and close the window.

Next go to your ntdsutil command prompt window and unmount the snapshot as shown below:

clip_image015

Enter ? for a list of possible commands. You will likely want to delete the snapshots.

clip_image016

Comments

Post a Comment

Popular posts from this blog

FRS to DFSR Post Cleanup “File Replication NtFrs Stopped”

Image
After successfully migrating from FRS to DFSR you get the File Replication NtFrs service is Stopped error on the local servers AD DS Services list. In the Event logs you may see Event id 13575 13577. You can confirm your migration completed by opening a cmd prompt as administrator and typing in: dfsrmig /getmigrationstate After your migration to DFSR is completed and you have given your servers ample time to propagate this service is no longer required. Since it is set to “Automatic”, as shown below” it shows in logs as a false positive error. Edit the File Replication Service and change it to “Disabled”, as shown below: Once it is listed as “Disabled” it will no longer show in the Console as an “error” Note : it may take some time to clear from the active view
Read more

Domain Migration SubinACL /Migratetodomain How To:

Caution : DO NOT run this on Domain Controller C:\ and only run on roaming profiles folders, or my docs shares day of migration to avoid ownership change issues. Confirm Domain trust is in place and users and groups have been migrated Test ping of olddomain.org from new domain Test ping of newdomain.org from olddomain Add newdomain.org domain controller host records to olddomain.org including reverse DNS records Confirm the user running the app is a domain admin in BOTH domains Download SubinACL here: http://www.microsoft.com/en-us/download/details.aspx?id=23510 /Migratetodomain- command will add the permissions of the new user to the old files and folders for example if jimbob@olddomain.org was migrated to the new domain jimbob@newdomain.org and you run the command below any file or folder in that path that has jimbob@olddomain.org will add Jimbob@newdomain.org with the exact same permissions. This is a safer way to migrate by keeping the old and new permissions intact while a...
Read more

How to configure HP LaserJet Printer IPsec Encryption

Image
  I always recommend using a static IP for network printers. Once you have that configured use the printers web interface by going to that IP address using internet explorer. Select the” Networking” Tab > “IPsec/Firewall” as shown below: First we will add a rule to allow unencrypted traffic from all connections we will later define IPsec rules specific to the print server. You can set encrypted for all but keep in mind if it fails you will have a harder time remotely repairing it. Select “Add Rules” > “All IP Addresses” as shown below: Select “All Services” >”Next” as shown below: Select “Allow traffic…” >”Next” as shown below: Select “Finish” >”Next” as shown below: Select “OK” as shown below: It should take you back to the ” Networking” Tab > “IPsec/Firewall” as shown below: Note: “Enable IPsec/Firewall” is unchecked Now we will add an Encrypted Rule: Select “Add Rules” > “New” as shown below: Name the Rule, Specify the local and remote IP Addresses ...
Read more