I have a script that creates a directory and a group in Active Directory. Only users in the group will have access to the directory. Most of the time it works just fine without any problems, but sometimes I get an Exception and I don't know why. Any ideas what the problem is?
My code:
[...]
New-ADGroup -Server $adserver -Path $adpath -Description $description -Name $groupname -GroupScope DomainLocal -GroupCategory Security
New-Item -Path $dirpath -Name "$dirname" -ItemType "directory"
Start-Sleep -s 30 #wait to make sure directory is created
$dp = "$dirpath\$dirname"
$Acl = Get-Acl $dp
#fileradmingroup
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($admingroup,"FullControl","ContainerInherit,ObjectInherit","None","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl $dp $Acl
#remove inherited permissions
$Acl.SetAccessRuleProtection($true,$false)
Set-Acl -Path $dp -AclObject
#new created group $groupname
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($groupname,"DeleteSubdirectoriesAndFiles, Write, ReadAndExecute, Synchronize","ContainerInherit,ObjectInherit","None","Allow")
$Acl.SetAccessRule($Ar) #this is the line where the exception occurs
Set-Acl $dp $Acl
[...]
And here is the Exception:
Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity
references could not be translated."
At L:\Skripte\Skript2.ps1:178 char:9
+ $Acl.SetAccessRule($Ar)
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException