Christos Polydorou

Welcome to the third and final article of the Restoring Active Directory Attributes with PowerShell. Today we are going to create a scheduled task in order to execute a PowerShell script that will manage our Active Directory snapshots. First, we are going to create the script that will manage the snapshots but in order to do that we have to decide on how often and how many snapshots we want to have. Personally, I go for two snapshots per day for a period of three days, nut I have these snapshots spread across multiple Domain Controllers. The following script will create an Active Directory snapshot and then remove all the older snapshots keeping a total of 3. That way, when it is executed on a daily basis, you will have three snapshots for the last 3 three days. # Create the new Active Directory snapshot New-ActiveDirectorySnapshot # Get the current date $now = [DateTime] :: Now # Remove snapshots older than three days from now Get-ActiveDirectorySnapshot | Where-Obj

On the first article of the series, we used the ntdsutil tool to create, mount, dismount and remove Active Directory snapshots and load the Active Directory database using the dsamain tool. Today, we are going to use a set of PowerShell functions I've created for this purpose. These functions are included in my Active Directory module since version 1.4.1 . Let's start by creating an Active Directory snapshot and then mount it on port 33389: After taking the snapshot, I updated the first name, last name and proxy addresses attributes on my user in order to compare and later on restore them. Using the "Get-ADUser" cmdlet we can get current the values for those attributes and as well as the values from the snapshot: As you may notice, a proxy address is missing, the first name has been updated to "Christos 1" and the last name have been updated to "Polydorou 2". This is how easy it is to restore the attributes! First we save the produc

Active Directory Recycle Bin. Great Feature. But what happens if instead of deleting the object, some of the attributes are misconfigured? Enter Active Directory snapshot. In the first article of the Restoring Active Directory Attributes with PowerShell we are going to talk about Active Directory snapshots and later on we are going to see how to restore attributes on objects. So, what is an Active Directory snapshot? It's actually an VSS snapshot of the volume that the Active Directory database resides on. And how can we use that snapshot? We can use it as a backup, a way to avoid full replication when installing a Domain Controller on a remote site and may other ways but we are going to focus on mounting it and using dsamain in order to load the database and access live. Let's see some examples on how to create such a snapshot. Of course, you need to have the appropriate rights, like domain or forest administrator. To create a snapshot, we are going to use the ntdsutil e