JSI Tip 8952. How do I detect and recover from a USN rollback in Windows Server 2003?

Microsoft Knowledge Base Article 875495 contains the following summary:

This article describes the operations that Active Directory-aware backup programs and the Windows operating system perform to maintain consistent copies of Active Directory partitions when you restore the system state on a domain controller in a common Active Directory forest.

To roll back the contents of an Active Directory database, restore the system state by using an Active Directory-aware backup utility. If you use any other method, replication partners in the forest may not be notified that your domain controller has started its operating system by using an earlier version of the Active Directory database.

When such "USN rollbacks" occur, modifications to objects and attributes that occur on one domain controller do not replicate to other domain controllers in the forest. However, no Active Directory replication errors are reported in the event logs of the affected domain controllers. Additionally, replication-monitoring utilities such as Repadmin.exe do not detect any replication errors.

Generally, during a USN rollback, user accounts and computer accounts exist on one domain controller but do not exist on another. Alternatively, the passwords for a user account may be inconsistent between domain controllers in a common domain, and logon operations may fail.

After hotfix 875495 is installed, a Microsoft Windows Server 2003 domain controller logs Directory Services event 2095 when it encounters a USN rollback. The text of the event message directs administrators to this article for recovery options.

Because it is difficult to detect and recover from a USN rollback, we recommend that administrators install hotfix 875495 on all Windows Server 2003 domain controllers, especially those in virtualized hosting environments.

For a Microsoft Windows 2000 Server version of this article, see 885875.

Contents