0/1 Lessons

Course Introduction

• 1min

0 / 1 lessons complete

Getting Started with Active Directory Domain Services

• 52min

0 / 6 lessons complete

Introduction to Active Directory Users & Computers

• 1hr 27min

0 / 10 lessons complete

Adding a Second Domain Controller

• 1hr 31min

0 / 7 lessons complete

Active Directory Backups

• 1hr 24min

0 / 5 lessons complete

How to Administrate Active Directory with Windows PowerShell

• 1hr 58min

0 / 7 lessons complete

Administrating AD SS (Active Directory Sites and Services)

• 1hr 3min

0 / 5 lessons complete

Active Directory Trusts

• 54min

0 / 5 lessons complete

Modifying the Active Directory Schema

• 43min

0 / 3 lessons complete

Course Conclusion

• 2min

0 / 1 lessons complete

Creating and Restoring Active Directory Snapshots


Q&A (0)

Notes (0)

Resources (0)

Saving Progress...


There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

Active Directory Snapshots are a tool you can use to query old Active Directory data. It’s not a complete backup system - but rather allows you to access older versions of your Active Directory. This would allow you to use other tools to perform disaster recoveries as needed.

Snapshots work like this:

  1. Create a job to create snapshots
  2. Mount a snapshot to an alternate port
  3. Connect to that alternate port and view your old data

To create a new snapshot we need to open Command Prompt as an administrator and run the following commands:


Activate Instance NTDS




I am using one of Server Academy’s IT labs that are provided to all of our members for testing purposes. These labs are perfect since I don’t have to worry about losing data. If I mess up all, I need to do is click a button to revert the lab and I have everything back within minutes.

I am going to open Active Directory Users and Computers and make sure I have Advanced Features enabled:

Next remove the deletion protection from an Organizational Unit by right-clicking the OU you want to delete, selecting properties, go to the Object tab and un-check Protect object from accidental deletion:

Im going to use an OU in my lab called Domain Groups. Once I remove the protection, I can right-click and delete the OU:

So now the OU is missing and I can get on to mounting the old snapshot:

We can use NTDS snapshotting to view the old data. Open CMD as an Admin again, and run the following commands:

list all

This will return all snapshots 

First we need to run the mount command followed by the snapshot we wish to mount. In this case I will be mounting snapshot 1:

mount 1

This will output the directory where the snapshot is now mounted. Go ahead and exit the utilities by pressing Q until your back at the normal command prompt:

This mounts the old AD to the C drive:

The inside of that directory looks just like our C drive and it contains the Active Directory database file that contains AD information like user accounts, groups, and password hashes.

Now we are going to use a utility called dsamain (AD/DS/LDS offline data browser) to mount this older version (snapshot) of Active Directory to an alternative port that we can connect to and view. Open CMD as an Administrator and  run the command below (be sure to change the path to your snapshot location):

dsamain /dbpath c:\$SNAP_202004061016_VOLUMEC$\windows\ntds\ntds.dit /ldapport 5000

We will see that the command completed successfully:

Note: You need to keep this window open in order for the old data to be accessible on the port you specified. If you close this command prompt window, you won’t be able to connect to the mount and view the old data.

Now in the Active Directory console, right-click your domain and select Change Domain Controller:

Select This Domain Controller or AD LDS instance, and type in the name of your server followed by the port number you specified with the dsamain command. In my test lab, the DC is “sadc01” and the port I specified was 5000.


Now I can view the old snapshot of Active Directory and view my old data. Keep in mind you can't edit any of the data - this is strictly read only data.

To delete the data, we can run the commands below:



list all

unmount 1

list all
delete 1

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

5 1 vote
Lesson Rating
Notify of
profile avatar
Newest Most Voted
Inline Feedbacks
View all comments

profile avatar
Chris Cross(@chris-cross)
1 year ago

I love this company very good training

profile avatar
1 year ago

The Training is magnificent!