TechShizz | All posts tagged 'ntdsutil'

Active Directory Command Line Utilities

Name

Description

CSVDE

Import and export Active Directory data using comma-separated format.

Dsadd

Add users, groups, computers, contacts, and organizational units to Active Directory.

Dsmod

Modify an existing object of a specific type in the directory. The types of objects that can be modified are: users, groups, computers, servers, contacts, and organizational units.

Dsrm

Remove objects of the specified type from Active Directory.

Dsmove

Rename an object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller. (For cross-domain moves, use the Movetree command-line tool.)

Dsquery

Query and find a list of objects in the directory using specified search criteria. Use in a generic mode to query for any type of object or in a specialized mode to query for for selected object types. The specific types of objects that can be queried through this command are: computers, contacts, subnets, groups, organizational units, sites, servers and users.

Dsget

Display selected attributes of specific object types in Active Directory. Attributes of the following object types can be viewed: computers, contacts, subnets, groups, organizational units, servers, sites, and users.

LDIFDE

Ceate, modify, and delete directory objects. This tool can also be used to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services.

Ntdsutil

General purpose Active Directory management tool. Use Ntdsutil to perform database maintenance of Active Directory, to manage single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.

Restore AD from backup

To restore AD using this Windows Backup Server needs to be running full backups of the drive with the NTDS.dit file on the DC.

 

To browse the backups/NTDS snapshots

 

Ntdsutil

Activate instance ntds

Snapshot

List all

 

Identify the backup and copy the GUID to be mounted

 

Snapshot>Mount {GUID}

 

You can browse the backup and copy things from it if needed. You can also mount the NTDS file within it.

Note the path of the NTDS.dit file within it for the next part.

 

Dsamain-dbpath c:\$SNAP_465746_VOLUME_C$\windows\ntds\ntds.dit -ldapport:5000

 

From a dsa.msc you can now "change domain controller" and look at do.contoso.local:5000 to mount the AD database.

 

To un-mount

 

Unmount {GUID}

 

Restore AD from directory service recovery mode

 

If an OU or user our group or any object is deleted from AD you will need to perform an authorities restore by rebooting into DRSM

 

Bcdedit /set safeboot dsrepair

 

Shutdown /r /t 0

 

Server reboots

 

To identify the backup again run

 

Wbadmin get versions

 

Copy the version   :dd/mm/yyyy-hh:mm

 

Run a non-authoritative restore

 

Wbadmin start systemstaterecovery -version:03/24/2015-18:22

 

Run an authoritative restore

 

Ntdsutil

Act inst ntds

authoritative restore subtree "ou=test,dc=contoso,dc=local"

 

 

Reset boot method

 

Bcdedit /deletevalue safeboot

 

Shutdown /r /t 0

Active Directory Compaction Script

Compaction Script


@ECHO OFF

ECHO To compact the NTDS.dit file for this domain

ECHO controller ensure you have the following

ECHO folders set up on the c:\

ECHO.

ECHO C:\Temp

ECHO C:\OriginalNTDS

ECHO.

pause

del C:\temp\*.dit

del C:\originalntds\*.dit

net stop ntds /y

ntdsutil "activate instance NTDS" files "compact to C:\temp" quit quit

cd \windows\ntds

del *.log

copy ntds.dit \originalntds

del ntds.dit

copy c:\temp\ntds.dit

ntdsutil "activate instance NTDS" files integrity quit "semantic database analysis" "go fixup" quit quit

ECHO To restart the AD DS press enter.

pause

net start ntds

ECHO Compacting Finished.

pause

Authoritative Restore

Restore from DSRM

 

For this to work Windows Backup must have taken backups for the ntds.dit file.

 

Browsing the Backups and the NTDS.dit file

 

Manual Snapshots of the drive can be done from

ntdsutil: act inst ntds

snapshot create

list all

 

Select the GUID of the backup and Mount it as follows:

 

Mount {GUID}

 

You can then browse the snapshot in the c:\

 

You can then mount the ntds.dit file inside the mounted backup as follows:

 

Exit ntdsutil and run:

 

dsamain -dbpath c:\$SNAP_65168161358_VOLUMEC$\Windows\ntds\ntds.dit -ldapport 5000

 

This will be mounted and then can be accesses from dsa.msc. You need to change domain controller to dc1.contoso.local:5000 to browse the NTDS.dit file.

 

Performing an Authorative Restore

If an OU or user or whatever needed to be restored authorativly do the following.

 

Restart DC in DSRM (Directory Services Restore Mode)

 

Open CMD

 

bcdedit /set safeboot dsrepair

shutdown /r /t 0