This topic contains 1 reply, has 1 voice, and was last updated by
September 24, 2019 at 12:48 pm #179289ParticipantTopics: 27Replies: 28Points: 151Rank: Participant
I am working on a larger script to spin up new servers in VMWare for a customer. I have a function for adding the object to the correct OU in A.D. and, based on the type of server, adding it to the security filter on a GPO. The problem I am encountering is the GPOs all live in the parent domain, but occasionally the addition fails if the server is from the child domain. The object creation is straightforward and always works:
$Name = newServerName $sDomain = child.domain.com New-ADComputer -Name $Name -Server $sDomain -Path $sOU -Description $Description
The second piece, if the server meets the criteria, is something like this:
$oGPO = Get-GPO -Name $GPO -Domain "parent.domain.com" Set-GPPermissions -Name $oGPO.DisplayName -PermissionLevel GpoApply -TargetName $Name -TargetType Computer -DomainName $sDomain
About 90% of the time the addition to the GPO security filter fails. The error is: "The operation cannot be completed because "serverName$" is not a valid computer in the parent.domain.com domain". So it is looking for the computer object in the parent domain, not the child. However, if I run it again immediately, with the object now created in A.D., it always goes through just fine. I have attempted to add a sleep, or a while loop until Get-ADComputer returns the computer object, but the addition still fails. I also tried using the machine's FQDN, but the error comes back "serverName.child.domain.com$ is not a valid computer in the parent.domain.com domain" Just curious if there is something else I can try.
September 24, 2019 at 1:10 pm #179310ParticipantTopics: 27Replies: 28Points: 151Rank: Participant
I did confirm that if I create the computer object, then go through the rest of the server build script, then try to add it to the security filter, it works much more often. I would love to find a solution that doesn't require breaking up the function, however.
You must be logged in to reply to this topic.