If you ever encounter an error while trying to create a new domain within a forest saying, “The replication operation encountered a database error,” it makes you sweat a bit. Your brain tells you it will be a nightmare to fix, do I have proper backups to make it happen, and the question “why now” shows up.
Of course, one should not panic and try to check what's wrong. In those cases, I usually run Testimo to quickly check relevant tests. While Testimo has more than 70 tests that can help you secure your environment it also is great for debugging or doing quick checks. It can save you a lot of time than trying to go thru your environment manually.
invoke-testimo -Sources DCDFS, DCServices, ForestReplication,DCDiagnostics, DomainLDAP
Within a few minutes, I got a full report that everything is mostly ok. Sure there are some small problems, but generally, replication works, services are up and running, dcdiag doesn't report anything major, and SYSVOL/DFS is mostly ok. In addition, I check some event logs, but nothing really stands out.
Having everything shown as green is great, but still, the issue was there and I couldn't add a new Domain to a Forest. Then it hit me – what is the current patch level of this machine. There it was November 2021 patch installed. The system is up to date, but actually, as you should already be aware that Cummulative Update has a single flaw, where it breaks Kerberos so if the patch is applied to Domain Controller it requires another update to be installed.
While the patch notes don't mention anything related to DB corruption or about blocking the ability to add a new Active Directory Domain to a forest, it seems that November 2021 Windows patches also impact this functionality and can give you a heart attack in the process while doing this on production so if you have Active Directory Database Error make sure to verify your patching level.
This post was last modified on November 28, 2021 15:42
Active Directory replication is a critical process that ensures the consistent and up-to-date state of…
Hey there! Today, I wanted to introduce you to one of the small but excellent…
Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…
In today's digital age, the ability to create compelling and informative HTML reports and documents…
As part of my daily development, I create lots of code that I subsequently comment…
Today I saw an article from Christian Ritter, "PowerShell: Creating an "empty" PSCustomObject" on X…
