Hi Everyone I would like to set the DS-Install-Replica (Add/Remove Replica In Domain) on the domain using Powershell.
http://msdn.microsoft.com/en-us/library/ms684351%28VS.85%29.aspx
This is the script
$objLDAP = [ADSI]"LDAP://DC=Devenvx,DC=infra,dc=ss,dc=gov,dc=au"
$objSecurity = $objLDAP.psbase.ObjectSecurity
## set the rights and control type
$objControlType = [System.Security.AccessControl.AccessControlType]::Allow
$objRights = "ExtendedRight"
$strGUID = "9923a32a-3607-11d2-b9be-0000f87a36b2"
#$objInherit = [System.DirecotryServices.ActiveDirectorySecurityInheritance]::All
$objInherit = [System.DirectoryServices.ActiveDirectorySecurityInheritance]"All"
## who does this apply to
$objwho = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList "", "AA-L-AdditionalDC"
# apply
$ObjnewACE= New-Object -TypeName System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $objwho, $objRights, $objControlType, $objInherit, $strGUID
$objSecurity.AddAccessRule($ObjnewACE)
$objLDAP.psbase.CommitChanges()
Works fine, except when I go into ADSIEdit, the permission hasn't been set, instead it just seems to add the group and sets nothing.
Any ideas?