Needed to extract some historical information from Active Directory (AD) backups stored in NTBackup BKF files. First challenge was extracting the NTDS.DIT from the BKF. How do I get that snapshot loaded up so I can query the backup? I didn’t find a way to directly query for results from the NTDS.DIT without loading it into a running Domain Controller (DC) instance.
My approach is loosely modeled on the technique outlined at technet to “mount” a snapshot in VMWare Workstation on a server configured as a DC that closely models the forest structure of the targeted AD backup. I’d prefer to use a clone or image from the actual DCs but I can not disturb the online production environment.
I set up a VMWare team consisting of a Win 2008 R2 x64 server configured as a DC and a Vista x86 32-bit Workstation with Windows Server 2008 Remote Server Administration Tools; Active Directory Explorer and some custom/hand built ADSI based tools. I’ll be pushing tests of the custom tools from Visual Studio on the host to the virtualized Vista box in the team because I don’t want to directly mess with the virtualized DC. Now to get the directory backup loaded so I can do some offline spelunking.
No comments:
Post a Comment