Abhimanyu Shekhawat
asked on
can USN rollback happen during authoritative restore?
can USN rollback happen during authoritative restore?
Last Comment
ASKER
Authoritative and nonauthoritaive restore explained very well but I didn't get the answer. When you perform authoritaive restore the version number would be increased so I want to understand How can USN rollback happen even after this?
Because it's been restored incorrectly
So you asked if it could happen, answer is yes, it can.
Have you read the second post, that's how to detect and resolve USN rollback, if you've confirmed this to be the issue then you can use the same article for the resolution.
Regards
Alex
This article describes a condition that occurs when a domain controller that is running Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 starts from an Active Directory database that has been incorrectly restored or copied into place. This condition is known as an update sequence number rollback, or USN rollback.
So you asked if it could happen, answer is yes, it can.
Have you read the second post, that's how to detect and resolve USN rollback, if you've confirmed this to be the issue then you can use the same article for the resolution.
Regards
Alex
ASKER
Thanks for the answer. When you say restored incorrectly that means Invocation ID hasn't reset, right? If yes, I just want to understand the scenario where we authoritatively restored the OU tree and invocation ID hasn't reset but the Version number has increased for each attribute and it will notify all the downstream Domain Controller about the changes, will USN rollback happen in this case?
I have no idea... Mainly because you've not done it correctly
If you haven't done the invocation ID, the downstream servers aren't going to see the restore operation.
You'll have to see if there are issues after you complete the work I guess.,
By modifying the Invocation ID it informs the downstream replication partners of this restore operation and we can get around USN rollback scenarios. It also instructs DC1’s replication partners to send all updates from highestCommittedUSN (x) to highestCommittedUSN (y) where X is the value at the time of the backup and Y is the value at the time DC1 went down to perform the restore.
If you haven't done the invocation ID, the downstream servers aren't going to see the restore operation.
You'll have to see if there are issues after you complete the work I guess.,
ASKER
This is talking about the Nonauthoritative restore.
By modifying the Invocation ID it informs the downstream replication partners of this restore operation and we can get around USN rollback scenarios. It also instructs DC1’s replication partners to send all updates from highestCommittedUSN (x) to highestCommittedUSN (y) where X is the value at the time of the backup and Y is the value at the time DC1 went down to perform the restore.
ASKER
Could anyone please answer it?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I got this answer later when nobody was able to answer.
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
That's actually a really nice document on explaining it
Yes, you can end up with USN Rollback
Another document here
https://support.microsoft.com/en-us/help/875495/how-to-detect-and-recover-from-a-usn-rollback-in-windows-server-2003,-windows-server-2008,-and-windows-server-2008-r2
Regards
Alex