?
Solved

powershell - a required audit event could not be generated for the operation..

Posted on 2014-10-28
12
Medium Priority
?
485 Views
Last Modified: 2014-10-29
Hi guys,

This has been driving me pots. I've got a script running that connects to Forest A, grabs the userID and its SID then (should) connect to Forest B, match the userID and drop the SID (converted to a hex string) into a hex-only AD attribute (msRTCSIP-originatorSID)

I'm getting the error 'a required audit event could not be generated for the operation' when trying to update the attribute.

I've enabled Powershell 'local scripts' and 'remote signed' on the domain controller GPO.. Code below..

param ([string]$SidString)
$sid = New-Object System.Security.Principal.NTAccount("AD", "$logonname")
$sid = $sid.Translate([system.Security.Principal.SecurityIdentifier])
$sidstring = ($sid -as [string])
$sidBytes = New-Object byte[] $sid.BinaryLength
$sid.GetBinaryForm( $sidBytes, 0 )
$hexArr = $sidBytes | ForEach-Object { $_.ToString("X2") }
# Join the hex array into a single string for output
# $hexArr -join ''

write-host $hexArr

$SetADmsRTCSIP = set-aduser -identity $username.samaccountname -add @{"msRTCSIP-OriginatorSid" = "$hexArr"}

Open in new window

0
Comment
Question by:Corcoran Smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 40408730
Did you configure delegate between both domains?: http://technet.microsoft.com/en-us/magazine/jj853299.aspx
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40408741
Hi there's full trust but the connections use credentials from both domains (it's a merger and not a hugely happy one!) so full script asks you to put in creds for both domains..

In the code snip above, it 'goes' write the full hex-string that it's supposed to, but then fails. The script is running in the forest I'm trying to update the attribute on.

corcoran
0
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 40409264
I'm not feeling that this is an error with the script.  I would focus on the error.  Check event logs and see what the audit settings are.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40409376
Hi Foo - yeah similar. Nothing in the event logs on the server I'm hitting. I've set auditing disabled for all DC's in the domain..
0
 
LVL 40

Expert Comment

by:footech
ID: 40409658
Do you get the same error if you run the final command, not as part of the script or using any variables?  For example:
set-aduser -identity jdoe -add @{"msRTCSIP-OriginatorSid" = "0409000000000006320000009367E94D4F3C3A6AA5156B49E00D0000"}

Open in new window

0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40410177
Morning Foo, yeah same thing.
0
 
LVL 40

Expert Comment

by:footech
ID: 40411165
I don't have much more to suggest.
I would try setting the attribute using a different method, like through the attribute editor in ADUC, and see if the error still occurs.  Then I would check out existing users that already have the attribute set and look for any differences - maybe try to change the attribute back and forth and see the result.  Are you doing this as a domain admin in the domain where you're trying to set this?
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40411220
Thanks Foo; yeah I'm a domain admin.
I've taken the export-string from the powershell window and pushed it into ADUC without any error - imagine my joy.
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40411223
UPDATE!

It's now working!

When using Powershell, it actually wants the SID in all its original glory NOT a hex string *frown face*.

I've also turned off 'audit account management' on the default domain controller GPO to get past the first error!
0
 
LVL 2

Author Closing Comment

by:Corcoran Smith
ID: 40411227
Love a bit of peer review! :)
0
 
LVL 40

Expert Comment

by:footech
ID: 40411487
Thanks for the points.  Don't know if I helped much though.
Are you saying that turning off "audit account management" got you past the "a required audit event could not be generated for the operation" error, but then you had another error when the attribute wasn't in the format that PS wanted it to be?  If so, what was that second error?
0
 
LVL 2

Author Comment

by:Corcoran Smith
ID: 40411732
When you put the SID into ADUC it camps out. So you have to put in the hex string. The first load of errors in the script also suggested this. There's a couple lines at the top of the script that rip the userSID and converts that into a string. That's what it needed in the end. Gonna gently turn on auditing tomorrow get the system secure again.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question