Tag Archives: AD recovery

Integrity check to Detect Low Level Active Directory Database Corruption

Active Directory maintains a multi-master database. like any other database there can be data corruptions, crashes, data lost etc. In my entire career, I still did not come across with a situation that a full database recovery is required in production environment. The reason is AD DS database is keep replicating to other available Domain Controllers and it is very rare that all the available Domain Controllers crash in same time and loose data.

By running integrity check, we can identify binary level AD database corruption. This comes as part of the Ntdsutil tool which use for Active Directory database maintenance. This go through every byte of the database file. The integrity command also checks if correct headers exist in the database itself and if all of the tables are functioning and consistent. This process also run as part of Active Directory Service Restore Mode (DRSM).

This check need to run with NTDS service off. 

In order to run integrity check,

1) Log in to Domain Controller as Domain/Enterprise Administrator
2) Open PowerShell as Administrator
3) Stop NTDS service using net stop ntds
4) Type 
 
ntdsutil
activate instance ntds
files
integrity
 
ntds1
 
5) In order to exit from the utility type, quit.
6) it is also recommended to run Semantic database analysis to confirm the consistency of active directory database contents. 
7) In order to do it, 
 
ntdsutil
activate instance ntds
semantic database analysis
go
 
ntds2
 
8) If its detected any integrity issues can type go fixup to fix the errors. 
9) After process is completed, type net start ntds to start the ntds service.
 
This marks the end of this blog post. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

How to create Active Directory Snapshots?

In one of my previous posts I explain what system state is and how we can use it to backup active directory data. With windows 2008 server Microsoft introduces a new feature called active directory snapshots which can use to backup active directory data. Basically this tools creates a shadow copy of volumes that holds active directory data (Database and logs) using “Volume Shadow Copy Service (VSS)” running on server.

In order to create, view or restore AD snapshots, you need to be member of domain admin group or the enterprise administrator group.

Let’s see how we can create active directory snapshots.

1)    Log in the domain controller as a domain administrator or enterprise administrator with appropriate permissions.
2)    Right click on start button and select “Command Prompt (Admin)". It will open up the command line interface.

snap1

3)    In command prompt type ntdsutil and enter to open up the ntdsutil tool.

snap2

4)    Then type snapshot and press enter.

snap3

5)    In next type activate instance ntds and press enter.

snap4

6)    Then type create and press enter. It will start to create snapshot and give the similar output as following.

snap5

7)    Type and enter quit to exit from the utility. You have to do it twice.

Before we use a snapshot created by this process we need to mount it using active directory mounting tool. Let’s see how we can do it.

1)    Log in the domain controller as a domain administrator or enterprise administrator with appropriate permissions.
2)    Right click on start button and select “Command Prompt (Admin)". It will open up the command line interface.
3)    In command prompt type ntdsutil and enter to open up the ntdsutil tool.
4)    In next type activate instance ntds and press enter.
5)    Then type snapshot and press enter.

snap6

6)    Then type list all

snap7

7)    It will list down all the snapshot created.
8)    Then run command mount 2 ( this is the order number showing in list of snapshot and I needed to mount the one listed in number 2)

snap8

9)    Then as it saying it successfully mounted to the C: drive with folder $SNAP_201502260503_VOLUMEE$

snap9

10)    Then enter quit command twice to exit from utility.

Now to connect with the mounted snapshot we need to execute following,

dsamain –dbpath C:\$SNAP_201502260503_VOLUMEE$\ADDB\ntds.dit –ldapport 10000

In here the dbpath will change according to the snapshot mount you made. Ldapport is any openport in the server to run this snapshot instance.

snap10

 

Now we can access snapshot using port 10000.

Keep this open till we finish with next steps.

Let’s see how we can view the content of snapshot using active directory users and computers console.

1)    Go to server manager > tools > active directory users and computers

snap11

2)    In mmc right click on active directory users and computers option and select change domain controller option

snap12

3)    In here type the domain controller name and the port. Then click ok. Here according to my demo the port should be 10000 ( the one we use with snapshot)  

snap13

4)    As we can see here it successfully connect with the instance.

snap14

Disconnect and unmounts snapshot

In order to disconnect from the running instance, open the command line we left open and press CTRL+C

snap15

1)    Then type ntdsutil to go in to ntdsutil tool
2)    In next type activate instance ntds and press enter.
3)    Then type snapshot and press enter.
4)    Then type list all
5)    It will list down all the snapshot created.

snap16

6)    Then type unmount 2 ( this is the snapshot number I mapped before ). It will unmount the snapshot.
7)    Then enter quit command twice to exit from utility.

snap17

In this article I explain what active directory snapshot is and how we can use it for recoveries. If you have any questions feel free to contact me on rebeladm@live.com