Windows 2012 allow for snapshots of Active Directory to be take, this uses the Volume Shadow Copy (VSS) and is for creating a historical capture of AD at a certain point in time.
Ntdsutil.exe is used for creating the snapshot, which can then be mounted by and viewed by using Active Directory Users and Computers.
To Create a snapshot
- Open Command Prompt and type Ntdsutil
- Type snapshot
- Type activate instance ntds
- Type Create
- Copy the GUID
- Type quit two times
To mount the snapshot
- Open Command Prompt and type Ntdsutil
- Type snapshot
- Type activate instance ntds
- Type List all
- Type mount <GUID No>
- Type quit two times
Next type dsamain /dbpath C:\$SNAP_datetime_volumec$\windows\ntds\ntds.dit /ldapport 50000
** datetime is a unique value. There only should be one folder on your C:\ drive with a name that begins with $snap.
Next open Active Directory Users and Computer with the dsamain still running, Right click on the Domain and select Change Domain Controller.
Select This Domain Controller… and then type in the domain controller name and port set above
This then show Active Directory at the time of the snapshot.