Skip navigation

JSI Tip 5376. Active Directory inconsistency after you restore a domain controller?

After you restore a domain controller, you notice inconsistencies between domain controllers? Your event log records Event ID 1587, with a description similar to:

The Directory Service Agent (DSA) corresponding to objectGuid d0a6a575-1702-4f4e-bf68-bb2a1f875188 has asked for changes starting at a bookmark preceding the local DSA's most recent restore from backup at USN 14727614. The bookmark is being adjusted as follows:

Previous Invocation ID: bc546028-fae7-4178-abe0-d294694da32b
Previous Object Update USN: 15853571
Previous Property Update USN: 15853571
New Invocation ID: ae6286cb-740b-4bb3-ace7-1577efa9dc1f
New Object Update USN: 14727614
New Property Update USN: 14727614

When you restore a domain controller, the highest committed USN is rolled back to when the backup was created. The domain controller's invocation ID is retired and a new one is assigned.

Some lingering objects may be present on the restored domain controller.

To workaround this issue, demote and promote the restored domain controller.

To prevent this problem, download the MS01-036 hotfix.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.