直接从AskDS博客：

To correct this situation we need to do the following on the DC that
has the roll back issue.

1) Forcefully demote the DC by running dcpromo /forceremoval. This
will remove AD from the server without attempting to replicate any
changes off. Once it is done and you reboot the server and it will be
a standalone serve in a workgroup.

2) Run a Metadata cleanup of the DC that was demoted per KB article
216498 on one of the replication partners.

3) If the demoted server held any of the FSMO (Flexible Single Master
Operations) roles then use the KB article 255504 to seize the roles to
another DC.

4) Once replication has occurred end to end in your environment you
can rejoin the demoted server back to the domain then promote to a DC.

当你这样做时,你可能会在脚下开枪：

I isolated the server from the network,launched the demote process
and,when asked,told it it was the last DC in the domain; but it
still complained about this not being true.

So I removed all other DCs from its copy of the Active Directory,and
then did the same as above; but even this Failed again,with an error
about being unable to replicate a directory partition (to who? It was
supposed to be the only DC around!).

如果我上面粘贴的建议不起作用,你可能应该给MS打一个支持电话(并祈祷他们在你做完之后仍会支持你.)

编辑：为了清楚,你的标题问题的答案,“如何在USN回滚后保存域控制器？”是“你没有.”

我的意思是,你不必完全重建机器,(尽管包括我在内的大多数人会建议你),但它作为DC的使用目前已经结束了.强制从中删除AD,从域中取消它,在域的剩余部分清除元数据,完全复制并确保域健康,然后重新加入,最后重新启动.