You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Details of the scenario you tried and the problem that is occurring
When using ADObjectPermissionEntry to configure an ACL on a Path that requires escaping (comma, backslash, hash, plus etc), the command fails with 'The object name has bad syntax'
Verbose logs showing the problem
PowerShell DSC resource MSFT_ADObjectPermissionEntry failed to execute Test-TargetResource functionality with error message: The object name has bad syntax
Under ActiveDirectoryDsc/source/DSCResources/MSFT_ADObjectPermissionEntry/MSFT_ADObjectPermissionEntry.psm1, the two Get-ACL commands (line 87, 213) and the Set-ACL command later on should have: Get-Acl -Path "AD:$Path"
replaced with:
'Get-Acl -Path "Microsoft.ActiveDirectory.Management.dll\ActiveDirectory:://RootDSE/$Path"`
Details of the scenario you tried and the problem that is occurring
When using ADObjectPermissionEntry to configure an ACL on a Path that requires escaping (comma, backslash, hash, plus etc), the command fails with 'The object name has bad syntax'
Verbose logs showing the problem
PowerShell DSC resource MSFT_ADObjectPermissionEntry failed to execute Test-TargetResource functionality with error message: The object name has bad syntax
Suggested solution to the issue
Appears to be a known error in Get-ACL when using the AD PSDrive provider since 1809: https://www.reddit.com/r/PowerShell/comments/ce4f2x/getacl_on_ad_object_bug_in_1809/eu08hae/
Under ActiveDirectoryDsc/source/DSCResources/MSFT_ADObjectPermissionEntry/MSFT_ADObjectPermissionEntry.psm1, the two Get-ACL commands (line 87, 213) and the Set-ACL command later on should have:
Get-Acl -Path "AD:$Path"
replaced with:
'Get-Acl -Path "Microsoft.ActiveDirectory.Management.dll\ActiveDirectory:://RootDSE/$Path"`
It looks like whoever wrote it originally may have known this - it appears to have reverted in 2.25.0.0 (https://github.com/dsccommunity/ActiveDirectoryDsc/blob/main/HISTORIC_CHANGELOG.md#22500)
This will need to stay like this until Microsoft fix the AD PSDrive bug.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 1809
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage : en-US
OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
PSVersion 5.1.17763.2268
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.2268
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used
6.0.1
The text was updated successfully, but these errors were encountered: