Problems with newly promoted domoin controller

Janus Bariñan 1,101 Reputation points
2021-12-07T07:57:58.047+00:00

Newly promoted DC get's the following error in event viewer

Event ID 1203

The directory service could not replicate the following object from the source directory service at the following network address because of an Active Directory Domain Services schema mismatch. 

Object:
CN=Computers,DC=domain,DC=com 
Network address:
f9565ef1-5413-43a7-9fbc-8d4b02349e0b._msdcs.domain.com 

Active Directory Domain Services will attempt to synchronize the schema before attempting to synchronize the following directory partition. 
Directory partition:
DC=domain,DC=com

It is first show with event id 1791

    Replication of application directory partition DC=domain,DC=com from source f9565ef1-5413-43a7-9fbc-8d4b02349e0b (VMADDAPD20.domain.com) has been aborted. Replication requires consistent schema but last attempt to synchronize the schema had failed. It is crucial that schema replication functions properly. See previous errors for more diagnostics. If this issue persists, please contact Microsoft Product Support Services for assistance. Error 8418: The replication operation failed because of a schema mismatch between the servers involved..

When running repadmin /replsum replication is all good.

When running the DNS console it says that the server is not a DNS server.

No sysvol and netlogon folders

what's with event 1203 pertaining to this container? Seems it has a problem when it comes to replication the computers ou.
CN=Computers,DC=domain,DC=com

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,667 questions
0 comments No comments
{count} votes

Accepted answer
  1. Janus Bariñan 1,101 Reputation points
    2021-12-11T02:47:26.77+00:00

    Hi,

    Was able to fix the problem. Turns out the size of the ACL when checking the security descriptor is greater than 64KB. After reducing the size was able to successfully do the promotion and replication of the new DC.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Dave Patrick 426K Reputation points MVP
    2021-12-07T14:01:48.447+00:00

    What operating systems are used? Read on here.
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/schema-mismatch-error-ad-installation-wizard-dcpromo

    and here for the missing sysvol / netlogon (assuming FRS)
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/missing-sysvol-and-netlogon-shares

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  2. Dave Patrick 426K Reputation points MVP
    2021-12-08T00:40:07.4+00:00

    A single DC, sounds good then, for the second issue this one will be more appropriate.
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-missing-sysvol-and-netlogon-shares

    --please don't forget to upvote and Accept as answer if the reply is helpful--