Reverting a snapshot of an active Domain Controller can be a risky and problematic issue.
Use at your own risk!
1) Revert to your last known good snapshot
2) Disable your network card so that it is unable to talk to the network
3) Note the value of your Invocation Id
- From a command prompt run the following command
- Repadmin /showrepl
4) Reboot your Domain Controller and make sure you boot into Directory Services Restore Mode
5) Stop the NTFRS service
6) From a command prompt start Regedit
Drill down to HKLM – System – CurrentControlSet – Services – NTDS – Parameters
Modify the RegKey “Database restored from backup” = 1
If this RegKey doesn’t exist create one as a DWORD and set to a 1
If the RegKey DSA Previous Restore Count exists in the same path, note its value. Upon reboot it should increment by one. If it didn’t exist it should be created and it should be set to a value of 1.
Drill down to HKLM – SYSTEM – CurrentControlSet – Services – NtFrs – Parameters – Backup – Restore – Process
Modify the RegKey BurFlags to D2
7) Reboot the server
8) Log back in to the Domain Controller
Verify that the Invocation Id has changed
In the Event Log look for the Event Id 1109 (AD restored from backup)
9) If both events have occurred in bullet point 8 then, enable the network card again