anthonymaw
Contributor
Contributor

Reverting a Domain Controller snapshot, in a multi-DC environment, to an earlier point in time is no different than if the server had been powered off for a while and booted up again.

The member DC will contact it's peer DCs and see that its USN is lower and initiate a full replication sync.

Snapshots are best done when VMware Tools triggers Windows Volume Shadow Copy Services to quiesce the Active Directory database write operations.

However the AD ESE database engine is very robust and restoring a "dirty" snapshot without VMware Tools/VSS quiescing generally causes no problems either.

Its just like if the server suffered a power failure, stayed off for a while before rebooted.

Reverting a snapshot should not be confused with restoring Active Directory from a backup, like if you accidentally deleted an object.

The only issue is restoring a snapshot more than sixty days old because some previously deleted AD "tombstoned" objects might reappear.

So it's best not to revert DC snapshots more than 60 days old.

Reply
0 Kudos