I am needing help with an issue that just came to my attention. Here's the break down of what has happened:
My company has a virtual server running 08R2 that is a Domain controller AND is also hosting Exchange 2010 (I know it is a no no, this was in place long before I got here) We have two other DCs that are replicating fine with each other, just not to this server.
Anyway, at the beginning of the month we had a massive server crash and had to roll back the server to an older backup. Ever since then AD has not been replicating on the server which is causing a number of headaches (We've traced it back to a possible USN mismatch due to the recovery, which was performed from a snapshot that VMM created during a migration of the server from one host to another)
My question: without removing Exchange is there a way to fix the USN issue on the server and get it syncing with the other DCs in the domain?
Best Answer
Demote the DC and then dcpromo it again.
However, I would not attempt this until the person who made the decision to roll back the snapshot has been fired.
How to detect and recover from a USN rollback in Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2
http://support.microsoft.com/kb/875495
Recovering from a USN rollback
There are two approaches to recover from a USN rollback:
Option 1: Remove the Domain Controller from the domain:
Remove Active Directory from the domain controller to force it to be a stand-alone server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
332199 Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server
Shut down the demoted server.
On a healthy domain controller, clean up the metadata of the demoted domain controller. This means on 2008 R2 to delete the computer account in AD Users and Computers, which performs the metadata cleanup automatically.
Restart the demoted server.
If you are required to, install Active Directory on the stand-alone server again.
If the domain controller was previously a global catalog, configure the domain controller to be a global catalog. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
313994 How to create or move a global catalog in Windows 2000
If the domain controller previously hosted operations master roles, transfer the operations master roles back to the domain controller. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
255504 Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
Option 2: Restore the system state of a good backup.
Evaluate whether valid system state backups exist for this domain controller. If a valid system state backup was made before the rolled-back domain controller was incorrectly restored, and the backup contains recent changes that were made on the domain controller, restore the system state from the most recent backup.
You can also use the snapshot as a source of a backup. Or you can set the database to give itself a new invocation ID using the procedure in the section "To restore a previous version of a virtual domain controller VHD without system state data backup" in this article:
http://technet.microsoft.com/en-us/library/dd363545(WS.10).aspx