We have a domain controller (windows server 2012 R2) and few replication servers. I had taken a vmware snapshot of our DC few weeks back and today I had accidentally deleted few users and groups. So I reverted the DC to the last created snapshot. But now I am not able to login to the machine, even the administrator account doesn't seem to work. Any ideas how to fix it.
Unable to login to Domain Controller (windows server 2012 R2) after reverting VMWare snapshot
active-directorywindows-server-2012-r2
Best Answer
You should never, EVER use snapshots on domain controllers (*), otherwise a USN rollback (also known by other DCs as "you are bad and we don't want to talk with you anymore" and by sysadmins as "pain & suffering") will ensue.
https://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)
https://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#operational_considerations_for_virtualized_domain_controllers
https://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#usn_and_usn_rollback
The only way out of a USN rollback is to forcibly demote the non-replicating DC (or just reinstall it from scratch), clean up its metadata in Active Directory and then add it back to the domain and promote it again.
(*) Unless you really know what you are doing, and you take special care to do it properly; it can be done in some specific edge cases, but doing it carelessly is a sure way to kill a DC.