xPendingReboot: Domain Controller Reboots During Windows Update

[ronhowe]

I'm looking from some community guidance.

We have the following DSC to configure a node as an Active Directory domain controller and reboot it to complete the promotion.

# Configures Active Directory.
xADDomain "ConfigureActiveDirectory" {
    DomainName                    = Resolve-DscConfigurationProperty -Node $Node -PropertyName "DomainSettings\DomainName"
    DomainAdministratorCredential = $script:ConfigurationData.Credentials[$DomainAdministratorUserAccountKey]
    SafemodeAdministratorPassword = $script:ConfigurationData.Credentials[$DomainAdministratorUserAccountKey]
    DatabasePath                  = Resolve-DscConfigurationProperty -Node $Node -PropertyName "ManagementPrimaryDomainServerSettings\NtdsDatabasePath"
    LogPath                       = Resolve-DscConfigurationProperty -Node $Node -PropertyName "ManagementPrimaryDomainServerSettings\NtdsLogPath"
    SysvolPath                    = Resolve-DscConfigurationProperty -Node $Node -PropertyName "ManagementPrimaryDomainServerSettings\SysvolPath"
    DependsOn                     = "[Disk]FormatEDrive", "[WindowsFeature]InstallActiveDirectoryServices"
}

# Reboots the node after configuring Active Directory in order
# to complete promotion as a domain controller.
xPendingReboot "RebootAfterPromotion" {
    Name              = "RebootAfterPromotion"
    SkipWindowsUpdate = $true
    DependsOn         = "[xADDomain]ConfigureActiveDirectory"
}

This is all well and good and works great until we perform monthly patching through Windows Update. As the patches are installed, the Component Based Servicing check becomes $true which results in DSC rebooting while the patches are installed. Here is the value of the resource while Windows Update is installing.

ConfigurationName           : IdiConfiguration
DependsOn                   : {[xADDomain]ConfigureActiveDirectory}
ModuleName                  : xPendingReboot
ModuleVersion               : 0.4.0
PsDscRunAsCredential        :
ResourceId                  : [xPendingReboot]RebootAfterPromotion
SourceInfo                  :
CcmClientSDK                : False
ComponentBasedServicing     : True
Name                        : RebootAfterPromotion
PendingComputerRename       : False
PendingFileRename           : False
SkipCcmClientSDK            :
SkipComponentBasedServicing :
SkipPendingComputerRename   :
SkipPendingFileRename       :
SkipWindowsUpdate           :
WindowsUpdate               : False
PSComputerName              :
CimClassName                : MSFT_xPendingReboot

I know there is the $SkipComponentBasedServicing flag that I could set that would likely fix the reboots during patching, but I'm wondering if that might also result in the server not rebooting when it is being promoted as a domain controller.

We are using xPendingReboot 0.4.0.0 on Windows PowerShell 5.1 running on Windows Server 2016 x64.

Any help or advice is appreciated.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity from the community in the last 30 days. It will be closed if no further activity occurs within 10 days. If the issue is labelled with any of the work labels (e.g bug, enhancement, documentation, or tests) then the issue will not auto-close.

[stale[bot]]

This issue has been automatically closed because it is has not had activity from the community in the last 40 days.