For Loop not passing correct variable

by injector at 2012-08-24 06:17:36

I had an issue where a whole OU lost it’s home directory permissions, luckily i found BATCHman’s Technet Blog and he had the same issue already so most of the instructions were there already, i had to change the script a little to adjust for the permissions that i needed to set but other than that no changes, I can run each command without using the For loop variable they all run correctly and apply the said permissions to the folder, however when i run it using the for loop i get this error

Exception calling "AddAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Users\lpalacio\Desktop\permissions.ps1:19 char:22
+ $Access.AddAccessRule <<<< ($FileSystemAccessRule)
+ CategoryInfo : NotSpecified: (:slight_smile: , MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

Here’s the code for the script:


Foreach ( $Folder in $HomeFolders )

$Access=GET-ACL c:\home$Folder


$AccessControlType =[System.Security.AccessControl.AccessControlType]"Allow"
$AccessControlType =[System.Security.AccessControl.AccessControlType]"Allow"
$InheritanceFlags = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
$PropagationFlags = [System.Security.AccessControl.PropagationFlags]"None"

$FileSystemAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule ($IdentityReference, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType)


SET-ACL c:\home$Folder $Access


Any help would be greatly appreciated.
by poshoholic at 2012-08-24 09:01:27
Looking at the script, it references a hard-coded ‘Home.local’ domain as part of the username. The error indicates that it is unable to translate the identity reference, which is assigned to the username, so it makes me think you should start there. When you run each command without using the foreach loop, are you assigning the variables differently? If it works, you must be, because the foreach loop is dependent on the value of $Folder which is assigned as part of the loop. In which case, what are the differences?
by SusXT at 2012-08-24 09:48:33
I had the same error, but with another issue. The problem was that the domainname wasn’t correct. Then he can’t find the user and gives this error. I’m totaly new into PS, but I advise you to look in that direction. Good luck.
by injector at 2012-08-25 07:25:57
The issue ended up being the way i setup the test users, in production the username and the folder names are the same, on my test enviroment for some reason I had the username different from the folder name which would obviously cause an issue, i changed the folder names to match the usernames and it worked like a charm
by poshoholic at 2012-08-25 08:17:45
Excellent, glad you got it working. Thanks for circling back to let us know!