Just a quick post as I ran into something that really had me confused. I have used get-acl and set-acl for folders and files, very frequently and easily actually. Researching an SCCM issue, a scripting task presented itself. A list of all computers and whether or not the “Windows Authorization Access Group” is listed in the Security for the object. Using AD Users and Computers, you have to use View\Advanced Features, and then inspect the Security tab for the computer object. I wrote a quick loop and on one machine it was producing verifiable results while on another machine the results were consistently negative results.
Versions of Powershell are the same, the ActiveDirectory module is the same… hmmmmm what is the difference? “pwd” revealed the culprit. What is odd, with my other ACL operations I did not specifiy that the current location is AD:\ but in order for get-acl $machine.DistinguishedName to work and not return object not found I have to ensure get-location returns AD:\