What’s new in Active Directory 2019? Nothing.

OK, so there is not precisely "nothing" new in AD 2019, but as a management summary it will do.

Before you read on I would like to make it perfectly clear that:

  1. This information is not official in any way.
  2. All information here is based on public information.

I had a look in our documentation for new functionality in Active Directory and I found ... nothing. So I dug around a bit and started with the updates to the schema because new Active Directory features generally require a schema update. And yes, there is indeed an update. There is just one new file called sch87.ldf which adds just one new attribute called msDS-preferredDataLocation and raises the schema version to 88.

The new attribute is associated with users, groups and contacts. It is documented on MSDN which indeed says that it's a post-2016 update. What does it do? My best guess is that it is related to Azure Active Directory which also has this attribute. That's all I could find for now. Update 12/2/2018: see the comments for some useful discussion.

Another good question would be: are there new forest or domain functional levels? And the answer is, for the first time: no. The highest functional level offered by dcpromo and other GUI tooling is "Windows Server 2016".

That's interesting. In all earlier versions of Active Directory you could use the Domain Functional to make sure you could not install DCs with earlier operating systems. Because there is no functional level for Windows Server 2019 you cannot enforce using Windows Server 2019 DCs only. At best you could enforce a mix of 2016 and 2019.

Other than that I am aware of some bug fixes and internal optimizations, but that's about it. I guess that the good news is that Active Directory backwards compatibility with Windows Server 2016 will be very good. Any application or device that works with Windows Server 2016 should have no problem with Windows Server 2019.

As usual, "working" and "supported" are very different concepts, so keep that in mind. In particular Exchange and Lync (sorry, Skype for Business) are famous for being very strict with supporting new Active Directory versions.

So, summarizing, what new stuff do we have for Active Directory 2019 compared to Active Directory 2016?

  1. one new attribute with an as-yet unknown function.
  2. no new functional levels, which is a first.
  3. Backwards compatibility should be better than ever.

Almost nothing 😃

Update 12/2/2018: one of the "internal optimizations" that I was aware of is an improvement in handling the Version Store, which is a memory buffer needed to handle database transactions. If you run out of space here, bad things happen such as the DC stopping to respond. My colleague Ryan Ries has now written a really (really) extensive blog on this improvement: Deep Dive: Active Directory ESE Version Store Changes in Server 2019. Considering that he wrote the code himself he deserves a little indulgence here.

Comments (13)
  1. Marco Mangiante says:

    Interesting. We are slowly upgrading our very old w2k3 dcs to wk16, so I think I’ll give a try into my lab environment..I only have to remember to enable smb protocol v1 and then at the end disable it.
    Maybe there is no update so to align with AAD? Or worse (or better, it depends) Microsoft started to slowly give more attention and resources to AAD and make AD on the way of EOL?

    1. yes, SMB1… to my surprise it was not removed from Windows Server 2019 (at least not in the current preview) so your scenario might actually work.

      1. Marco Mangiante says:

        I suppose the Windows Server 2003 installed base, even now that are 3 years that there is no support, is quite big: maybe they have thought to make less difficult the upgrade path with one step (w2k3 ad -> w2k9 ad) and not a 2 steps for example (w2k3 ad -> w2k16 ad -> w2k9 ad).
        Obvioulsy, I haven’t until now tested the previous said scenario.

      2. Marco Mangiante says:

        Tested it: I tried to add with powershell a domain controller with Windows Server 2019 on a Windows Server 2003 R2 Active Directory and what I have obtained is the error:
        Install-ADDSDomainController : Verification of prerequisites for Domain Controller promotion failed. The forest
        functional level is not supported. To install a Windows Server 2019 domain or domain controller, the forest functional
        level must be Windows Server 2008 or higher.
        At line:1 char:1
        + Install-ADDSDomainController -CreateDnsDelegation:$false -InstallDns: …
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : NotSpecified: (:) [Install-ADDSDomainController], TestFailedException
        + FullyQualifiedErrorId : Test.VerifyDcPromoCore.DCPromo.General.99,Microsoft.DirectoryServices.Deployment.PowerSh

        1. Right… makes sense with 2003 so long out of support. Thanks for checking!

          1. Marco Mangiante says:

            Yes Willem,

            I thought the same. So there is something new 😉

  2. Dave Stork says:

    PreferredDataLocation is very likely related to the multi-geo capabilities of Exchange Online/Office 365, see here for more info: https://docs.microsoft.com/en-us/office365/enterprise/multi-geo-capabilities-in-exchange-online

    (not sure my first comment got through so sorry for double post if it did go through)

  3. David Taylor says:

    I’m hoping 2019 will ship with a lot less backwards compatibility support. Deprecated code, ancient ciphers, all of that should be banished. – David T. (MSFT Alumni, Former PFE)

    1. And not least the Active Directory dependency on the NetBIOS over TCP/IP, without which it is impossible to join a computer!

      1. That’s not quite right, Leone. We need SMB, but you can do without NetBIOS. I know very large companies running in this mode.

  4. Chris says:

    Sounds to me that Active Directory is a “done” product. Which I’ve felt like since at least Windows 2012.

  5. “As usual, “working” and “supported” are very different concepts.” – staight into the spot!

  6. richpec says:

    FYI: sch88.ldf not sch87.ldf

Comments are closed.

Skip to main content