PowerShell folder permission error - Some or all identity references could not be translated.

The error is pretty self explanatory: Some or all identity references could not be translated.

This means the account couldn't be found. So what you have to do is verify your accounts. Since you're adding 4 ACE's, you'll need to identify which is invalid.

The easiest way to do this is to debug through, line by line using the ISE or PowerGUI.

I tried your code with "NT AUTHORITY\SYSTEM" and "BUILTIN\Administrators" and it works so the issue is with "O1OAK\$user" or "1OAK\$user". You likely have an invalid account in your text file.

a gotch with the user ID is that AD truncates the username, so a user with a long name "j_reallylongname" will have a samid (Security Account Manager (SAM) account name) which is truncated. (j_reallylong)

so when fetching usernames, make sure you verify against the AD before using it.

When i've got the upns, so i run a dsget query to get the samid then use that to build the identity reference.

Adding this in case any C#/ASP.NET developers get this (which is my scenario, and I found this post).

I am using .NET Core in a corporate environment, and I need to check UserGroups as part of security. The code is like (where "user" is a ClaimsPrincipal):

var windowsIdentity = user.Identity as WindowsIdentity;if( windowsIdentity is null )    throw new Exception( $"Invalid Windows Identity {user.Identity.Name}" );return windowsIdentity.Groups    .Select( g => g.Translate( typeof( NTAccount ) ).Value );

Anyway, someone in charge of groups deleted a group I was part of, and the AD replication lag caused me to get the error in the title. A logoff and/or reboot worked just fine.