Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.
This is the list of Identity-related updates and fixes we saw for March 2023:
Windows Server 2016
We observed the following update for Windows Server 2016:
KB5023697 March 14, 2023
The March 14, 2023, update for Windows Server 2016 (KB5023697), updating the OS build number to 14393.5786, is a monthly cumulative update and includes two Identity-related improvements:
- It addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
- This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is:
Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’
Windows Server 2019
We observed the following updates for Windows Server 2019:
KB5023702 March 14, 2023
The March 14, 2023, update for Windows Server 2019 (KB5023702), updating the OS build number to 17763.4131, is a monthly cumulative update and includes three Identity-related improvements:
- It addresses an issue that might affect lsass.exe. It might stop responding when it sends a Lightweight Directory Access Protocol (LDAP) query to a domain controller that has a very large LDAP filter.
- It addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
- This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is:
Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’
Windows Server 2022
We observed the following updates for Windows Server 2022:
KB5023705 March 14, 2023
The March 14, 2023, update for Windows Server 2019 (KB5023705), updating the OS build number to 20348.1607, is a monthly cumulative update and includes three Identity-related improvements:
- It addresses an issue that affects Azure Active Directory (Azure AD). Using a provisioning package for bulk provisioning fails.
- It addresses an issue that occurs when an access control policy in Active Directory Federation Services (AD FS) denies you access to a resource. When you sign out, the system does not delete the POST Security Assertion Markup Language (SAML) Request cookie. This stops you from choosing other resources the next time you sign in.
- This update addresses an issue that affects the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This occurs after you run Sysprep on a domain-joined machine.
- This update addresses an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails. This occurs on devices that have installed Windows updates dated October 11, 2022 or later. The error message is:
Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: ‘An account with the same name exists in Active Directory. Re-using the account was blocked by security policy.’
Login