JSI Tip 8952. How do I detect and recover from a USN rollback in Windows Server 2003?

Jerold Schulman

January 19, 2005

2 Min Read
ITPro Today logo in a gray background | ITPro Today

Microsoft Knowledge Base Article 875495 contains the following summary:

This article describes the operations that Active Directory-aware backup programs and the Windows operating system perform to maintain consistent copies of Active Directory partitions when you restore the system state on a domain controller in a common Active Directory forest.

To roll back the contents of an Active Directory database, restore the system state by using an Active Directory-aware backup utility. If you use any other method, replication partners in the forest may not be notified that your domain controller has started its operating system by using an earlier version of the Active Directory database.

When such "USN rollbacks" occur, modifications to objects and attributes that occur on one domain controller do not replicate to other domain controllers in the forest. However, no Active Directory replication errors are reported in the event logs of the affected domain controllers. Additionally, replication-monitoring utilities such as Repadmin.exe do not detect any replication errors.

Generally, during a USN rollback, user accounts and computer accounts exist on one domain controller but do not exist on another. Alternatively, the passwords for a user account may be inconsistent between domain controllers in a common domain, and logon operations may fail.

After hotfix 875495 is installed, a Microsoft Windows Server 2003 domain controller logs Directory Services event 2095 when it encounters a USN rollback. The text of the event message directs administrators to this article for recovery options.

Because it is difficult to detect and recover from a USN rollback, we recommend that administrators install hotfix 875495 on all Windows Server 2003 domain controllers, especially those in virtualized hosting environments.

For a Microsoft Windows 2000 Server version of this article, see 885875.

Contents

  • SUMMARY

  • INTRODUCTION

  • MORE INFORMATION

    • Typical behavior that occurs when you restore an Active Directory-aware system state backup

    • Software and methodologies that cause USN rollbacks

    • The effects of a USN rollback

    • Detecting a USN rollback on a domain controller that is running Windows Server 2003

    • Detecting a USN rollback on a Windows Server 2003 domain controllers that has the 875495 hotfix installed

    • Recovering from a USN rollback

    • Hotfix information



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like