I’m speaking at the European SharePoint Conference next week

Bella Center in Copenhagen, Denmark

Next week, I’ll present a 60-minute break-out session on the General Data Protection Regulation (GDPR) at the European SharePoint, Office 365 & Azure Conference at the Bella Center in Copenhagen, Denmark.

After I presented this session with a standard slide deck from Microsoft at the Amsterdam Tech Summit, Donald Hessing invited me to present an updated version of that deck at the European SharePoint, Office 365 & Azure Conference. He liked the way I presented the session and wanted the same approach, but with slightly more room for adjustments, humor and horror stories.

      

About the European SharePoint, Office 365 & Azure Conference

European SharePoint Office 365 & Azure ConferenceThe European SharePoint, Office 365 & Azure Conference (ESPC) is Europe’s leading online community, providing educational resources and encouraging collaboration.

Each year, the European SharePoint, Office 365 & Azure Conference gathers SharePoint, Office 365 and Azure experts from around the world in one European location for the largest conference of its kind.

The European SharePoint, Office 365 and Azure Conference is part of QualTech Conferences and is based in Galway, Ireland. QualTech has 18 years of experience in organising leading European IT conferences.

This year’s European SharePoint, Office 365 & Azure Conference will be hosted at the Bella Center in Copenhagen, Denmark from November 26th 2018 till November 29th 2018.

    

About my session

I’m scheduled to present a 60-minute breakout session on:

GDPR: Where the Rules Meet Microsoft 365 Technologies

Wednesday November 28th 2018, 2PM – 3PM, Session Code W25, Level 200

Learn how the General Data Protection Regulation (GDPR) law imposes new rules on companies, government agencies, and other organizations that offer goods and services to people in the EU or that collect and analyze data tied to EU residents.

This session discusses those requirements, and how certain Microsoft 365 products map to these capabilities, what licenses organizations need and where to find more information and guidance.

         

GDPR is the ultimate boring stuff to present on, but I’m having fun laying down the need for it by going through our industry’s worst practices. I feel we need to grow up, as an industry. I feel the GDPR is our means to do so.

  

Join us!

Join Chris Petit, me and over 2000 attendees at the European SharePoint, Office 365 & Azure Conference. Learn, connect and be inspired at Europe’s largest Independent Conference on Microsoft Technologies.

Register here!

0  

Pictures of VMware VMworld Europe 2018

VMworld Europe 2018 at the Fira Gran Via (click for larger photo)

Last week, I presented at VMware’s VMworld Europe 2018.

KLM's Lounge at Amsterdam Schiphol Airport (blurred for privacy)Exit Row Space. Thank you, Air France (click for larger photo)

After a last-minute day of work for a customer on Monday, I flew into Barcelona El Prat (BCN) airport via Paris Charles de Gaulle (CDG) airport. As usual, KLM and Air France were extremely nice to me with some leg space on both flights and good food in the lounges.

I arrived at the Santos Porta Fira hotel around midnight and decided to go straight to bed, instead of visiting any of the pre-booked parties. I imagined it would attribute to my overall mood on Tuesday in a positive way.

Waking up in sunny Barcelona! (click for larger photo)
Room with a view (click for larger photo)Fira Gran Via (click for larger photo)

The next morning, I woke up with the sun pouring into my room. Compared to the gloomy rainy days we were having in the Netherlands the days before the event, this was a welcome change!

Another nice surprise was the view. I overlooked the South entrance of the Fira Gran Via, which meant I only had to walk a small distance (to the North entrance) to register and to meet up with Deji Akomolafe in Hall 8’s speaker room.

I headed over to the venue, after a strong breakfast in the hotel.

Fira Barcelona Sign at Fira Gran Via's South Entrance (click for larger photo)VMworld Begins With You (click for larger photo)
VMworld Europe 2018 at Fira Gran Via (click for larger photo)

After lunch, Deji and I tried to squeeze 120 minutes of Active Directory goodness into our 60 minute session. We discussed Time Synchronization and the VM-GenerationID, but didn’t have time to talk about VMCrypt and Active Directory-as-a-Service.

Smile! Deji and I a couple of moments before starting our session (click for larger photo)Sneaking off stage to snap a picture of Deji entertaining our audience (click for larger photo)

Note:
Matt and I covered more ground at VMworld in Las Vegas, so I advise you to watch the recording of that session (VAP1898BU), instead of the recording of this one (VAP1898BE).

