I am working on a larger script to spin up new servers in VMWare for a customer. I have a function for adding the object to the correct OU in A.D. and, based on the type of server, adding it to the security filter on a GPO. The problem I am encountering is the GPOs all live in the parent domain, but occasionally the addition fails if the server is from the child domain. The object creation is straightforward and always works:
$Name = newServerName $sDomain = child.domain.com New-ADComputer -Name $Name -Server $sDomain -Path $sOU -Description $Description
The second piece, if the server meets the criteria, is something like this:
$oGPO = Get-GPO -Name $GPO -Domain "parent.domain.com" Set-GPPermissions -Name $oGPO.DisplayName -PermissionLevel GpoApply -TargetName $Name -TargetType Computer -DomainName $sDomain
About 90% of the time the addition to the GPO security filter fails. The error is: “The operation cannot be completed because “serverName$” is not a valid computer in the parent.domain.com domain”. So it is looking for the computer object in the parent domain, not the child. However, if I run it again immediately, with the object now created in A.D., it always goes through just fine. I have attempted to add a sleep, or a while loop until Get-ADComputer returns the computer object, but the addition still fails. I also tried using the machine’s FQDN, but the error comes back “serverName.child.domain.com$ is not a valid computer in the parent.domain.com domain” Just curious if there is something else I can try.