Solved

powershell - a required audit event could not be generated for the operation..

Posted on 2014-10-28
12
462 Views
Last Modified: 2014-10-29
Hi guys,

This has been driving me pots. I've got a script running that connects to Forest A, grabs the userID and its SID then (should) connect to Forest B, match the userID and drop the SID (converted to a hex string) into a hex-only AD attribute (msRTCSIP-originatorSID)

I'm getting the error 'a required audit event could not be generated for the operation' when trying to update the attribute.

I've enabled Powershell 'local scripts' and 'remote signed' on the domain controller GPO.. Code below..

param ([string]$SidString)
$sid = New-Object System.Security.Principal.NTAccount("AD", "$logonname")
$sid = $sid.Translate([system.Security.Principal.SecurityIdentifier])
$sidstring = ($sid -as [string])
$sidBytes = New-Object byte[] $sid.BinaryLength
$sid.GetBinaryForm( $sidBytes, 0 )
$hexArr = $sidBytes | ForEach-Object { $_.ToString("X2") }
# Join the hex array into a single string for output
# $hexArr -join ''

write-host $hexArr

$SetADmsRTCSIP = set-aduser -identity $username.samaccountname -add @{"msRTCSIP-OriginatorSid" = "$hexArr"}

Open in new window

0
Comment
Question by:Corcoran Smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40408730
Did you configure delegate between both domains?: http://technet.microsoft.com/en-us/magazine/jj853299.aspx
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40408741
Hi there's full trust but the connections use credentials from both domains (it's a merger and not a hugely happy one!) so full script asks you to put in creds for both domains..

In the code snip above, it 'goes' write the full hex-string that it's supposed to, but then fails. The script is running in the forest I'm trying to update the attribute on.

corcoran
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40409264
I'm not feeling that this is an error with the script.  I would focus on the error.  Check event logs and see what the audit settings are.
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40409376
Hi Foo - yeah similar. Nothing in the event logs on the server I'm hitting. I've set auditing disabled for all DC's in the domain..
0
 
LVL 40

Expert Comment

by:footech
ID: 40409658
Do you get the same error if you run the final command, not as part of the script or using any variables?  For example:
set-aduser -identity jdoe -add @{"msRTCSIP-OriginatorSid" = "0409000000000006320000009367E94D4F3C3A6AA5156B49E00D0000"}

Open in new window

0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40410177
Morning Foo, yeah same thing.
0
 
LVL 40

Expert Comment

by:footech
ID: 40411165
I don't have much more to suggest.
I would try setting the attribute using a different method, like through the attribute editor in ADUC, and see if the error still occurs.  Then I would check out existing users that already have the attribute set and look for any differences - maybe try to change the attribute back and forth and see the result.  Are you doing this as a domain admin in the domain where you're trying to set this?
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40411220
Thanks Foo; yeah I'm a domain admin.
I've taken the export-string from the powershell window and pushed it into ADUC without any error - imagine my joy.
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40411223
UPDATE!

It's now working!

When using Powershell, it actually wants the SID in all its original glory NOT a hex string *frown face*.

I've also turned off 'audit account management' on the default domain controller GPO to get past the first error!
0
 
LVL 2

Author Closing Comment

by:Corcoran Smith
ID: 40411227
Love a bit of peer review! :)
0
 
LVL 40

Expert Comment

by:footech
ID: 40411487
Thanks for the points.  Don't know if I helped much though.
Are you saying that turning off "audit account management" got you past the "a required audit event could not be generated for the operation" error, but then you had another error when the attribute wasn't in the format that PS wanted it to be?  If so, what was that second error?
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40411732
When you put the SID into ADUC it camps out. So you have to put in the hex string. The first load of errors in the script also suggested this. There's a couple lines at the top of the script that rip the userSID and converts that into a string. That's what it needed in the end. Gonna gently turn on auditing tomorrow get the system secure again.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question