After our session, we answered a couple of questions from the audience, before we went back to the speaker lounge.

At 4:15PM, it was time for Deji’s “Meet the Experts” session (MTE5029E). Unfortunately, Deji couldn’t make it in time for this whiteboard session, and had to leave early, but I’m glad I could cover for him and make the session worthwhile the attendees’ time.

After this session, I went outside, took a cab back to the airport and flew back home.

    

Thank you! Thumbs up

Thank your VMware, for inviting me as a VMworld speaker, to Deji, and to all the people attending, sitting in on our sessions and, of course, the people who stuck around after these sessions for the interesting discussions. This was certainly a learning opportunity and I’m glad we have al made it work, again.

0  

I’m speaking at Office 365 and SharePoint Connect 2018

Office 365 and SharePoint Connect logo

Office 365 is the cloud service most organizations use. Some of them are not be aware Azure Active Directory lives underneath their cloud service or behind the ‘Office 365 Identity Platform’ Relying Party Trust (RPT) in Active Directory Federation Services (AD FS). That’s why I’ll present on Azure AD Connect on NCComms’ Office 365 and SharePoint Connect 2018 conference in Haarlem from November 13th 2018 till November 15th, 2018.

     

About Office 365 and SharePoint Connect 2018

The Office 365 and SharePoint Connect 2018 conference presents news and announcements from Microsoft Ignite as well as deeper dives into the key topics across Office 365, SharePoint, Azure, OneDrive and Teams. Speakers also include material on wider industry trends such as AI.

Learn how you can move yourself and your company forward with the expert speakers who share their experience, knowledge, and best practices, plus real-world project insights.
PLUS – You also have the chance to find out more from the experts who bring you the very latest “What’s new” straight after Microsoft Ignite.

The Office 365 and SharePoint Connect 2018 conference returns to the Netherlands for the eighth year, this year. Speakers for this year’s Office 365 and SharePoint Connect 2018 include Adis Jugo, Bill Ayers, Donald Hessing, Jussi Roine, Maarten Eekels, Patrick Guimonet, and my buddies Mustafa Toroman, Sasha Kranjac and Tomislav Lulic.

     

About my session

I’ll present one 60-minute session on:

Azure AD Connect, Inside Out

Room B, Wednesday November 14th 2018, 10:15AM – 11:15AM

New hybrid cloud scenarios introduce new identity challenges. But how do you overcome these? How do you properly design and implement Hybrid Identity in real world scenarios?

In this demo-packed session I turn Microsoft’s free Hybrid Identity ‘bridge’ product, Azure AD Connect, inside out, showing all the good stuff, but also the gory details!

        

Join us!

Join some of the very best independent experts from around the world, and Microsoft, as they come together at Office 365 & SharePoint Connect this November in the beautiful city of Haarlem, Netherlands.

Register here.

0  

Azure AD Connect moves to TLS 1.2-only with version 1.2.65.0

Azure AD Connect

Last week, Microsoft released a new version of Azure AD Connect, its free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.

         

What’s New

Write-back of msExchUcVoicemailSettings

The Azure AD Connect team changed the functionality of attribute write-back to ensure hosted voice-mail is working as expected. Under certain scenarios, Azure AD was overwriting the msExchUcVoicemailSettings attribute during write-back with a $null value. Azure AD Connect will now no longer clear the on-premises value of this attribute if the cloud value is not set.

       

Notifications and remediation of non-default rules

The Azure AD Connect team enhanced the handling of changed default rules. You are now notified if you have made changes to the default rules and are offered options to repair the default rules.

     

Test Azure AD Connectivity

The Azure AD Connect team added diagnostics in the Azure AD Connect Wizard to investigate and identify connectivity issues to Azure AD. These same diagnostics can also be run directly through Windows PowerShell using the Test- AdSyncAzureServiceConnectivity Cmdlet.

   

Test AD Connectivity

The Azure AD Connect team added diagnostics in the Azure AD Connect Wizard to investigate and identify connectivity issues to AD. These same diagnostics can also be run directly through Windows PowerShell using the Start-ConnectivityValidation function in the ADConnectivityTools PowerShell module.

    

Hybrid Azure AD Join and Device Write-back Schema Pre-Check

The Azure AD Connect team added an Active Directory schema version pre-check for Hybrid Azure Active Directory Join and device write-back.

