Home > Hyper-V > Domain Controllers P2V, Be Carefull with USN rollback

Domain Controllers P2V, Be Carefull with USN rollback

What is USN Rollback?

A domain controller tracks objects in AD based on their Update Serial Numbers (USN). Every object in AD has a USN. As objects are modified, the USN increases monotonically, like an odometer on a car. The latest USN on each DC is called the “high water mark”. During replication each DC compares its USN high water mark with the USN high water mark of its neighbors.

USN rollback happens when an older copy of Active Directory is restored but the computer fails to notify the other domain controllers that it was rolled back to an out-of-date copy of AD (and therefore that its high water mark has rolled back).

SCVMM provides guidance during the P2V process with domain controllers that should prevent both the new VM and the physical domain controller from being on at the same time. This must be avoided because it would lead to a situation called USN rollback .
The P2V wizard recommends offline mode which should be used so that the old and new domain controllers do not have the possibility of being online at the same time. By default, the NICs will also be disabled for additional safety. The NIC of the VM should only be re-enabled once the P2V process is complete and has been verified. At this point, the physical source machine will be off, and should never be brought back onto the network again before wiping it completely.

USN Rollback with Virtual Machine

USN rollback can happen if you use Virtual Machine’s snapshot feature to roll back a virtual DC to a prior snapshot without simultaneously rolling back all the other virtual DCs.

For more information about USN rollback, see the Microsoft Knowledge Base articles “How to detect and recover from a USN rollback in Windows 2000 Server” (Q885875), and “How to detect and recover from a USN rollback in Windows Server 2003” (Q875495).

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: