Windows Server 2019’s January 2019 Quality Update fixes the issue with Domain Controller Promotions for new domains

Windows Server

Windows Server 2019’s January 2019 Cumulative Quality Update, bringing the OS version to 17763.292 , offers a fix for the issue you might be experiencing on your Windows Server 2016 and Windows Server 2019-based Domain Controllers.

 

About Windows Server 2019 Updates

Microsoft issues two major updates each month for Windows Server 2019, as outlined in the Patching with Windows Server 2016 blogpost.

On the second Tuesday of each month (Patch Tuesday) Microsoft issues a cumulative update that includes security and quality fixes for Windows Server 2019. Being cumulative, this update includes all the previously released security and quality fixes.

In the second half of each month (generally the 3rd week of the month) Microsoft releases a non-security / quality update for Windows Server 2019.  This update, too, is cumulative and includes all quality and security fixes shipped prior to this release.

 

The issue

As we first encountered, reported the issue and then covered it here, we have all the details on this issue.

The issue is with Windows Server 2016 and Windows Server 2019-based installations, that you want to promote for a new domain in an existing forest, that has the Active Directory Recycle Bin enabled.

In this situation, creation of the domain fails.

Active Directory Domain Services Configuration Wizard

When you use the Active Directory Domain Services Configuration Wizard, it offers the following information:

An error occurred while trying to configure this machine as a Domain Controller

The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.

“The replication operation encountered a database error.”

PowerShell

When you use the Install-ADDSDomain PowerShell cmdlet, you receive the following error:

Install-ADDSDomain : The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.

“The replication operation encountered a database error.”

DCPromo Log

In dcpromo.log on the failed Domain Controller you find the following lines, indicating the error:

[INFO] DsRolepInstallDs returned 1356

 

The cause

This issue is caused by the Active Directory Recycle Bin optional feature being enabled and having update KB4464330 for Windows Server 2019 installed.

If the Active Directory Recycle Bin optional feature is not enabled yet, the Active Directory Domain Services Configuration Wizard and Install-ADDSDomain are successful, as you’d expect.

 

The solution

Back in October, when Windows Server 2019 wasn’t released yet, our advice was to uninstall KB4464330 for Windows Server 2019. Now, the solution is to install KB4476976.

When you experience the above issue, you are invited to install Windows Server 2019’s January 2019 Cumulative Quality Update (KB4476976) on your Active Directory Domain Controllers to resolve them. Test the update to avoid any issues with this update.

Note:
Interestingly, the issue in Windows Server 2016 was resolved in Windows Server 2016’s November 2018 Cumulative Quality Update. Two months ago…

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.