On-premises Identity-related updates and fixes for April 2024

Reading Time: 2 minutes

Windows Serrer

Even though Microsoft’s Identity focus moves towards the cloud, Windows Server 2016, Windows Server 2019 and Windows Server 2022 still receive updates to improve the experiences and security of Microsoft’s on-premises powerhouses.

This is the list of Identity-related updates and fixes we saw for April 2024:

 

Windows Server 2016

We observed the following update for Windows Server 2016:

KB5036899 April 9, 2024

The April 9, 2024, update for Windows Server 2016 (KB5036899), updating the OS build number to 14393.6897, is a monthly cumulative update. It does not include Identity-related improvements.

 

Windows Server 2019

We observed the following update for Windows Server 2019:

KB5036896 April 9, 2024

The April 9, 2024, update for Windows Server 2019 (KB5036896), updating the OS build number to 17763.5696, is a monthly cumulative update. It includes the following Identity-related improvements:

  • This update addresses an issue that affects DNS servers. Event 4016 is triggered for a timeout of the Lightweight Directory Access Protocol (LDAP). This occurs when DNS registrations are performed. Name registrations fail with Active Directory Domain Services (AD DS). The issue remains until the DNS service is restarted.
  • This update addresses an issue that causes your device to shut down after 60 seconds. This occurs when you use a smart card to authenticate on a remote system.
  • This update addresses an issue that affects temporary group memberships. Users whose memberships have expired appear when you search for them in LDAP. This occurs even though Active Directory has removed them.

 

Windows Server 2022

We observed the following update for Windows Server 2022:

KB5036909 April 9, 2024

The April 9, 2024, update for Windows Server 2022 (KB5036909), updating the OS build number to 20348.2402, is a monthly cumulative update. It includes the following Identity-related improvements:

  • This update addresses an issue that affects DNS servers. Event 4016 is triggered for a timeout of the Lightweight Directory Access Protocol (LDAP). This occurs when DNS registrations are performed. Name registrations fail with Active Directory Domain Services. The issue remains until the DNS service is restarted.
  • This update addresses an issue that affects the Group Policy service. It fails after an admin uses LGPO.exe to apply an audit policy to the system.
  • This update addresses an issue that affects the display of a smart card icon. It does not appear when you sign in. This occurs when there are multiple certificates on the smart card.
  • This update addresses an issue that causes your device to shut down after 60 seconds. This occurs when you use a smart card to authenticate on a remote system.
  • This update addresses an issue that affects temporary group memberships. Users whose memberships have expired appear when you search for them in LDAP. This occurs even though Active Directory has removed them.
  • This update addresses an issue that affects Windows Local Administrator Password Solution (LAPS) Post Authentication Actions (PAA). The actions occur at restart instead of at the end of the grace period.
  • This update addresses an issue that affects Name Service Provider Interface (NSPI) queries. They might fail. If they do, lsass.exe stops responding on a domain controller.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.