Operation Manual

ManualsBrandsAcronis ManualsSoftwareBackup Advanced Version 11.5 Update 6

301

302

303

304

305

306

307

308

309

310

version on another. To prevent conflicts and loss of information, Active Directory tracks object

versions on each domain controller and replaces the outdated versions with the up-to-date version.

To track object versions, Active Directory uses numbers called Update Sequence Numbers (USNs).

Newer versions of Active Directory objects correspond to higher USNs. Each domain controller keeps

the USNs of all other domain controllers.

USN rollback

After you perform a nonauthoritative restore of a domain controller or of its database, the current

USN of that domain controller is replaced by the old (lower) USN from the backup. But the other

domain controllers are not aware of this change. They still keep the latest known (higher) USN of that

domain controller.

As a result, the following issues occur:

 The recovered domain controller reuses older USNs for new objects; it starts with the old USN

from the backup.

 The other domain controllers do not replicate the new objects from the recovered domain

controller as long as its USN remains lower than the one they are aware of.

 Active Directory starts having different objects that correspond to the same USN, i.e. becomes

inconsistent. This situation is called a USN rollback.

To avoid a USN rollback, you need to notify the domain controller about the fact that it has been

recovered.

To avoid a USN rollback

1. Immediately after recovering a domain controller or its database, boot the recovered domain

controller and press F8 during startup.

2. On the Advanced Boot Options screen, select Directory Services Restore Mode, and log on to

Directory Services Restore Mode (DSRM).

3. Open Registry Editor, and then expand the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

4. In that registry key, examine the DSA Previous Restore Count value. If this value is present, write

down its setting. Do not add the value if it is absent.

5. Add the following value to that registry key:

 Value type: DWORD (32-bit) Value

 Value name: Database restored from backup

 Value data: 1

6. Restart the domain controller in normal mode.

7. [Optional] After the domain controller restarts, open Event Viewer, expand Application and

Services Logs, and then select the Directory Services log. In the Directory Services log, look for a

recent entry for Event ID 1109. If you find this entry, double-click it to ensure that the

InvocationID attribute has changed. This means that the Active Directory database has been

updated.

8. Open Registry Editor and verify that the setting in the DSA Previous Restore Count value has

increased by one as compared with step 4. If the DSA Previous Restore Count value was absent

in step 4, verify that it is now present and that its setting is 1.

If you see a different setting (and you cannot find the entry for Event ID 1109), ensure that the

recovered domain controller has current service packs, and then repeat the entire procedure.