I am a bit stuck with the following command in an Active Directory Lightweight Directory Services instance:
try
{
New-AdObject -Server $ADLDSServer -Name $($person.CN) -OtherAttributes @{'ObjectSid' = $($ADUser.objectSID) } -Path "OU=users,dc=domain,dc=test" -Type CompanyPerson -Verbose -Instance $person
}
This is part of a script that creates a new object and add an objectsid from the target domain. This was working with the filter * and I only changed a few parameters to test it against one user.
Now, the error I get is the following:
VERBOSE: Performing the operation "New" on target "OU=users,dc=domain,dc=test".
WARNING: The modification was not permitted for security reasons
D:\scripts\ObjectSID.PS1 : The modification was not permitted for security reasons
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,UpdateObjectSID.PS1
I got permissions on this instance and folders, so I don't think is a permissions issue. Is anyone familiar with this issue and know how to resolve it, please?
Thanks
I finally got my head around that problem and found the issue. I had selected the same object class "CompanyPerson" used when the system provisioned the user. We created a new object for this script to work.
New-ADObject [-Server <String>] [-Name] <String> [-OtherAttributes <Hashtable>] [-Path <String>] [-Type] <New_Custom_User_Object> [-Instance <ADObject>] [-Verbose] <String>
Once I change the object class to the new one created for this script, it had allowed me to set the objectSID during New-Object creation. It is not possible to set that parameter up doing Set-Object. It can be generated only once at object creation.
Thanks