Targetting Get-ACL to a specific domain controller

Welcome Forums General PowerShell Q&A Targetting Get-ACL to a specific domain controller

This topic contains 3 replies, has 3 voices, and was last updated by

3 months, 2 weeks ago.

  • Author
  • #110462

    Points: 1
    Rank: Member


    I have a script that creates various OU, security groups, GPO's and then ties them together by linking the GPO's and doing some access right delegation on the OU's and GPO's.

    My problem is (I think) with AD replication.

    I create a new OU using this command:

    $NewOUDN = "OU=Security Groups,OU=Region,DC=domain,DC=com"
    $FirstDNPart = $NewOUDN.Split(",")[0].substring(3)
    $LastDNPart = $NewOUDN.Split(",",2)[1]
    New-ADOrganizationalUnit -Name "$FirstDNPart" -Path "$LastDNPart" -ProtectedFromAccidentalDeletion $True -Server $TargetDC -Description "$NewOUDescription"

    So far, so good. Then I want to configure some ACE's. That starts with getting the current ACL list so I run:

    $acl = Get-ACL -Path $NewOUDN

    The $TargetDC variable will usually not be the same as the logon server my workstation is connected to, so 'usually' ( always) I get this error message:
    Get-ACL : Cannot find path 'OU=Security Groups, OU=Region,DC=domain,DC=com' because it does not exist.

    Ideally I would use -Server $TargetDC with the Get-ACL cmdlet, but that switch is not supported.

    How do I know which domain controller the Get-ACL cmdlet is using?
    How can I make sure the Get-ACL cmdlet is using a specific domain controller?

    Any help/suggestions is appreciated.


  • #110494

    Points: 261
    Helping Hand
    Rank: Contributor

    Just an idea ... if you want to make sure the cmdlets run on a particular server you could use remoting to run the cmdlets on that server.

    • #110636

      Points: 1
      Rank: Member

      Good suggestion!
      I'm going to try that next week.


  • #110495

    Points: 878
    Helping Hand
    Rank: Major Contributor

The topic ‘Targetting Get-ACL to a specific domain controller’ is closed to new replies.