Trouble adding computer object to GPO security filter

Welcome Forums General PowerShell Q&A Trouble adding computer object to GPO security filter

Viewing 1 reply thread
  • Author
    Posts
    • #179289
      Participant
      Topics: 28
      Replies: 28
      Points: 163
      Rank: Participant

      I am working on a larger script to spin up new servers in VMWare for a customer. I have a function for adding the object to the correct OU in A.D. and, based on the type of server, adding it to the security filter on a GPO. The problem I am encountering is the GPOs all live in the parent domain, but occasionally the addition fails if the server is from the child domain. The object creation is straightforward and always works:

      $Name = newServerName
      $sDomain = child.domain.com
      New-ADComputer -Name $Name -Server $sDomain -Path $sOU -Description $Description
      

      The second piece, if the server meets the criteria, is something like this:

      $oGPO = Get-GPO -Name $GPO -Domain "parent.domain.com"
      Set-GPPermissions -Name $oGPO.DisplayName -PermissionLevel GpoApply -TargetName $Name -TargetType Computer -DomainName $sDomain
      

      About 90% of the time the addition to the GPO security filter fails. The error is: "The operation cannot be completed because "serverName$" is not a valid computer in the parent.domain.com domain". So it is looking for the computer object in the parent domain, not the child. However, if I run it again immediately, with the object now created in A.D., it always goes through just fine. I have attempted to add a sleep, or a while loop until Get-ADComputer returns the computer object, but the addition still fails. I also tried using the machine's FQDN, but the error comes back "serverName.child.domain.com$ is not a valid computer in the parent.domain.com domain" Just curious if there is something else I can try.

    • #179310
      Participant
      Topics: 28
      Replies: 28
      Points: 163
      Rank: Participant

      I did confirm that if I create the computer object, then go through the rest of the server build script, then try to add it to the security filter, it works much more often. I would love to find a solution that doesn't require breaking up the function, however.

Viewing 1 reply thread
  • The topic ‘Trouble adding computer object to GPO security filter’ is closed to new replies.