On one of my DCs I also have one instance of ADLDS running. As I have a second DC running, I wanted to also install an ADLDS replica instance of the configuration set running on the first DC. The servers are running W2K12R2 and the FFL of the configuration set is W2K12R2 (level 6).
–
I used a scripted installation of the replica instance and it ended up with the following error
Figure 1: Error Message About The Level Of The Operating System Not Matching The Level Of The Configuration Set
–
To see if there would be any different or additional information I tried the manual setup, but it ended with the following error
Figure 2: Error Message About The Level Of The Operating System Not Matching The Level Of The Configuration Set
–
Looking at the error it might even look like a permission error as it mentions not being able to create the NTDS Settings object. However, when you look at the ADLDS Instance Event Log of the existing ADLDS instance that is being used as the replication source, you will see that apparently the new ADLDS replica instance running W2K12R2 presents itself as a W2K8R2 server (level 4).
Figure 3: Error About OS Level Not Matching The Required Level Of The Configuration Set
–
This looks like a bug!
–
The solution (make sure to provide the ADLDS host and Ldap port!):
- View the current level of the Configuration Set
Get-ADObject -Server <ADLDS Host>:<ADLDS LDAP Port> -SearchBase $("CN=Partitions," + (Get-ADRootDse -Server <ADLDS Host>:<ADLDS LDAP Port>).ConfigurationNamingContext) -SearchScope Base -Filter * -Properties "msDS-Behavior-Version" | FL
- Lower the Configuration Set Level to level 4
Set-ADObject -Server <ADLDS Host>:<ADLDS LDAP Port> -Identity $("CN=Partitions," + (Get-ADRootDse -Server <ADLDS Host>:<ADLDS LDAP Port>).ConfigurationNamingContext) -Replace @{"msDS-Behavior-Version"=4}
- Add the new replica instance
Figure 4: Installing The New ADLDS Replica Instance While The Level Is Set To 4
–
- If you try to increase the Configuration Set Level to level 6 again, you will seeā¦.
Set-ADObject -Server <ADLDS Host>:<ADLDS LDAP Port> -Identity $("CN=Partitions," + (Get-ADRootDse -Server <ADLDS Host>:<ADLDS LDAP Port>).ConfigurationNamingContext) -Replace @{"msDS-Behavior-Version"=6}
Figure 5: Error When Trying To Increase The Level Again After Installing The New ADLDS Replica Instance
–
UPDATE 2016-12-03: This issue does not exist in Windows Server 2016 where you will be able to increase the configuration set level to level 7
–
Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————
Jorge's Quest For Knowledge! 
