You are on page 1of 1

6/8/2015

ActiveDirectoryUSNRollback|SystemAdminGuide

System Admin Guide


AlivelyblogforWindowsandVMwareadministrators...

HOME

VMWARE

WINDOWSSERVER

INTERVIEWQUESTIONS

SubscribeToSAG

Active Directory
USN Rollback
Categories:ACTIVEDIRECTORY,
WINDOWS,WINDOWSSERVER
2008
PostedbyNITHIN

Focus: USN, USN Rollback, DSA GUID and Invocation GUID

Comments

Unique Sequence Number (USN)


USN is an AD database change tracking number. Any change or transaction made
in a DC is represented by a USN increment. The USN of DCs in the same domain
need not be same.
The USN of a DC is particular only to that DC, also the USN of other DCs will be
tracked in theHWMV table of a DC.

RADHAKRISHNAN
0comments

Posts

Server Object GUID (DSA GUID)

Categories
Active Directory
Dell EqualLogic
DHCP
DNS
Group Policy

DSA (Directory System Agent) GUID is used in USNs to track originating writes. It
is also used by DC to identify its replication partners. The value of DSA GUID is
stored in objectGUID attribure of the NTDS settings object. DSA GUID is created
when AD is initially installed on a DC and will not change during its lifetime until
or unless the DC is removed from the domain controller. DSA GUID ensures that
the DC is recognizable even in case of a DC rename.
Server Database GUID (Invocation GUID)

Icinga Monitoring
Microsoft SQL Server
Openfiler
Powershell
Private VLAN
SAN

AD database has its own GUID which is used to identify the database version. The
value of Invocation GUID is stored in invocationIdattribute of NTDS settings

VMDK troubleshooting

object. Unlike DSA GUID, Invocation GUID is changed during an AD restore process

VMware

to ensure replication consistency.

VMware Conversion

Coming to the USN rollback scenario:

VMware DRS
VMware Fault Tolerance

Cause

VMware HA

USN Rollback is mainly caused by restoring a DC using non Microsoft restore

VMware Networking

process like Norton's Ghost, VMware snapshot etc.. or when we perform a V2V of

VMware Overview

an existing DC.

VMware Snapshot
Explanation

VMware troubleshooting

When we restore DC using the conventional methods of AD restoration, the


Invocation ID of the DC will be reset which in turn resets the USN to make the DC
understand that the database is restored. The Invocation ID tracks the version of
the database of DC. The previous Invocation ID will be marked as retired. When
we use methods other than the conventional restoration methods, this ID will
not be reset. This prevents other DC from replicating with the rolledback DC, the

VMware vSwitch
Windows
Windows Backup and
Restore

changes made after the image was taken.

Windows Server 2008

In this scenario, other DCs will believe that the rolled back DC will be holding

Windows troubleshooting

updated data and will not replicate, which makes the AD data inconsistent.
Resolution

Windows VMware
Interview questions

1. Forcefully demote the DC


2. Remove metadata using metadata cleanup

PopularPosts

3. Seize FSMO roles


4. Re promote the server

VMWARE AND WINDOWS


INTERVIEW QUESTIONS: PART 1

All the questions in this


blogare interview questions

+1 Recommend this on Google


Reactions:

funny (0)

interesting (0)

cool (0)

informative (0)

0 comments:
Post a Comment
http://www.systemadminguide.in/2013/11/activedirectoryusnrollback.html

that are framed as per the


current trend. Special thanks
to my colleague Shijimol...
VMWARE AND WINDOWS
INTERVIEW QUESTIONS: PART 2

This is the second part of the


blog ' VMware and Windows

1/2