one of the single dc per domain DCs has suffered USN rollback

Solution 1:

I think the safest thing to do is to call Microsoft Support and have them guide you through it. The thing is, doing something as simple as manually modifying the Dsa Not Writable registry entry can land you in a permanently unsupported state.

With that disclaimer out of the way, the thing with USN rollbacks is that you need another DC in the domain to be the authoritative standard to roll back to for your domain. Since you have only 1 DC in the domain, you don't have that.

You have a system state backup?

A correctly restored domain controller resets its local invocation ID attribute when it restarts into Active Directory after its system state is restored by using a supported backup and restore method. When the reset invocation ID is outbound-replicated, remote domain controllers in the forest record the reset invocation ID as a new database instance on the restored domain controller. Although the restored domain controller is still the same domain controller, the remote domain controllers acknowledge this restored domain controller as a new replication partner because the invocation ID changed. (The invocation ID is the identity of the database instance.) The restored domain controller itself will accept changes from other remote domain controllers that originated on the remote domain controllers and on the domain controller before it was restored.

This is pretty much your bible on this matter: http://support.microsoft.com/kb/875495/en-US

Don't have a system state backup? You could set the AD database to give itself a new invocation ID:

http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#backup_and_restore_considerations_for_virtualized_domain_controllers

None of that worked? Then look on the bright side: at least you only lost one domain!