     

Easier attribute search for directory extensions

The Azure AD Connect team changed the Directory Extension page attribute search functionality to be non-case sensitive.

    

Full TLS 1.2 Support

The Azure AD Connect team added full support for TLS 1.2. This release supports all other protocols being disabled and only TLS 1.2 being enabled on the machine where Azure AD Connect is installed.

    

What’s Fixed

Upgrades when using SQL Always On

The Azure AD Connect team fixed a bug where Azure AD Connect Upgrade would fail if SQL Always On was being used. This fix was part of Azure AD Connect 1.1.882.0.

  

Display of OUs with forward slahes in their names

The Azure AD Connect team fixed a bug to correctly parse names of Organizational Units (OUs) that contain a forward slash.

     

PTA disabled in Staging Mode

The Azure AD Connect team fixed an issue where Pass-Through Authentication would be disabled for a clean install in staging mode.

    

Loading of Troubleshooting PowerShell Module

The Azure AD Connect team fixed a bug that prevented the PowerShell module to be loaded when running the Troubleshooting tools.

        

Hostname issues for Servers running Azure AD Connect

The Azure AD Connect team fixed a bug that would block customers from using numeric values in the first character of a host name.

   

Integrity for partition and container selections

The Azure AD Connect team fixed a bug where Azure AD Connect would allow invalid partitions and container selection.

   

Invalid Pasword errors with Desktop SSO

The Azure AD Connect team fixed the “Invalid Password” error message when Desktop Single Sign-On (SSO) is enabled.

   

AD FS Trust Management

The Azure AD Connect team fixed various bugs for managing the ‘Office 365 Identity Platform’ Relying Party Trust (RPT) for Active Directory Federation Services (AD FS).

      

Schema Check for Device Write-back

The Azure AD Connect team fixed the schema check to look for the msDs-DeviceContainer object class (introduced with Active Directory Domain Servives on Windoes Server 2012 R2) when you configure Device Write-back.

Version information

This is version 1.2.65.0 of Azure AD Connect.
It was signed off on on October 25th, 2018 and available for download since October 27th, 2018..

      

Download

You can download Azure AD Connect here.
The download weighs 83,7 MB

    

Concluding

This is the first release of Azure AD Connect in the 1.2 branch of releases. Coincidentally, it aligns with the TLS 1.2 enforcement in Azure AD Connect towards Azure AD.

The new connectivity tests to Active Directory Domain Services (especially in multi-forest scenarios) and Azure AD  are a most welcome treat!

0  

What’s New in Azure Active Directory for October 2018

Azure Active Directory

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following new and changed functionality for Azure Active Directory for October 2018:

     

What’s New

Azure AD Logs now work with Azure Log Analytics (Public preview)

Service category: Reporting
Product capability: Monitoring & Reporting

The Azure AD Team is excited to announce that you can now forward your Azure AD logs to Azure Log Analytics! This top-requested feature helps give you even better access to analytics for your business, operations, and security, as well as a way to help monitor your infrastructure. For more information, see the Azure Active Directory Activity logs in Azure Log Analytics now available blog.

      

New Federated Apps available in Azure AD app gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In October 2018, The Azure AD Team has added these 14 new apps with Federation support to the app gallery:

     

Azure AD Domain Services Email Notifications

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Azure AD Domain Services provides alerts on the Azure portal about misconfigurations or problems with your managed domain. These alerts include step-by-step guides so you can try to fix the problems without having to contact support.

Starting in October, you’ll be able to customize the notification settings for your managed domain so when new alerts occur, an email is sent to a designated group of people, eliminating the need to constantly check the portal for updates.

For more information, see Notification settings in Azure AD Domain Services.

       

What’s Changed

Azure AD portal supports using the ForceDelete domain API to delete custom domains

Service category: Directory Management
Product capability: Directory

The Azure AD Team is pleased to announce that you can now use the ForceDelete domain API to delete your custom domain names by asynchronously renaming references, like users, groups, and apps from your custom domain name (for instance, contoso.com) back to the initial default domain name (for instance, contoso.onmicrosoft.com).

This change helps you to more quickly delete your custom domain names if your organization no longer uses the name, or if you need to use the domain name with another Azure AD.

For more information, see Delete a custom domain name.

