Demote the DC and then dcpromo it again.
However, I would not attempt this until the person who made the decision to roll back the snapshot has been fired.
How to detect and recover from a USN rollback in Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2
http://support.microsoft.com/kb/875495
Recovering from a USN rollback
There are two approaches to recover from a USN rollback:
Option 1: Remove the Domain Controller from the domain:
Remove Active Directory from the domain controller to force it to be a stand-alone server. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
332199 Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server
Shut down the demoted server.
On a healthy domain controller, clean up the metadata of the demoted domain controller. This means on 2008 R2 to delete the computer account in AD Users and Computers, which performs the metadata cleanup automatically.
Restart the demoted server.
If you are required to, install Active Directory on the stand-alone server again.
If the domain controller was previously a global catalog, configure the domain controller to be a global catalog. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
313994 How to create or move a global catalog in Windows 2000
If the domain controller previously hosted operations master roles, transfer the operations master roles back to the domain controller. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
255504 Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
Option 2: Restore the system state of a good backup.
Evaluate whether valid system state backups exist for this domain controller. If a valid system state backup was made before the rolled-back domain controller was incorrectly restored, and the backup contains recent changes that were made on the domain controller, restore the system state from the most recent backup.
You can also use the snapshot as a source of a backup. Or you can set the database to give itself a new invocation ID using the procedure in the section "To restore a previous version of a virtual domain controller VHD without system state data backup" in this article:
http://technet.microsoft.com/en-us/library/dd363545(WS.10).aspx
TL;DR: dcpromo /forceremoval
.
Straight from the AskDS blog:
To correct this situation we need to do the following on the DC that
has the roll back issue.
1) Forcefully demote the DC by running dcpromo /forceremoval. This
will remove AD from the server without attempting to replicate any
changes off. Once it is done and you reboot the server and it will be
a standalone serve in a workgroup.
2) Run a metadata cleanup of the DC that was demoted per KB article
216498 on one of the replication partners.
3) If the demoted server held any of the FSMO (Flexible Single Master
Operations) roles then use the KB article 255504 to seize the roles to
another DC.
4) Once replication has occurred end to end in your environment you
can rejoin the demoted server back to the domain then promote to a DC.
You might have shot yourself in the foot when you did this:
I isolated the server from the network, launched the demote process
and, when asked, told it it was the last DC in the domain; but it
still complained about this not being true.
So I removed all other DCs from its copy of the Active Directory, and
then did the same as above; but even this failed again, with an error
about being unable to replicate a directory partition (to who? It was
supposed to be the only DC around!).
If the advice I pasted above does not work, you should probably burn a support call to MS (and pray that they'll still support you after what you've done.)
Edit: Just to be clear, the answer to your title question, "How can I save a domain controller after a USN rollback?" is "you don't."
I mean, you don't have to completely rebuild the machine, (though most people, including me, would advise you to,) but its use as a DC currently is over. Force remove AD from it, unjoin it from the domain, metadata cleanup on what's left of your domain, fully replicate and ensure the domain is healthy, then rejoin, and finally repromote.
Best Answer
Your issue is almost definitely due to the USN Rollback. Reverting back to a snapshot is not a supported method for recovering a DC. To resolve the issue, follow the steps outlined in the KB article you referenced. This will include Demoting the DC, cleaning up the metadata, and then promoting it.