Forum Discussion
Any potential problems with mixed OS versions for Active Directory PDC?
Harm_VeenstraThat is not all.
Standard in Windows is that if an AD server is on the newest (younger than the youngest) OS all traffic with authentication will go that way.
So best practice: AD servers should always be installed as a single service on a server.
(Not combine it with anything else)
Second be aware that when using multiple domains this can become an issue when communication between DC servers goes over a firewall!
So if you install a new AD server always check network traffic first!
And replace all AD servers beginning with the Primary AD as soon as possible.
Always install latest OS with compatible latest AD.
We have experienced issues with Windows Server 2019 when all DCs in our environment were not on the same CU. With one Server on CU 2023-11 and the rest still on 2023-10, we began seeing these errors and unexpected Server reboots impacting all DCs in our environment:
Log Name: System
Source: User32
Date: 11/20/2023 4:32:19 PM
Event ID: 1074
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: [redacted]
Description: The process wininit.exe has initiated the restart of computer [redacted] on behalf of user for the following reason: No title for this reason could be found
Reason Code: 0x50006
Shutdown Type: restart
Comment: The system process 'C:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073740791. The system will now shut down and restart.
This behavior was not stopped until all DCs were upgraded to the CU 2023-11.