Hi,
I am trying to use the below script to provision an OU, create 2 security groups and then disable inheritance on the OU. The script manages to create the OU and also add 2 security groups in successfully, but the inheritance part does not work. Any ideas, I dont get any errors with the script. Any ideas kindly welcomed.
#Import Active Directory Module (Requires AD Powershell Module)
Import-Module ActiveDirectory
#Define Arrays
$RootOUPath = "OU=RootOU,DC=SaaS,DC=Local"
#Enter the New OU Name
$NewOU = Read-Host "Enter New OU Name"
#Check if OU already exists
$OUCheck = get-adorganizationalunit -Filter { name -eq $NewOU }
#Create new Tenant OU
if($OUCheck -eq $null)
{CD AD:
New-ADOrganizationalUnit -Name $NewOU -Path "$RootOUPath" -ProtectedFromAccidentalDeletion $False
New-ADGroup "$Admins" -GroupScope Global -Path "OU=$NewOU,$RootOUPath"
New-ADGroup "$Users" -GroupScope Global -Path "OU=$NewOU,$RootOUPath"
#Disable inheritance on New OU
$ACL = Get-Acl "OU=$NewOU,$RootOUPath"
$ACL.SetAccessRuleProtection($true,$true)
set-acl -aclobject $ACL "OU=$NewOU,$RootOUPath"
$ACL.SetAccessRuleProtection($false,$false)
set-acl -aclobject $ACL "OU=$NewOU,$RootOUPath" }
#Output OU already exists
else
{write-host "The object" $NewOu "already exists."}