Windows Server 2019’s January 2019 Cumulative Quality Update, bringing the OS version to 17763.292 , offers a fix for the issue you might be experiencing on your Windows Server 2016 and Windows Server 2019-based Domain Controllers.
About Windows Server 2019 Updates
Microsoft issues two major updates each month for Windows Server 2019, as outlined in the Patching with Windows Server 2016 blogpost.
On the second Tuesday of each month (Patch Tuesday) Microsoft issues a cumulative update that includes security and quality fixes for Windows Server 2019. Being cumulative, this update includes all the previously released security and quality fixes.
In the second half of each month (generally the 3rd week of the month) Microsoft releases a non-security / quality update for Windows Server 2019. This update, too, is cumulative and includes all quality and security fixes shipped prior to this release.
The issue
As we first encountered, reported the issue and then covered it here, we have all the details on this issue.
The issue is with Windows Server 2016 and Windows Server 2019-based installations, that you want to promote for a new domain in an existing forest, that has the Active Directory Recycle Bin enabled.
In this situation, creation of the domain fails.
Active Directory Domain Services Configuration Wizard
When you use the Active Directory Domain Services Configuration Wizard, it offers the following information:
An error occurred while trying to configure this machine as a Domain Controller
The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.“The replication operation encountered a database error.”
PowerShell
When you use the Install-ADDSDomain PowerShell cmdlet, you receive the following error:
Install-ADDSDomain : The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.“The replication operation encountered a database error.”
DCPromo Log
In dcpromo.log on the failed Domain Controller you find the following lines, indicating the error:
[INFO] DsRolepInstallDs returned 1356
The cause
This issue is caused by the Active Directory Recycle Bin optional feature being enabled and having update KB4464330 for Windows Server 2019 installed.
If the Active Directory Recycle Bin optional feature is not enabled yet, the Active Directory Domain Services Configuration Wizard and Install-ADDSDomain are successful, as you’d expect.
The solution
Back in October, when Windows Server 2019 wasn’t released yet, our advice was to uninstall KB4464330 for Windows Server 2019. Now, the solution is to install KB4476976.
When you experience the above issue, you are invited to install Windows Server 2019’s January 2019 Cumulative Quality Update (KB4476976) on your Active Directory Domain Controllers to resolve them. Test the update to avoid any issues with this update.
Note:
Interestingly, the issue in Windows Server 2016 was resolved in Windows Server 2016’s November 2018 Cumulative Quality Update. Two months ago…
Login