Virtual Machine Generation Identifier (Windows Server 2012)

VM-Generation ID is a feature which provides capability to detect time shift events on virtual machines. It’s supported on following hypervisor:

1. Windows Server 2012

2. Hyper-V 2012 server

3. Windows 8

and new hypervisors.

As guest operating system Windows 8, Server 2012 and newer OS are supported.

We will try to understand its usage for Domain Controllers as it is major beneficiary of this feature.

When we revert DC it leads to USN rollback. This blog is not for USN rollback so I will not discuss it in details but precisely it leads to replication and access issues which are very difficult to troubleshoot.

In Windows Server 2012, a new attribute was introduced, VM-Generation ID (msDS-GenerationId).


The same VM-Generation ID is set on the virtual machine itself by Windows driver. Once Virtual Machine is restored with previous snapshot, the VM-Generation ID in device changes. When the virtual machine boots up, it compares the VM-Generation ID in Active directory (NTDS.dit) to that in virtual machine. If both are same then transaction is normal but in case of revert, change will be detected leading to rejection of both the RID pool and USN to protect the integrity of Active Directory. VM-Invocation ID is also reset.

Hence this new features solves the problem of USN rollback.