How does Recovery Manager for AD manage the USN?
Lets suppose that an attribute of some object is changed on domain controller X. Then before the change on domain controller X has had a chance to replicate, the same attribute of the same object is changed on domain controller Y. Active Directory must ensure that when replication has occurred, all replicas agree on the value of the updated attribute.
Active Directory ensures this agreement by attaching a unique stamp to each replicated attribute value (or multi-value) during an originating update. This stamp travels with the value as the value replicates. If the stamp of the value that was replicated is larger than the stamp of the current value, the current value (including the stamp) is replaced; otherwise, the current value (including the stamp) is left alone.
The stamp has the following three components:
* The version is a number that is incremented for each originating write. That is, when performing an originating write, the version of the new value is one larger than the version of the value that is being overwritten. If the attribute was never written before, the version that was assigned to its first originating write is 1.
* The originating time is the time of the originating write, to a one-second resolution, according to the system clock of the domain controller that performed the write.
* The originating DSA <mk:@MSITStore:C:\distrib.chm::/CHM=GLOSS.CHM;DISTRIB.CHM%20FILE=ResKitGloss.HTM> is a GUID that identifies the domain controller that performed the originating write.
Therefore, there is a difference between doing an Online restore using Recovery Manager for AD and marking object as Authoritative restore using ntdsutil. Both products do not increase the USN but they increase the version of the attribute. In order to make changes authoritative you simply need to set value of version to the highest value in the forest. Since ntdsutil is designed for offline restore, it cannot obtain this information about the most current version. It therefore increases the value by 100000 for the Age of Backup. On the other hand RMAD modifies the version number to a necessary value only to make sure that changes will be propagated within forest.
In other words, during an online restore Recovery Manager knows the value of the highest version number of the attribute and will only increase it by the number necessary to ensure propagation. The ntdsutil tool cannot determine the attribute value and will therefore increase that value to a number much higher, i.e. 100000, to ensure that propagation is done when the domain controller is back online.
