LinkedInX (ex-Twitter)

BACKUP FONCTIONALITY

We start by adding the backup functionality.

AddRole1.png

AddRole2.png

AddRole3.png

CREATING THE BACKUP

  • Open the command prompt as administrator.

  • Enter: wbadmin start systemstatebackup -backuptarget:

Save1

  • Wait

Save2

Save3

Save4

For an AD of several thousand objects, it takes about ten minutes.

BACKUP CONTROL

  • Go to the backup directory, in my case E:\WindowsImageBackup\NomServeur

Controle1.png

  • Go to the Logs folder.

  • View the Backup_Error file.

With this log file, it is possible to generate alerts by either inspecting the size or the content.

LIST AVAILABLE BACKUPS

  • Open the command prompt as administrator.

  • Enter : wbadmin get versions

listsave1.png

LIST THE CONTENTS OF BACKUPS

  • Open the command prompt as administrator.

  • Enter: wbadmin get items -version:Versionidentifier

listsave2.png

We can see that our backup includes the Active Directory application and the ntds component, which allows a granular restoration of objects.

As we made a backup of the system state, it is possible to restore the AD server completely via DSRM.

NTDS RESTORE

  • Open the command prompt as administrator.

  • Enter: wbadmin start recovery -version:03/22/2022-19:43 -itemtype:App -items:AD -recoverytarget:E:\Restore\

resto1.png

If we go to the restore folder, we can see that the ntds file is restored.

resto2.png

OPENING THE NTDS FILE

To read the ntds file we will mount it using the dsamain command.

  • Open the command prompt as administrator.

  • Enter: dsamain -dbpath "E:\Restore\Active Directory\ntds\ntds.dit" -ldapport 2000

resto3.png

The port is free, you just have to choose an unused one on the system to avoid possible conflicts.

  • Open "Active Directory Users and computers".

  • Select "Change domain controller".

resto4.png

  • Enter the restore information previously provided.

resto5.png

The file is now readable, but not directly restorable. On the other hand, it can make it possible to compare the evolution of accounts.

RESTORATION VIA EXPORT

In order to restore one or more accounts we will use the LDIFDE utility.

  • Open the command prompt as administrator.

  • Enter: ldifde -f E:\Restore\exportLEOLA.ldf -s localhost:2000 -r "CN=LEOLA_VALENTINE" -m

resto6.png

resto7.png

As with every restoration, we will make the account inactive before re-importing it.

  • Open the file "exportLEOLA.ldf".

  • Edit line "userAccountControl: ".

  • Assign value 514.

  • Open the command prompt as administrator.

  • Enter: ldifde -i -f E:\Restore\exportLEOLA.ldf

resto8.png

Now all that remains is to change the account password, because this type of restoration generates an account without a password.

BACKUP FUNCTIONALITY LIMITATIONS

  • Can be complicated to use in case of major restoration.

  • Does not save all object attributes.

  • Requires adding backup functionality.

ADVANTAGES OF THE BACKUP FEATURE

  • Allows the restoration of objects on the same AD or another (useful in the event of an incident).

  • Allows full AD recovery via DSRM mode.

PreviousPurposeNextSNAPSHOT

Last updated