In this Article, we will see how to create a snapshot of the AD DS using NTDSUTIL.

Tested in the Server 2016 AD DS wherein the steps and process remains same for Server 2012 and 2008 AD DS.

Open Command Prompt, In my case i have selected PowerShell which also can perform CMD Commands.

Type Ntdsutil and Enter

Enter Snapshot

Enter Activate Instance NTDS

Enter Create

Now you can see snapshot has been created and quit both snapshot and Ntdsutil

Now, lets delete One user  from the Active Directory Users and Computers

Post deletion of the user, again run the below commands

Ntdsutil–>Snapshot–>Active Instance NTDS–>List all

you can see that listed the snapshots which we have taken before we deleted the user.

Mount the Snapshot using following command,

Mount $Snapshot GUID$

You can see that it is mounted under the path C:\

Now Quit both Snapshot and Ntdsutil.

Use the Dsamain below command and mount the Snapshot.

Dsamain /dbpath ‘c:\”file name”\Windows\NTDS\ntds.dit /ldapport 50000

once you got above results, don’t close dsamain and leave it as running.

Go to Active Directory Users and Computers— Change Domain Controller

Type Domaincontrollerhostname:50000

Click on OK once you got the status Online

Now you can see the user which we have deleted earlier. hence the Snapshot is working as expected.

Post verified Snapshot, you can safely unmount the Snapshot which is mounted and Quit both Snapshot and Ntdsutil

Also you can Press Ctrl+C and terminate the Dsamain safely.