Error When Running Start-MultipleMachineDistributionListMigration Command - Unable to set the ACL on the folder for the active directory credential.

[write2tsm]

Hi Tim

I'm seeing the below error while running the Start-MultipleMachineDistributionListMigration command:

Start-MultipleMachineDistributionListMigration -groupSMTPAddresses $groups -globalCatalogServer -activeDirectoryCredential $credentials -aadconnectServer -aadConnectCredential $credentials -aadConnectAuthenticationMethod Kerberos -exchangeServer -exchangeCredential $credentials -exchangeAuthenticationMethod Kerberos -exchangeOnlineCredential $credentials -logFolderPath C:\DLConversion -remoteDriveLetter S -serverNames $machines -dnNoSyncOU "

[19/07/2023 3:18:48 PM] - Testing server for presence of DLConversion V2 [19/07/2023 3:18:48 PM] - Skipping test - this is the machine running the controller. [19/07/2023 3:18:51 PM] - Creating DLConversionV2 to share to support centralized logging. [19/07/2023 3:18:53 PM] - Setting the ACL on the folder for full control to the active directory credential and enabling inheritance.

Directory: C:\

Path Owner Access

---

DLConversion BUILTIN\Admin NT AUTHORITY\SYSTEM Allow FullControl...

FullControl ContainerInherit, ObjectInherit None Allow FileSystemRights : FullControl AccessControlType : Allow IdentityReference : IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None Directory: C:\ Path Owner Access ---- ----- ------ DLConversion BUILTIN\Admin Allow FullControl... [19/07/2023 3:18:53 PM] - Setting the ACL on the folder for full control for machine accounts to the active directory credential and enabling inheritance. [19/07/2023 3:18:54 PM] - **Unable to set the ACL on the folder for the active directory credential. get-adComputer : The server has rejected the client credentials.** At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.13\start-MultipleMachineDistributionListMigration.ps1:663 char:34 + ... countName = get-adComputer -identity $forServerName[0] -server $globa ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: (:ADComputer) [Get-ADComputer], AuthenticationException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.Security.Authentication.AuthenticationException,Microsoft.ActiveDirectory.Management.Com mands.GetADComputer [19/07/2023 3:18:54 PM] - ******************************************************************************** [19/07/2023 3:18:54 PM] - BEGIN disable-allPowerShellSessions [19/07/2023 3:18:54 PM] - ******************************************************************************** [19/07/2023 3:18:54 PM] - Gathering all PS Sessions [19/07/2023 3:18:54 PM] - Disconnecting Exchange Online Session [19/07/2023 3:18:54 PM] - Removing other non-Exchange Online powershell sessions. 2 [19/07/2023 3:18:54 PM] - WinRM2 [19/07/2023 3:18:54 PM] - [19/07/2023 3:18:55 PM] - ***IT MAY BE NECESSARY TO EXIT THIS POWERSHELL WINDOW AND REOPEN TO RESTART FROM A FAILED MIGRATION*** [19/07/2023 3:18:55 PM] - END disable-allPowerShellSessions [19/07/2023 3:18:55 PM] - ******************************************************************************** [19/07/2023 3:18:55 PM] - ******************************************************************************** ParameterName Bound ParameterValue ------------- ----- -------------- isSuccess True False logFolderPath True C:\DLConversion isHealthCheck False False Verbose False Debug False ErrorAction False WarningAction False InformationAction False ErrorVariable False WarningVariable False InformationVariable False OutVariable False OutBuffer False PipelineVariable False [19/07/2023 3:18:55 PM] - ******************************************************************************** [19/07/2023 3:18:55 PM] - Archiving files associated with run. [19/07/2023 3:18:55 PM] - Split string for group name. C: DLConversion What am I missing here? Thanks

[timmcmic]

Are you able to run get-adComputer using the credentials that you're storing. The credentials are either domain admin or enterprise admin?

Tim

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday - Wednesday 08:00 - 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

From: write2tsm @.> Sent: Wednesday, July 19, 2023 7:10 AM To: timmcmic/DLConversionV2 @.> Cc: Subscribed @.***> Subject: [timmcmic/DLConversionV2] Error When Running Start-MultipleMachineDistributionListMigration Command - Unable to set the ACL on the folder for the active directory credential. (Issue #142)

Hi Tim

I'm seeing the below error while running the Start-MultipleMachineDistributionListMigration command:

Start-MultipleMachineDistributionListMigration -groupSMTPAddresses $groups -globalCatalogServer -activeDirectoryCredential $credentials -aadconnectServer -aadConnectCredential $credentials -aadConnectAuthenticationMethod Kerberos -exchangeServer -exchangeCredential $credentials -exchangeAuthenticationMethod Kerberos -exchangeOnlineCredential $credentials -logFolderPath C:\DLConversion -remoteDriveLetter S -serverNames $machines -dnNoSyncOU ""

[19/07/2023 3:18:48 PM] - Testing server for presence of DLConversion V2 [19/07/2023 3:18:48 PM] - Skipping test - this is the machine running the controller. [19/07/2023 3:18:51 PM] - Creating DLConversionV2 to share to support centralized logging. [19/07/2023 3:18:53 PM] - Setting the ACL on the folder for full control to the active directory credential and enabling inheritance.

