guy labs guy labs

VMware Snapshot and recovery: fix active directory replication

Two weeks ago I tried to install the newest updates onto one of our virtual domain controllers. Shortly explained it was not the best idea and I had to recover to the snapshot taken just before I launched the update process, lucky enough I remembered to take one. :) Yesterday morning I was told that the active directory content was different on both domain controllers. I found that hard to believe and had to take a look myself and yes, the content was different. How did that happen? I knew recovering from a snapshot may result in issues but I didn't see it in the first place. After looking around I found out I had a so called USN rollback to do because of a "dirty" rollback of the active directory. Microsoft is aware of the issue and has posted an article about it:;EN-US;875495 So the way would have been demoting and promoting a domain controller, and this during the day? No way... there had to be another solution. So I checked the replication status: Result was: This was odd, I checked the USN on both machines and they were identical. So the replication was not a total failure, but somehow not working as usual. Next I wanted to make sure the inbound and outbound replication were working and that the global catalog was still working: And there it was, the output revealed the problem: Inbound and outbound replication were disabled on the recovered virtual domain controller. So enabling those two parameters did the trick: After waiting...