If you want to copy / backup Active Directory Information do the following:
(tested on Server 2008)
-
Stop Active Directory Domain Services
-
cmd.exe
-
ntdsutil –> Activate Instance NTDS –> files –> compact to c:\horst (temp Folder)
now U have a copy of your AD Information in C:\horst\ntds.dit
Now, say you backup your AD Data every night, in folders that represent every day of a month. (I know that stopping AD Services every day in your productive environment is a decision you have to make 
)
You can take that copy of ntds.dit, seperate your server from your productive network (stop AD Services, replace file, delete log files in c:\windows\NTDS\*.log), and you have a look in your AD at that time.
Before you start the AD Services again you have to insert the following reg key to the registry
HKLM/System/CurrentControlSet/Services/NTDS/Parameters: “Disable DSA Database Epoch Check”:REG_DWORD=0×00000001
or change “HKLM/System/CurrentControlSet/Services/NTDS/Parameters/DSA Database Epoch” – minus times you started the AD Services since then i prefer ”Disable DSA Database Epoch Check”
have phun 