I am using powershell to create the shares:
$fspath = "SERVERNAME"
$dfspath = "SERVERNAME"
#Build user folder with permissions
if ( !(Test-Path $fspath) )
{
#Create user folder on server.
New-Item -Path $fspath -ItemType Directory
#Set owner and ntfs permissions
$acl = Get-Acl $fspath
$DArule = new-object System.Security.AccessControl.FileSystemAccessRule "DOMAIN\Domain Admins", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
$DArule1 = new-object System.Security.AccessControl.FileSystemAccessRule "DOMAIN\adaxessvcadm", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
$userrule = new-object System.Security.AccessControl.FileSystemAccessRule "DOMAIN\%username%", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
$acl.AddAccessRule($DArule)
$acl.AddAccessRule($DArule1)
$acl.AddAccessRule($userrule)
$acl.SetOwner((New-Object System.Security.Principal.NTAccount("DOMAIN\%username%")))
Set-Acl $fspath $acl
}
#Setup dfs link for homedir
if ( !(Test-Path $dfspath) )
{
#Create the DFS link
Invoke-Expression -Command "dfsutil.exe link add $dfspath $fspath"
#Set the referral target time
Invoke-Expression -command "dfsutil.exe property ttl set $dfspath 5400"
}
I have verified that all DFS shares have the adaxes service account having the correct access.
Here is the error that I am recieving. How do I fix the issue?
The security identifier is not allowed to be the owner of this object.
Thank you,
Tony