Directory: C:\

Path Owner Access

---

DLConversion BUILTIN\Admin NT AUTHORITY\SYSTEM Allow FullControl... FullControl ContainerInherit, ObjectInherit None Allow

FileSystemRights : FullControl AccessControlType : Allow IdentityReference : IsInherited : False InheritanceFlags : ContainerInherit, ObjectInherit PropagationFlags : None

Directory: C:\

Path Owner Access

---

DLConversion BUILTIN\Admin <Domain\DomainAdminAccount> Allow FullControl...

[19/07/2023 3:18:53 PM] - Setting the ACL on the folder for full control for machine accounts to the active directory credential and enabling inheritance. [19/07/2023 3:18:54 PM] - Unable to set the ACL on the folder for the active directory credential. get-adComputer : The server has rejected the client credentials. At C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.13\start-MultipleMachineDistributionListMigration.ps1:663 char:34

• ... countName = get-adComputer -identity $forServerName[0] -server $globa ...

• • CategoryInfo : SecurityError: (:ADComputer) [Get-ADComputer], AuthenticationException
  • FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.Security.Authentication.AuthenticationException,Microsoft.ActiveDirectory.Management.Com mands.GetADComputer

[19/07/2023 3:18:54 PM] - **** [19/07/2023 3:18:54 PM] - BEGIN disable-allPowerShellSessions [19/07/2023 3:18:54 PM] - **** [19/07/2023 3:18:54 PM] - Gathering all PS Sessions [19/07/2023 3:18:54 PM] - Disconnecting Exchange Online Session [19/07/2023 3:18:54 PM] - Removing other non-Exchange Online powershell sessions. 2 [19/07/2023 3:18:54 PM] - WinRM2 [19/07/2023 3:18:54 PM] - [19/07/2023 3:18:55 PM] - IT MAY BE NECESSARY TO EXIT THIS POWERSHELL WINDOW AND REOPEN TO RESTART FROM A FAILED MIGRATION [19/07/2023 3:18:55 PM] - END disable-allPowerShellSessions [19/07/2023 3:18:55 PM] - **** [19/07/2023 3:18:55 PM] - ****

ParameterName Bound ParameterValue

---

isSuccess True False logFolderPath True C:\DLConversion isHealthCheck False False Verbose False Debug False ErrorAction False WarningAction False InformationAction False ErrorVariable False WarningVariable False InformationVariable False OutVariable False OutBuffer False PipelineVariable False

[19/07/2023 3:18:55 PM] - **** [19/07/2023 3:18:55 PM] - Archiving files associated with run. [19/07/2023 3:18:55 PM] - Split string for group name. C: DLConversion

What am I missing here?

Thanks

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/142, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6OXXDPVTIJWEIY7NATXQ66CHANCNFSM6AAAAAA2PYCPOQ. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>

[write2tsm]

I'm able to run the get-adComputer command successfully (with Shortname not FQDN - not sure if that matters):

The account specified is a Domain Admin.

[timmcmic]

Do you get the credential error with fqdn?

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday – Wednesday 08:00 – 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

---

From: write2tsm @.> Sent: Wednesday, July 19, 2023 4:29 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Error When Running Start-MultipleMachineDistributionListMigration Command - Unable to set the ACL on the folder for the active directory credential. (Issue #142)

I'm able to run the get-adComputer command successfully (with Shortname not FQDN - not sure if that matters):

[get-adComputer]https://user-images.githubusercontent.com/26711222/254703154-4e99b915-99ab-477b-b34c-3dcfe1ba3495.png

The account specified is a Domain Admin.

— Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/142#issuecomment-1642710763, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6IYTKQHMJ6XD4AUPBDXRA7Q5ANCNFSM6AAAAAA2PYCPOQ. You are receiving this because you commented.Message ID: @.***>

[write2tsm]

No. It just says "Cannot find an object with Identity ",as is covered in the previous screenshot (first attempt was with FQDN).

Thanks

[timmcmic]

Sorry I did not see a screen shot attached to the previous. I'll need to take a look. If memory serves the call is by FQDN in the code.

Tim

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday - Wednesday 08:00 - 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

From: write2tsm @.> Sent: Wednesday, July 19, 2023 5:11 PM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Error When Running Start-MultipleMachineDistributionListMigration Command - Unable to set the ACL on the folder for the active directory credential. (Issue #142)

It says "Cannot find an object with Ideneity ",as is covered in the previous screenshot (first attempt was with FQDN).

Thanks

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/142#issuecomment-1642764488, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6JN6RD2OPQJKTU3JYLXRBEOXANCNFSM6AAAAAA2PYCPOQ. You are receiving this because you commented.Message ID: @.**@.>>

[write2tsm]

Hi Tim

Quick update on this one....the issue somehow disappeared when I ran the same command again this morning. Still unsure why, but seems like some intermittent issue.

Thanks

[timmcmic]

Multiple machine migrations can be somewhat fragile - they work great when they work but not so much when they do not. Generally most stick to multi single machines.

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday – Wednesday 08:00 – 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

---

From: write2tsm @.> Sent: Thursday, July 20, 2023 1:10 AM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Error When Running Start-MultipleMachineDistributionListMigration Command - Unable to set the ACL on the folder for the active directory credential. (Issue #142)

Hi Tim

Quick update on this one....the issue somehow disappeared when I ran the same command again this morning. Still unsure why, but seems like some intermittent issue.

Thanks

— Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/142#issuecomment-1643206153, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6OFU7JACAKZU4OGD3LXRC4TPANCNFSM6AAAAAA2PYCPOQ. You are receiving this because you commented.Message ID: @.***>