With most ActiveDirectory
commands, you can add a parameter: -server
. This parameter has proven to be extremely useful to me, since where I am working seems to have some kind of slow updating system, and when I don't only use one of the servers, my programs can lag and completely bug.
I'm also trying to modify the ACL of a folder. To do this, I have a function that takes the -PassThru
of a New-ADGroup
command, and then pipes this into a custom function.
The custom function creates and returns new AccessRules
(which are added to array $AccessRules
), which are then added to an $acl
variable:
$AccessRules |
%{$acl.AddAccessRule($_)}
This inconsistently returns errors: Sometimes, it runs smoothly, but other times, it returns the classic "Some or all identity references could not be translated". I am 90% sure this comes from the fact that it is not checking the right server, because even between
Get-ADGroup -filter {name -eq "[group name]"}
and
Get-ADGroup -filter {name -eq "[group name]"} -Server [server name/address]
I only get results for the second.
Is there a way I could add a similar -Server
Parameter to something like .AddAccessRule()
? Perhaps a slightly different method?
You can use a neat trick specified in this answer. You create a New-PSDrive
to your AD using a certain server, then you call cd
or set-location
to that drive, voila, any .NET functions called (and any cmdlets that are not otherwise redirected to a different server) will use that server to process the requests, resolve AD entities into SIDs, etc, without you waiting for AD replication.