Hi, I already described this problem in another microsoft community and they suggest me to ask for this problem in this community. Follows a description of the problem.
In our data center we used following domains: A, C, D, and E. We succesfully used these domains with many applications for many years. Each domain is managed by a windows server 2012 r2 with AD schema level of Windows 2012 R2 functionality. Furthermore these domains are all trusted each other.
Team Fondation Server 2017 update 1 is installed in a virtual machine that we call "VM17". This vm is a windows server 2012 r2 in domain A (service account of TFS is a user of domain A, service account is properly configured as A domain controller, log on as a service etc.). We succesfully used TFS 2017 for many months.
Azure DevOps Server 2019 update 1.1 is installed in a virtual machine that we call "VM19". This vm is a windows server 2016 in domain A (service account od DevOps is a user of domain A, service account is properly configured as A domain controller, log on as a service etc.).
Domain B is a "new" domain specifically setup for managing users of TFS/DevOps. Domain B is managed by a windows server 2016with AD schema level of Windows 2016 functionality. Domain B is trusted with domains A, B, C and E.
The trust between domain B and all other domains properly works. The proof is that if in virtual machine VM17, by TFS web interface, I succesfully added more than 100 TFS users from domain B. Furthermore, both by virtual machine VM17 and VM19 if I succesfully shared a folder with full control with a domain B user.
Now we want to upgrade from TFS 2017 update 1 to Azure DevOps Server 2019 update 1.1. To do this we already installed DevOps 2019 on the virtual machine VM19 and then we'll move the collection (as described here https://docs.microsoft.com/en-us/azure/devops/server/admin/move-project-collection?view=azure-devops-2019)
VM19 in installed in domain A. DevOps 2019 service account is a admin domain A user. The problem is that from DevOps 2019 web interface I'm able to see users of domain B but when I try to add them I obtain "Unable to find Windows identity for" (see point 7 above for details on message error). Obviously we want to reuse in DevOps 2019 all 100 domain B users we already succesfully used with TFS 2017.
Furthermore in VM19 if I try to add a domain B user in the local group of users I obtain following error

So the problem not seems due to exclusively Azure DevOps 2019 but rather to an incompatibility between:
1) domain A managed by windows server 2012 r2 with AD schema level of Windows 2012 R2 functionality
2) domain B managed by windows server 2016 with AD schema level of Windows 2016 functionality (domain used specifically to manage TFS/DevOps users)
3) windows server 2016 in which is installed Azure DevOps Server 2019 in domain A
Is the problem due to an incompatibility of schema level of domains A and B? If yes, now we cannot upgrade schema level of domains A, C, D and E because there are many critical applications that currently runs in these domains. So I hope that changing 3) point above as follows will resolve the problem
3') windows server 2012 r2 in which we will install Azure DevOps Server 2019 in domain A
Could you please confirm that incompatibility above described is the problem? Furthermore will 3') resolve the problem?

