0 votes

I am using powershell to create the shares:

$fspath = "SERVERNAME"
$dfspath = "SERVERNAME"

#Build user folder with permissions
if ( !(Test-Path $fspath) )
{
    #Create user folder on server.
    New-Item -Path $fspath -ItemType Directory

    #Set owner and ntfs permissions
    $acl = Get-Acl $fspath

    $DArule = new-object System.Security.AccessControl.FileSystemAccessRule "DOMAIN\Domain Admins", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
    $DArule1 = new-object System.Security.AccessControl.FileSystemAccessRule "DOMAIN\adaxessvcadm", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
    $userrule = new-object System.Security.AccessControl.FileSystemAccessRule "DOMAIN\%username%", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow" 

    $acl.AddAccessRule($DArule)
    $acl.AddAccessRule($DArule1)
    $acl.AddAccessRule($userrule)
    $acl.SetOwner((New-Object System.Security.Principal.NTAccount("DOMAIN\%username%")))

    Set-Acl $fspath $acl
}

#Setup dfs link for homedir
if ( !(Test-Path $dfspath) )
{
    #Create the DFS link
    Invoke-Expression -Command "dfsutil.exe link add $dfspath $fspath"

    #Set the referral target time
    Invoke-Expression -command "dfsutil.exe property ttl set $dfspath 5400"
}

I have verified that all DFS shares have the adaxes service account having the correct access.
Here is the error that I am recieving. How do I fix the issue?
The security identifier is not allowed to be the owner of this object.

Thank you,

Tony

by (480 points)

1 Answer

0 votes
by (294k points)
selected by
Best answer

Hello Tony,

Could you make sure that the user whose credentials are used to run the script, has the SE_RESTORE_NAME (SeRestorePrivilege) privilege? It is required to have a possibility to set owners. For details, have a look at the following article on Microsoft forums: https://msdn.microsoft.com/en-us/librar ... s.85).aspx.

0

Support,

Please let me know where I should look for this permission being set. Is this on the share or the account itself?

Thanks,

Tony

0

Hello Tony,

Please let me know where I should look for this permission being set.

Have a look at the following article by Microsoft: https://docs.microsoft.com/en-us/previo ... 3(v=ws.11).

Is this on the share or the account itself?

This permission should be granted to the user whose credentials are used to run the script. In your case it is the account of the default service administrator.

Related questions

0 votes
1 answer

Our users are setup with Dfs links for their network home directories. In other words, our helpdesk technicians have to access the Dfs console, setup the new Dfs links (with ... modify the new user AD account. How can this be achieved using Adaxes? thanks!

asked Jan 31, 2011 by hs-usa (60 points)
0 votes
1 answer

I gone throught Adaxes License is based and its based on user. I wanted to understand, does the license user count is on technical assistance user or AD objects?

asked Jan 23, 2020 by subbu (20 points)
0 votes
1 answer

I'm attaching below a snippet from a scheduled task. It's a function that receives as a parameter the employeeID, which is then used in the search filter. ... { $userInfo."$propertyName" = $searchResult.Properties[$propertyName].Value } } return $userInfo }

asked Oct 28, 2016 by sandramnc (870 points)
0 votes
0 answers

Please excuse this lengthy post but in order to fully explain my scenario, I believe it's necessary. We're using the Adaxes Web Interface to enable Department HR Reps to ... it being e-mailed. Any assistance or guidance would be greatly appreciated. Thanks...

asked Jul 19, 2016 by sandramnc (870 points)
0 votes
1 answer

I have an export that will run as a monthly scheduled task that will write output to a CSV to contain employees that have been ... ([datetime]terminationDate>=$lastMonth))" $properties = $eachFieldIn $userSearcher.SetPropertiesToLoad($properties)

asked Nov 2, 2015 by sandramnc (870 points)
3,589 questions
3,278 answers
8,303 comments
548,115 users