Active directory 2019 - ADC

bala198222 41 Reputation points
2020-09-08T12:49:33.877+00:00

currently i'm having windows 2012 domain controller and when promoting the additional domain controller in windows 2019.

In the DCPROMO logs i'm getting error message

Error - Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration,DC= ??,DC=com from the remote Active Directory Domain Controller . (123)
EVENTLOG (Error): NTDS General / Internal Processing : 1168
Internal error: An Active Directory Domain Services error has occurred.

DCdiag Error:

Active Directory LDAP Services Check
The host b47fe834-4a2e-4464-a79e-042359eb3e79._msdcs.???.com

     could not be resolved to an IP address. Check the DNS server, DHCP,

     server name, etc.

     Got error while checking LDAP and RPC connectivity. Please check your

     firewall settings.

     ......................... ?? failed test Connectivity
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,479 questions
0 comments
Accepted answer
  1. Dave Patrick 426.1K Reputation points MVP
    2020-09-09T14:23:06.53+00:00

    On Jupiter remove the invalid DNS 192.168.1.1, 202.83.21.12, 202.83.20.101 then do ipconfig /flushdns, ipconfig /registerdns, restart the netlogon service. Domain controller and members must have the static ip address of DC listed for DNS and no others such as router or public DNS. I did not look at other files since this is a show stopper. If problems persist then put up a new set of files to look at.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2020-09-08T12:51:47.727+00:00

    The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    Please run;

    Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
    repadmin /showrepl >C:\repl.txt
    ipconfig /all > C:\dc1.txt
    ipconfig /all > C:\dc2.txt
    (etc. as other DC's exist)

    then put unzipped text files up on OneDrive and share a link.

    Dcdiag /skip:systemlog /v /c /d /e /s:%computername% >c:\dcdiag.log

  2. Stephanie Yu 396 Reputation points
    2020-09-09T03:32:16.39+00:00

    Hello @bala198222 ,

    Thank you for posting here.

    Here are the answers for our questions:

    1. Before we add 2019 DC into existing domain, we should ensure: The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.
    2. Before we do any change in existing AD domain environment, we had better do:
      1. Check if AD environment is healthy. Check all DCs in this domain is working fine by running Dcdiag /v. Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum.
      2. back up all domain controllers.
    3. Check both SYSVOL folder and Netlogon folder are shared by running net share on each DC.
    4. Check we can update gpupdate /force on each DC successfully.

    After we ensure forest function level is 2008 and SYSVOL replication is DFSR replication type, we can add one Windows server 2019 to the existing domain and promote is as a domain controller.

    1. Join a new Windows server 2019 to existing domain
      23374-image.png
    2. Install AD DS role and DNS role on this Windows server 2019 and promote this server as a DC (as a GC).
    3. Check if AD environment is healthy again. Check all DCs in this domain is working fine by running Dcdiag /v. Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum.

    References:
    Forest and Domain Functional Levels
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels

    Migrating FRS to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    Hope the information above is helpful. And look forward to your update of this issue. If anything is unclear, please feel free to let us know.

    Best Regards,
    Stephanie Yu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments