Jan 14

browsing your crashed AD with dsamain.exe

I’m sure every one of us encoutered this problem once: a server crash with no working backup of Active Directory, thus, no way to recreate the users / security groups…

Luckily, Windows 2008 (RTM and R2) introduced a nifty little tool, that enables you to virtually load the crashed domain onto another server. That way you can peak into the previous configuration, and take over all necessary information.

All users/groups/… are stored in a single file: ntds.dit. First, we need to make sure that the integrity of the file is good. In many cases, this will not be the case, as a crashed server often will be shut down unexpected. Following commands can help you troubleshoot and solve this:

esentutl.exe /g “c:pathtontds.dit”
this command checks the integrity of the database file

esentutl.exe /p  “c:pathtontds.dit”
this command repairs any errors in the database file

When all this ends successfully, you can start with the mounting process.

dsamain.exe -dbpath “C:pathtontds.dit” -ldapport 5532 -allownonadminaccess -allowupgrade

-allownonadminaccess: needed to be able to access the database with another set of security credentials than defined in the virtually mounted domain
-allowupgrade: needed if you try to mount a ntds.dit file from an earlier version of windows (e.g. windows 2003)

If all goes well, the command will return the following message:

Now you can use your preferred Active Directory Management tool to connect to this mounted domain controller, using localhost for the host portion, and the defined ldap port as the port option.

If you want to connect to is using ADUC, you right click the root hive in this window, and choose for “Change Domain Controller”

Using the information in the above example, you fill in localhost:5532 and press OK. You will now be able to browse the mounted domain.

Feel free to comment if you have any questions




Leave a Reply

Your email address will not be published.