Hello,
I am having issues running the "Invoke-IPAMGPOProvisioning cmdlet. I have read several technet articles including:
https://social.technet.microsoft.com/Forums/sharepoint/en-US/4f92263f-2545-4268-95b3-9ecfe42f6fc1/action?threadDisplayName=invokeipamgpoprovisioning-failed-to-import-gpo
https://social.technet.microsoft.com/Forums/sharepoint/en-US/eac88917-e757-4bc7-a600-8fd8cffe79cd/action?threadDisplayName=invokeipamgpoprovisioning-failed-to-import-gpo-the-system-cannot-find-the-file-specified
Both of which describe my issue to a "T". However, neither really has a resolution except, "read this article to better understand".
Having read "that" article no less than a dozen times, I have attempted to run this script on 2 new IPAM Servers that were created from scratch, My account is a DA, as well as a local admin on the IPAM Server. Here is the exact syntax I am using:
Invoke-IPAMGPOProvisioning -Domain "myinternaldomain.local" -GPOPrefixName "SamePrefixChosenDuringProvisioningOfServer" -IPAMServerFQDN "MyIPAMserver.mydomain.local" -DomainController "MyInternal2012R2DC"
I have attempted to run the command with a number of combinations of Delegated Users and Delegated Groups including DA, to no avail.
Powershell is being run in an elevated manner, both as "Administrator" or as my domain user account which is a DA.
Exact error encountered:
Invoke-IPAMGPOProvisioning : FAiled to import GPO. The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
At line:1 char:1
The corresponding Windows Event ID: 2002
Group Policy Management
Import of backup failed. Error [The system cannot find the file specified]
Details-
Backup
Directory: The system cannot find the file specified.
Instance: C:\Users\MyUsersName\AppData\Local\Temp\ipamprov
Comment: {What looks to be a GPO GUID}
What ive seen, If i have this "Instance" directory open during the time the invoke-ipamgpoprovisioning command is executed, I see the directory temporarily appear, and then immediately disappear, then the command fails. It seems as if it is creating the GPO, however, the "ImportGPO" portion kicks off then fails.
When I initiate the command, my IPAMUG group is created in my local AD, and the IPAM server object is added as a member. So the script has enough privilege to modify AD.
The GPO Objects are not created.
Local Domain Background:
15 Domain Controllers, running a mixture of 2008R2 and 2012R2
(Command being run from 2012 R2 IPAM Server, against a 2012 R2 DC
1 Domain Controller running 2003 SP2
Local Domain Name: company.local
NetBIOS Domain Name: my.company.com
Primary Domain Controller in the network: running windows server 2008 R2
Any insight, other than "Read this" https://technet.microsoft.com/en-us/library/jj553805(v=wps.630).aspx
I have executed this process on other domains in the past, however I feel I may have an underlying Permissions issue or possible domain naming convention issue (local vs netbios being different)
Any reason why this wouldnt work while have a 2003 DC in the environment or a PDC that is not 2012R2? I havent see any system/domain requirements that state this, but just checking.