ActiveDirectory module fails to update

I’ve recently upgraded a Windows 2008 R2 server that had the Powershell Active Directory module enabled to Windows Server 2012 R2.

When I invoked the Update-Help cmdlet on the newly upgraded server, I’ve got the following message:

update-help : Failed to update Help for the module(s) ‘ActiveDirectory’ with UI culture(s) {en-US} : Access to the path ‘C:\windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\en-US\Microsoft.ActiveDirectory.Management.dll-help.xml’ is denied.

I’ve first tried to remove the feature but it didn’t help

(NB: I haven’t tried the -Remove parameter to avoid a reboot, I guess… or worse)

As you can see below, there are actually multiple problems:

  1. the Builtin\Administrators group doesn’t have at least a write access to the file
  2. all the NTFS permissions aren’t inherited from the parent folder
  3. the owner of the file and parent folder is NT SERVICE\TrustedInstaller 😦

My fix consisted in giving back the ownership of the xml file to the Builtin\Administrators group and giving it as well the missing Write access.

$File = "C:\windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\en-US\Microsoft.ActiveDirectory.Management.dll-help.xml"            
takeown /F $File /A            
icacls $File --% /grant  *S-1-5-32-544:(W)

After that, I’ve got the help of the ActiveDirectory udpated successfully 😎

Advertisements

One thought on “ActiveDirectory module fails to update

  1. Thank you, Thank you, Thank you!!! I’ve looked for weeks trying to resolve this apparent old issue and none of them show your script…and thereby do not work. your script is obviously designed for the desktop…the others appear to work from the server itself–not always to way you want to work.

    Anyway, again…thanks for the answer I needed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s