If you’ve ever tried to set permissions on a GPO using Powershell, and you’ve encountered an error that the user is “not a valid user” in your domain, you’ve probably also noticed (at least at the current time of writing) that very little information exists about this issue.
I encountered this problem after trying to execute the following Powershell command to make a simple permission change on a GPO: –
Set-GPPermissions -name “My Policy” -PermissionLevel “GpoEditDeleteModifySecurity” -TargetName “MyUser” -TargetType “User”
Running the above command was given me the result below: –
Set-GPPermissions : The operation cannot be completed because “<USER>” is not a valid user in the <FQDN> domain.
Make sure that the TargetName and TargetType parameters specify a valid user for the domain. Then, run the command again.
Parameter name: TargetName
At line:1 char:18
+ Set-GPPermissions <<<<
+ CategoryInfo : ObjectNotFound: (Microsoft.Group…missionsCommand:SetGPPermissionsCommand) [Set-GPPermissions], ArgumentException
+ FullyQualifiedErrorId : TargetNotFound,Microsoft.GroupPolicy.Commands.SetGPPermissionsCommand
Reading the examples of the Set-GPPermissions command, I just couldn’t see where I was going wrong, so I was sure it had to be a bug. Unfortunately, there’s hardly any information about the problem… Except a hotfix from Microsoft that doesn’t mention the specific issue, however does resolve it!
The hotfix is KB978838, and mentions a different error message and only applied to “non-English” versions of the Windows operating system. I was not having the issue described, and am running an English version of Windows Server 2008 R2, however I think my scenario came close enough to warrant testing the hotfix, for the following reasons: –
- I was having issues with what would likely be the same function in the Powershell cmdlet
- I am in Australia, and have it set as my locale
So if you are wondering if the hotfix will work for you, the chances are “yes” based on my experience.
It seems that there are an increasing number of locale related bugs in Microsoft products since the release of Vista onwards. If anyone from Microsoft stumbles across this, could I suggest passing on a message that the USA isn’t the only English speaking country in the world, and aren’t the only users of your products!
EDIT: I can confirm that Windows 7/Windows Server 2008 R2 Service Pack 1 also corrects this issue.
One thought on “Set-GPPermissions Powershell cmdlet fails to apply permissions due to “invalid user””
The hotfix solved my problem as well with a en-US version of Windows Server 2008 R2 install so it not limited to non-Yankee installs. Was banging my head on my desk trying to figure out why I could not get this to work. Thanks!
Judging by my google search, you and I are the only people with this problem.