ISO, or forcing the installer into the WSUS catalog. After years of feedback, starting with Windows 10, and then with subsequently released Windows Server 2016, Microsoft changed the update process. ISO in WS2016, and that’s because it’s not used anymore.
Instead, Microsoft is updating the Hyper-V integration components in the guest OS via Windows Update.
Verify following revision attribute values from Active Directory and logs from domain controllers after Adprep commands: Install new W2016 Domain Controller When AD DS schema extension has been performed successfully new Windows Server 2016 domain controllers can be installed to environment.
There isn’t any significant changes when upgrading Active Directory Domain Services from Windows Server 2012 R2 to Windows Server 2016 level. Even Windows Server 2012 came with the feature that allows you to perform all necessary updates to AD DS schema directly from GUI I have always performed schema updates from command prompt manually, I really want to see what’s happening underneath the hood.Microsoft recommendation to perform schema updates back in the days was “offline” but they changed it several years ago from “offline” to “live”.The basic method was to use Hyper-V Connect to attach to each virtual machine, log in, and run an integration services update from VMguest. This manual task would require a maintenance window for each virtual machine.Because this was a manual task and introduced downtime, I suspect that many just decided to live without the updates, possibly falling out of support and becoming vulnerable to any otherwise-fixed security problems.Couple links below, first one is Best Practice for schema updates and second one is for getting report out of AD DS schema: Upgrade As I said I’m always performing schema updates manually from command line, old fashion way:) Adprep tool is found from W2016 media support\adprep path.
Commands below In production environment I’ll either disable replication before committing changes or perform update following Microsoft best practices (live option).
Schema update itself is straightforward and safe operation.
Keep in mind that operation itself is irreversible so only option to rollback to earlier state is forest recovery.
Reason for this is that when administrators disabled replication from Domain Controllers during schema update they forgot to enable it again and it caused lots of tickets to Premier Support.
In general you have two options, go live and trust your disaster recovery plans or perform schema update by disabling replication.
If you are running any of the below in the guest OS, then Windows Update will work without anything special being done: You might notice that Vista is listed above but I excluded Windows Server 2008 (W2008).