powershell - a required audit event could not be generated for the operation..

Hi guys,

This has been driving me pots. I've got a script running that connects to Forest A, grabs the userID and its SID then (should) connect to Forest B, match the userID and drop the SID (converted to a hex string) into a hex-only AD attribute (msRTCSIP-originatorSID)

I'm getting the error 'a required audit event could not be generated for the operation' when trying to update the attribute.

I've enabled Powershell 'local scripts' and 'remote signed' on the domain controller GPO.. Code below..

param ([string]$SidString)
$sid = New-Object System.Security.Principal.NTAccount("AD", "$logonname")
$sid = $sid.Translate([system.Security.Principal.SecurityIdentifier])
$sidstring = ($sid -as [string])
$sidBytes = New-Object byte[] $sid.BinaryLength
$sid.GetBinaryForm( $sidBytes, 0 )
$hexArr = $sidBytes | ForEach-Object { $_.ToString("X2") }
# Join the hex array into a single string for output
# $hexArr -join ''

write-host $hexArr

$SetADmsRTCSIP = set-aduser -identity $username.samaccountname -add @{"msRTCSIP-OriginatorSid" = "$hexArr"}

Open in new window

Corcoran SmithAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
Did you configure delegate between both domains?: http://technet.microsoft.com/en-us/magazine/jj853299.aspx
Corcoran SmithAuthor Commented:
Hi there's full trust but the connections use credentials from both domains (it's a merger and not a hugely happy one!) so full script asks you to put in creds for both domains..

In the code snip above, it 'goes' write the full hex-string that it's supposed to, but then fails. The script is running in the forest I'm trying to update the attribute on.

I'm not feeling that this is an error with the script.  I would focus on the error.  Check event logs and see what the audit settings are.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Corcoran SmithAuthor Commented:
Hi Foo - yeah similar. Nothing in the event logs on the server I'm hitting. I've set auditing disabled for all DC's in the domain..
Do you get the same error if you run the final command, not as part of the script or using any variables?  For example:
set-aduser -identity jdoe -add @{"msRTCSIP-OriginatorSid" = "0409000000000006320000009367E94D4F3C3A6AA5156B49E00D0000"}

Open in new window

Corcoran SmithAuthor Commented:
Morning Foo, yeah same thing.
I don't have much more to suggest.
I would try setting the attribute using a different method, like through the attribute editor in ADUC, and see if the error still occurs.  Then I would check out existing users that already have the attribute set and look for any differences - maybe try to change the attribute back and forth and see the result.  Are you doing this as a domain admin in the domain where you're trying to set this?
Corcoran SmithAuthor Commented:
Thanks Foo; yeah I'm a domain admin.
I've taken the export-string from the powershell window and pushed it into ADUC without any error - imagine my joy.
Corcoran SmithAuthor Commented:

It's now working!

When using Powershell, it actually wants the SID in all its original glory NOT a hex string *frown face*.

I've also turned off 'audit account management' on the default domain controller GPO to get past the first error!
Corcoran SmithAuthor Commented:
Love a bit of peer review! :)
Thanks for the points.  Don't know if I helped much though.
Are you saying that turning off "audit account management" got you past the "a required audit event could not be generated for the operation" error, but then you had another error when the attribute wasn't in the format that PS wanted it to be?  If so, what was that second error?
Corcoran SmithAuthor Commented:
When you put the SID into ADUC it camps out. So you have to put in the hex string. The first load of errors in the script also suggested this. There's a couple lines at the top of the script that rip the userSID and converts that into a string. That's what it needed in the end. Gonna gently turn on auditing tomorrow get the system secure again.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.