1  

I’m speaking at the 2018 Heliview People-centric IT Event

Soccer club Feyenoord's "De Kuip" stadion in Rotterdam

On November 13th, 2018, Heliview Congresses and Training organizes the People-centric IT event at Soccer club Feyenoord’s “De Kuip” Stadion. I’m delivering a 25-minute session.

     

About Heliview Congresses and Training

Heliview Congresses and Training Dutch offers managers and senior specialists a stage to share and consume knowledge in their field of expertise. Additionally, personal networking is highly encouraged during their events throughout the Netherlands and Belgium.

Heliview Congresses and Training also offers training. For 2018 they have several topics on their schedule, including cyber resilience, data quality, IT outsourcing, data privacy and security awareness.

Heliview Congresses and Training was founded in 1983.

     

About the People-centric IT Event

The People-centric IT Event is a yearly congress on how people use IT. During this event, the focus is not on devices, or the Operating System (OS), but the person using them. Productivity and End-user Experience are key to this event.

Heliview Congresses and Training organizes the 2018 People-centric IT Event Dutch on November 13th, 2018 at Soccer club Feyenoord’s “De Kuip” Stadion in Rotterdam, the Netherlands Dutch.

    

About my presentation

I’m presenting a 25-minute session, titled:

Our three biggest challenges solved in under 25 minutes? Because cloud.

11:25AM – 11:50AM, Break-Out C, Security track

Organizations spend a large portion of their IT budgets to making their people achieve more productivity by minimizing the time they need to get productive again when anything IT-related breaks and by allowing them to fix things themselves.

In Microsoft’s latest products and technologies, we find ways to address the three areas, that we feel are the three biggest challenges for organizations today:

Passwords resets

Let’s get rid of passwords and costly password resets. People should not have to use passwords for their day-to-day work, but even if we can’t achieve that we have to help them reset passwords and PINs. Also, we should help them create strong passwords, so they aren’t as sensitive anymore.

Ransomware, never again

With built-in technologies in the latest versions of Windows 10, we can detect ransomware in its previously undetected phase. By whitelisting applications for access to our organizational data, malware has no chance to wreak havoc on our networks.

Imaging is so 2011

Today, we’re still handing out devices to people on-premises. 2011 called… it wants its processes back. Alternatively, we can put our trust in the integrity of the Windows 10 Operating System and use cloud-enabled functionality like AutoPilot and Intune to give people safe access to organizational data.

  

Join us!

As an employee of an organization that contemplates the use of new People-centric IT solutions, you can join the Heliview People-centric IT Event for free. Alternatively, you can buy a € 645 ticket, without 1 on 1 talks or questionnaire. This price tag also applies to advisors, consultants and students.

You can sign up here Dutch.

0  

Pictures of Microsoft Sinergija 2018

Last Wednesday I presented a 60-minute break-out session at Microsoft Serbia’s annual Sinergija event.

I flew into Belgrade’s Nikola Tesla airport on Tuesday night and was welcomed by Microsoft Sinergija’s regular driver in his (new) black Audi. It was a smooth experience all the way to the Crowne Plaza hotel. I went straight to bed to be rested for Sinergija Day 1.

Belgrade plaque at the Crowne Plaza (click for larger photo)The Belgrade Crowne Plaza at a cloudy day (click for a larger photo)

After enjoying a breakfast, featuring ćevapčići and a lot of coffee, I stepped outside of the Crowne Plaza Hotel for a breath of fresh air. It was very cloudy, outside, and decided to use it as inspiration for the slides for my session ‘Going password-less’.

Passwords Be Gone! (Click for a larger photo, by the Sinergija Organization)

At 5:30PM, I started my session in room Atlantic 1. Since English is not a main language for Serbians and people from other former-Yugoslavian countries, I decided to use PowerPoint Translator again to provide live subtitles as a service.

My Sinergija 18 BadgeA nice glass of Rakija, one of many that night (click for larger photo)

After my session, it was time for some relaxation. With all the speakers, we decided to have dinner and drinks.

A picture of the Sinergija Party (click for larger photo by the Sinergija Organization)A picture of the Sinergija Party (click for larger photo by the Sinergija Organization)A picture of the Sinergija Party (click for larger photo by the Sinergija Organization)

At 8PM, it was time for the Sinergija Party! Branislava drove us to the venue, Splav Play on the river Sava. We had a great time.

