Data Protection for VMware provides back up and restore protection for VMs that host Microsoft Active Directory Domain Controllers in both stand-alone and clustered environments. A clustered environment contains multiple domain controllers that participate in Active Directory. This protection prevents USN rollback.
USN rollback is a condition that results from restoring the Active Directory domain controller in an improper manner. When the domain controller is locally restored, this condition prevents any of its changes from being replicated to other domain controllers. These changes are not replicated because the restored USN is earlier than the USN that is tracked by the other domain controllers. Similar changes on other remote domain controllers are not replicated back to the locally restored domain controller. As a result, the topology remains in an unsynchronized state.
To prevent USN rollbacks, Data Protection for VMware protects guest VMs in a clustered environment where multiple domain controllers participate in Active Directory replication. The backed up VM guest that hosts the Active Directory domain controller is recovered by implementing non-authoritative restore.
Non-authoritative restore recovers the Active Directory (or domain controller) to the version taken at the time of the backup. When the recovered Active Directory (or domain controller) is restored, it is updated with information from the other domain controllers through the existing replication process.