Hello Daisy,
sorry for the delay. I was busy with this problem but I didn't find a solution yet. Please involve also your colleagues to analyze the problem and help us find a solution as soon as possible, since this problem is critical for us.
I answer you below point by point:
1)
Bsed on the description, VM19 is a member server in domain A.
Yes, I confirm that VM19, like VM17, is a member server in domain A.
2)
Or do we want to add a domain B user in Local User and Group on one DC into Users group in Local Users and Groups on VM19?
If we mean it is a domain B user in Local Users and Groups on one DC, this user is not exist.
Because once a member server is promoted to a domain controller it will no longer have local accounts. I mean when you install Active Directory, it removes any local accounts.
I well know the fact the once a member server is promoted to a domain controller it will no longer have local account. I well know when I install Active Directory, it removes any local accounts.
3)
Based on the description "if I try to add a domain B user in the local group of users", do we want to add a domain B user in domain B (not local user on any DC) into Users group in Local Users and Groups on VM19?
If we mean it is a domain B user, we can check if this user is exist.
I mean I want to add a domain B user in domain B (not local user on any DC) into Users group in Local Users and Groups on VM19.
I checked that this user exist, I did this check with many users and all of them exist.
The problem is that I successfully added domain B user in vm17
but I unsuccessfully added domain B user in vm19.
So my upgrade from TFS 2017 to DevOps 2019 is blocked because in DevOps 2019 I'm not able to add all domain B users (they are more than 100) that already succesfully used TFS 2017 for many months (these users are pm, programmers, testers etc.) .
Let me try again to schemately explain my environment and my problem. I have 4 virtual machines:
A) vm17 – windows server 2012 r2 configured in domain A (this is the vm that runs Team Foundation Server 2017 update 1 on premises)
B) vm19 - windows server 2016 configured in domain A (this is the vm that runs Azure DevOps Server 2019 update 1.1 on premises
C) domain A - windows server 2012 r2
D) domain B - windows server 2016 – this domain is exclusively used to manage users of TFS 2017 and DevOps 2019
Domain A and domain B are in trust each other (bidirectional, not transitive). Trust properly works.
Is the problem due to an incompatibility of schema level of domains A and B? If yes, now we cannot upgrade schema level of domains A because there are many critical applications that currently runs in this domain. So I hope that changing B) point above in B') as follows will resolve the problem
B') vm19 - windows server 2012 r2 configured in domain A (this is the vm that runs Azure DevOps Server 2019 update 1.1 on premises
Could you please confirm that incompatibility above described is the problem? Furthermore will B') resolve the problem? Otherwise, what could be the cause of the problem and its solution?