At 5AM, the regular driver was waiting for me downstairs, to bring me to the airport for my 6:40AM flight back to Amsterdam Schiphol airport. Then, I spent the day at the office for some customers.

Back home, I decided to check out the speaker gift in the event bag. It turned out to be quite a surprise, as this year’s Sinergija gift was an entire kilogram of meat delicacies.

Sinergija 18's Speaker Gift :-) (click for larger photo)

Thank you! Thumbs up

Thank your Microsoft Serbia, for inviting me as a Sinergija speaker, to Romeo, Tomislav, Vlatko and all my other amazing friends from the region, and to all the people attending and, of course, the people sitting in on my session. I’m glad we have al made it work.

Further reading

I’m speaking at Microsoft Sinergija 18 
Pictures of Microsoft Sinergija 16  
I’ll be presenting at Microsoft Sinergija 16 
Pictures of Microsoft Sinergija 2014 
I’ll be presenting at Microsoft Sinergija 2014

0  

KnowledgeBase: KB4462917 breaks Domain Controller Promotions for new Active Directory domains in existing forests

KnowledgeBase

Microsoft’s October 9th, 2018 Security update KB4462917, raising Windows Server 2016 to build 14393.2551, feature a security update for the JET Database engine. However, this update seems to cause an issue with Windows Server installations intended to become Active Directory Domain Controllers.

One of my team members at SCCT experienced this issue at a customer and we decided to investigate a bit more. We were able to reproduce the issue and decided to share our experiences, below.

 

The situation

You have an Active Directory Domain Services (AD DS) environment, with the Active Directory Recycle Bin optional feature turned on.

You want to implement a new Windows Server 2016-based Domain Controller to this environment for a new Active Directory domain, using the Add a new domain to an existing forest option in the Active Directory Domain Services Configuration Wizard or the Install-ADDSDomain PowerShell Cmdlet.

Note:
It does not matter if you use the Active Directory Domain Services Configuration Wizard or the Install-ADDSDomain PowerShell Cmdlet for promotion.

Note:
It does not matter if you try to create a new child domain or a new tree domain.

The intended Domain Controller is fully patched.

 

The issue

In this situation, creation of the child domain fails.

 

Active Directory Domain Services Configuration Wizard

When you use the Active Directory Domain Services Configuration Wizard, it offers the following information:

An error occurred while trying to configure this machine as a Domain Controller

The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.

 

“The replication operation encountered a database error.”

 

PowerShell

When you use the Install-ADDSDomain PowerShell cmdlet, you receive the following error:

Install-ADDSDomain : The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration, DC=domain,DC=tld from the remote Active Directory Domain Controller FullyQualifiedDCName.

“The replication operation encountered a database error.”

 

DCPromo Log

In dcpromo.log on the failed Domain Controller you find the following lines, indicating the error:

[INFO] DsRolepInstallDs returned 1356

 

Event Viewer

In Event Viewer (eventvwr.exe) on the failed Domain Controller , you find an event log entry with source ActiveDirectory_DomainService Replication with Event ID 2140, task Replication and type Error:

While processing of an Active Directory Domain Services replication request, the Active Directory Domain Services attempted to modify the list of enabled optional features for the forest.  The Active Directory Domain Services is currently enabling or disabling one or more optional features.  Therefore, modifications to the list of enabled optional features for the forest are not being accepted at this time, so the replication request failed.  The Active Directory Domain Services will temporarily discontinue this replication request.  The replication request will be attempted again later.

Request Details:

Object being modified: CN=BootMachine,O=Boot

Attribute being modified: msDS-EnabledFeature

Value being modified: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a

Optional feature: Recycle Bin Feature

 

The cause

This issue is caused by the Active Directory Recycle Bin optional feature being enabled.

If the Active Directory Recycle Bin optional feature is not enabled yet, the Active Directory Domain Services Configuration Wizard and Install-ADDSDomain are successful, as you’d expect.

 

The solution

After uninstalling Microsoft’s October 9th, 2018 Security update KB4462917 on Windows Server 2016, the Windows Server installation is able to successfully promote to an Active Directory Domain Controller.

After promotion, the update can be safely reinstalled.

We have reason to believe, the issue also exists with:

 

Safari HatHat Tip

Thanks for bringing this issue to my attention, Max Gaulhofer.
Thanks for identifying the initial workaround, Frank Zegers.

