windows - PowerShell folder permission error - Some or all identity references could not be translated.

Question

I have read many posts about this, but I still can't get it. I am running this script as Admin and It does create the folders requred, just does not set the appropriate permissions. Any help would be appreciated. Thank you!

$Users = Get-Content "D:New_Users.txt"
ForEach ($user in $users)
{
    $newPath = Join-Path "F:Users" -childpath $user
    New-Item $newPath -type directory

    $UserObj = New-Object System.Security.Principal.NTAccount("DOMAIN",$user)

    $acl = Get-Acl $newpath
    $acl.SetAccessRuleProtection($True, $False)
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("O1OAK$user","AppendData,CreateDirectories,CreateFiles,DeleteSubdirectoriesAndFiles,ExecuteFile,ListDirectory,Modify,Read,ReadAndExecute,ReadAttributes,ReadData,ReadExtendedAttributes,ReadPermissions,Synchronize,Traverse,Write,WriteAttributes,WriteData,WriteExtendedAttributes","ContainerInherit, ObjectInherit","None","Allow")
    $acl.SetAccessRule($accessRule)
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITYSYSTEM","FullControl","ContainerInherit, ObjectInherit","None","Allow")
    $acl.SetAccessRule($accessRule)
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTINAdministrators","FullControl","ContainerInherit, ObjectInherit","None","Allow")
    $acl.SetAccessRule($accessRule)
    $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("1OAK$user","Delete","ContainerInherit, ObjectInherit","None","Allow")
    $acl.removeAccessRule($accessRule)
    $acl.SetOwner($UserObj)
    $acl | Set-Acl $newpath
}

The first error in a string of 3 that I get is below. I think it is the most important and will fix the other 2.

Exception calling "SetAccessRule" with "1" argument(s): "Some or all identity references could not be translated."
At D:DOMAINITIT PrivateUser Drivesuser_folders.ps1:12 char:20
+     $acl.SetAccessRule <<<< ($accessRule)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

I hope this is not a duplicate and I am sorry if it is, I have been reading for hours. Thank you!

Answer 1

The error is pretty self explanatory: Some or all identity references could not be translated.

This means the account couldn't be found. So what you have to do is verify your accounts. Since you're adding 4 ACE's, you'll need to identify which is invalid.

The easiest way to do this is to debug through, line by line using the ISE or PowerGUI.

I tried your code with "NT AUTHORITYSYSTEM" and "BUILTINAdministrators" and it works so the issue is with "O1OAK$user" or "1OAK$user". You likely have an invalid account in your text file.