Feb 27 2022 07:26 PM
Hi,
I have patched my AD server (Windows Server 2012 Standard) with January 2022 patch on the AD server and it caused the AD server unable to modify the AD object such as disable a user account and it will prompt to auto-reboot on the server with an error code 255. I have found the issue and uninstalled back the two patches (Security Update 5009619 & Security Only update KB5008255). So far, AD is working normally.
My questions are related to the next patch, is it recommended for me to go run Cumulative Updates for the latest patches rather than pick on the Security Only Updates? Because my experience during applying Security Only updates had caused the AD issue on the AD object.
Thanks.
Feb 28 2022 06:26 AM - edited Feb 28 2022 08:18 AM
The Jan 11th updates KB5009619 KB5009586 were the cause of all the disruption. The out-of-band KB5010797 was the fix for this. You can then install the latest KB5010412 or KB5010392. One issue with the security only updates is that they're not cumulative and are more difficult to track.
Mar 02 2022 08:10 PM
@Dave Patrick Hi Dave. Noted on your remarks. However, if I already uninstalled both KB that caused the issue, should I still install the out-of-band security update and also the Servicing Stack Updates (5001401)? Or is it advisable for me to use the latest Microsoft Update to patch my AD?
Mar 03 2022 06:39 AM
Not clear if you follow the security-only path or the monthly rollup path? If the former, then I'd install the out-of-band KB5010797 followed by the KB5010412. Otherwise, you could simply install the latest monthly rollup KB5010392