2  

I’m speaking at VMware VMworld Europe 2018

VMworld Europe 2018

After the rave reviews on our sessions at VMware’s VMworld US 2018 event, I’m happy to announce that I have been invited by VMware to also present at VMworld Europe 2018 in Barcelona.

This time, I will share the stage for a 60-minute break-out session with Deji Akomolafe, Staff Solutions Architect at VMware.

  

About VMware VMworld

VMworld is a global conference for virtualization and cloud computing, hosted by VMware. It is the largest virtualization-specific event. Each year, there is a VMworld US and a VMworld Europe event, addressing VMware’s two main target geographies.

VMworld Europe 2018 is hosted at the Fira Gran Via Convention Center in Barcelona, Spain from Monday November 5, 2018 to Thursday November 8, 2018.

  

About my session

I’ll make one main appearance during VMware VMworld Europe 2018, besides the obvious parties and gatherings. Winking smile

Virtualize Active Directory the right way!

VAP1898BE, Tuesday November 6 12:30PM – 1:30PM, Breakout

Active Directory Domain Services (ADDS) allow organizations to deploy a scalable and secure directory service for managing users, resources, and applications. Virtualization of AD DS has been supported for many years now, but has required careful management to avoid pitfalls around replication, time management, and access. While Windows Server 2012 provides greater support for virtualization by including virtualization-safe features and support for rapid Domain Controller deployment, Windows Server 2016 added more virtualization and cloud-focused security enhancements with features such as the Host Guardian Service and Shielded VMs.

In this session, Deji Akomolafe and I share our many do’s and don’ts and show VMware vSphere’s enhanced security feature, VM Encryption for vSphere – VMCrypt, which provides persistent, OS-agnostic VM data encryption across the virtual infrastructure.

   

Join us!

Join me while I take the stage with Deji.
Don’t miss out and register for VMware VMworld Europe 2018.

0  

Windows Server 2016’s October 2018 Quality Update brings several Active Directory fixes

Windows Server 2016

Windows Server 2016’s October 2018’s Cumulative Quality Update, bringing the OS version to 14393.2580, offers a total of three fixes for issues you might be experiencing on your Windows Server 2016-based Domain Controllers and Active Directory Federation Services (AD FS) Servers.

    

About Windows Server 2016 Updates

Microsoft issues two major updates each month for Windows Server 2016, as outlined in the Patching with Windows Server 2016 blogpost.

On the second Tuesday of each month (Patch Tuesday) Microsoft issues a cumulative update that includes security and quality fixes for Windows Server 2016. Being cumulative, this update includes all the previously released security and quality fixes.

In the second half of each month (generally the 3rd week of the month) Microsoft releases a non-security / quality update for Windows Server 2016.  This update, too, is cumulative and includes all quality and security fixes shipped prior to this release.

    

Active Directory Domain Services

AccountName for EventID 7 appears Corrupted

The first AD DS fix addresses an issue in which the AccountName in the Event Log entry for the Microsoft-Windows-Kerberos-Key-Distribution-Center source and EventID 7 sometimes appears corrupted.

This event log entry is created when the security account manager (SAM) fails a Key Distribution Center (KDC) request in an unexpected way.

Promotion of a RODC fails

The second AD DS fix addresses an issue that causes the promotion of a Read-only Domain Controller (RODC) to fail. This might occur if application partitions are defined, but the DNS name resolution failed with the “Name error”. The errors are

While promoting Read-only Domain Controller, the expected state objects could not be found.

and

More data is available (error code 234).

   

Active Directory Federation Services

The fix for Active Directory Federation Services (AD FS) addresses interoperation issues between Active Directory Federation Services (AD FS) Extranet Smart Lockout (ESL) and Alternate Login ID.

When Alternate Login ID is enabled, calls to AD FS PowerShell cmdlets, Get-AdfsAccountActivity and Reset-AdfsAccountLockout, return the following error:

Account not found

When Set-AdfsAccountActivity is called, a new entry is added instead of editing an existing one.

Call to action

When you experience any one of these issues, you are invited to install Windows Server 2016’s October 2018’s Cumulative Quality Update (KB4462928) on your Active Directory Domain Controllers and Active Directory Federation Services (AD FS) Servers to resolve them.

Known Issues

After installing this update, installing Window Server 2019 Key Management Service (KMS) host keys (CSVLK) on Window Server 2016 KMS hosts does not work as expected.

0