March 2019 Update Broke Netdom.exe

EDIT: The April Monthly Rollup appears to resolve this issue (KB4493472).

Symptoms

Previous to the update, which was released on the March 2019 “Patch Tuesday”, one could run “netdom query fsmo” to determine which server held the roles:

  • Schema master
  • Domain naming master
  • PDC
  • RID pool master
  • Infrastructure master

However, now, when you run “netdom query fsmo” you simply return “The command failed to complete successfully”. This appears to only affect servers running 2008 era Windows Server.

Error

The 89KB “netdom.exe” application was replaced in the patch with a new copy, dated 02/21/2019. This replaces the original copy from 07/13/2009.

Solution

Restore from a backup. I was able to pull the original 2009 version from Windows Server Backup and, after taking ownership of the new netdom.exe file in “C:\Windows\System32”, rename and paste in the 2009 version.

This resolved the issue of being able to execute “netdom query fsmo”, but it is also interesting to note that the file will not execute unless it exists in System32.

Don’t have WSB?

I was also able to find copies of both files in winsxs using the following PowerShell command:

Get-ChildItem -Path "C:\Windows\winsxs" -Filter "netdom.exe" -Recurse

Disclaimer: As a human, I will inevitably make mistakes and get things wrong. If you  notice an error, or have a better solution, please let me know!