Els's blog

Monday, June 26, 2006

Recovering from USN Rollback

A bit later as promised, but here it is: part 2 on the USN Rollback.

There are 3 methods to recover from a USN Rollback.

  1. Reinstall AD.
    Use Dcpromo to remove AD from the faulty DC and demote the machine to a standalone server. Clean up all references to the DC, if this DC was hosting FSMO roles, make sure to transfer them to another (healthy) DC.
  2. Restore the system state.
    If a valid system state backup was made before the rolled-back DC was restored from image, restore the system state from the most recent backup.
  3. Fool your image-restored DC (requires Windows Server 2003 SP1!).
    - Restore your image.
    - Start the DC in Directory Services Restore Mode. Do NOT start normally or it’s all too late!!!
    - Open Registry Editor and look for the value ‘DSA Previous Restore Count’ (HKEY_LM\System\CurrentControlSet\Services\NTDS\Parameters). Make a note of this value. If the entry is not there, assume a value of 0. Do not add the entry.
    - Add the registry entry ‘Database restored from backup’ in HKEY_LM\System\CurrentControlSet\Services\NTDS\Parameters
    Data type: REG_DWORD
    Value: 1
    - Restart the DC normally.
    - Check the registry to be sure that the value of ‘DSA Previous Restore Count’ is equal to its previous value plus 1.
    - In the Directory Service event log, check to see that Event ID 1109 or 1587 appears.
    - This event confirms that AD has been restored and that the Invocation ID has changed.


Post a Comment

<< Home