VMware Snapshot and recovery: fix active directory replication
WindowsTwo weeks ago I tried to install the newest updates onto one of our virtual domain controllers. Shortly explained it was not the best idea and I had to recover to the snapshot taken just before I launched the update process, lucky enough I remembered to take one. :)
Yesterday morning I was told that the active directory content was different on both domain controllers. I found that hard to believe and had to take a look myself and yes, the content was different. How did that happen?
I knew recovering from a snapshot may result in issues but I didn't see it in the first place. After looking around I found out I had a so called USN rollback to do because of a "dirty" rollback of the active directory. Microsoft is aware of the issue and has posted an article about it:Â https://support.microsoft.com/default.aspx?scid=kb;EN-US;875495
So the way would have been demoting and promoting a domain controller, and this during the day? No way... there had to be another solution. So I checked the replication status:
Result was:
This was odd, I checked the USN on both machines and they were identical. So the replication was not a total failure, but somehow not working as usual. Next I wanted to make sure the inbound and outbound replication were working and that the global catalog was still working:
And there it was, the output revealed the problem:
Inbound and outbound replication were disabled on the recovered virtual domain controller. So enabling those two parameters did the trick:
After waiting...
/ 27/