powershell - Setting Permissions for a user who hasn't propagated yet -

-

i'm trying set permissions folder in powershell. problem setting these permissions on active directory account created on 1 of our head domain controllers. since account brand new, hasn't propagated down of our local dcs yet. causing problem me, since trying set folder allow user have modify access , powershell tossing "some or identity references not translated." error when try call setaccessrule on folder's acl. example code shown below.

#i'm setting more details account, abbreviated #the command make little more readable new-aduser -name "testy testerson" -server master-dc.domain.ca  $directorylocation = '\\fileserver\somedirectory'  new-item "filesystem::$directorylocation" -itemtype directory  $aclneedingmodification = get-acl "filesystem::$directorylocation"  $newaclrule = new-object system.security.accesscontrol.filesystemaccessrule('domain\testy testerson', 'modify', 'allow')  $aclneedingmodification.setaccessrule($newaclrule) #error occurs here  set-acl "filesystem::$directorylocation" $aclneedingmodification

now, guess hodgepodge solution using sid of user instead , jamming in , waiting propagation complete link. being said, i'd vastly prefer find way allow me tell setaccessrule method @ specific dc, similar ad commands. documentation setaccessrule pretty sparse on how resolution occurs, wondering if on here had better way accomplish i'm trying do.

thanks bunch looking!

take @ powershell: script failing because ad objects have not replicated enough. i'm having same problem , i'll try figure out on next few days. if find useful, i'll update answer. http://ss64.com/ps/set-addomainmode.html may useful i'm not sure yet.

edit: wrote cmdlet waits ad object propagate domain controllers.

<# .synopsis     wait ad object propagate domain controllers.  .description     cmdlet enumerates domain controllers in current domain ,     polls each 1 in turn until specified object exists on each one. if     object doesn't propagate inside timeout time span,     cmdlet throw system.timeoutexception.  .parameter ldapfilter     ldap filter used locate object.  .parameter timeout     time span command should wait before timing out.  .notes     author: alex barbur <alex@barbur.net> #> function wait-adobject {     [cmdletbinding(supportsshouldprocess=$true)]     param     (     [parameter(mandatory=$true)]     [string]$ldapfilter,     [timespan]$timeout = '00:00:30'     )      # calculate when should stop     $stop = $(get-date) + $timeout     write-verbose "will check until $stop"      # iterate through domain controllers     $domain = get-addomain     foreach ($server in $domain.replicadirectoryservers)     {         # wait object replicate         write-verbose "checking $server"          $object = $null         while($object -eq $null)         {             # check if we've timed out             $left = new-timespan $(get-date) $stop             if($left.totalseconds -lt 0)             {                 # timeout                 throw [system.timeoutexception]"object propagation has timed out."             }              # wait bit , check again             start-sleep -milliseconds 250             $object = get-adobject -ldapfilter $ldapfilter -server $server         }     } }

and can use this.

import-module activedirectory new-aduser -samaccountname 'doe.1' wait-adobject -ldapfilter '(samaccountname=doe.1)'

hopefully it's useful someone.


Comments

Post a Comment

Popular posts from this blog

c++ - Creating new partition disk winapi -

-
i'am trying create new partition , mount volume new, thought createfile let me this, code : lpctstr lpfilename=l"\\\\.\\device\\harddisk0\\partition3"; handle handl=createfile( lpfilename, generic_read | generic_write, file_share_read | file_share_write, null, create_always, file_attribute_normal, null ); if (handl==invalid_handle_value) { qdebug()<<"handl invalid"<<" error"<<getlasterror();} bool success = definedosdevice(ddd_raw_target_path,l"i:",l"\\device\\harddisk0\\partition3"); if(!success) qdebug()<<" definedosdevice failed "<<getlasterror(); bflag = getvolumenameforvolumemountpoint( l"i:\\", // input volume mount point or directory /** u in dir
Read more

Android Prevent Bluetooth Pairing Dialog -

-
i'm developing internal application uses bluetooth printing. want bluetooth pairing occur without user input. have managed working trapping android.bluetooth.device.action.pairing_request broadcast. in broadcast receiver call setpin method, , pairing works ok, bluetoothpairingdialog displayed second or two, disappears - see link below. https://github.com/android/platform_packages_apps_settings/blob/master/src/com/android/settings/bluetooth/bluetoothpairingdialog.java since broadcast non-ordered, can't call abortbroadcast() , , wondering if there other way prevent pairing dialog appearing. can hook window manager in way? i haven't been able come way without modifying sdk. if you're oem, it's easy (i'm on 4.3): in packages/apps/settings/androidmanifest.xml, comment intent filter pairing dialog: <activity android:name=".bluetooth.bluetoothpairingdialog" android:label="@string/bluetooth_pairing_request"
Read more

VBA function to include CDATA -

-
i have following function include cdata: function cdatasection() dim objdom domdocument dim objkmlrootelement ikmldomelement dim objkmlelement ikmldomelement dim cdata ikmldomcdatasection set objdom = new domdocument set objkmlrootelement = objdom.createelement("balloonstyle") objdom.appendchild objkmlrootelement set objkmlelement = objdom.createelement("text") objkmlrootelement.appendchild objkmlelement set cdata = objdom.createcdatasection("text") cdata.data = "<![cdata[<b>latitude = $[latitude]</b>?]]>;" end function when run above, getting error "user defined data type not found" function. yes ripster says find library reference. vba window tools>references for list of relevant references see... http://msdn.microsoft.com/en-us/library/windows/desktop/ms763701%28v=vs.85%29.aspx however, if have hard time tracking down reference, replace dim sta
Read more