System.Security.Principal.SecurityIdentifier.Translate : “Some or all identity references could not be translated”
icalcs : “No mapping between account names and security IDs was done”
So I was trying to add a web application via powershell and got stuck on the first message when trying to grant the web pool folder access, I tried various items, and then tried icalcs from the command line and got the second message. Turns out you need to force IIS to commit the changes to create the web pool! The real issue is it didn’t exist yet.
# add a web application # reset for clean slate Reset-IISServerManager -Confirm:$false Start-IISCommitDelay $siteName = "Default Web Site" $appName = "MyBlog" $appPoolName = "MyBlogAppPool" $appFolder = "C:\inetpub\wwwroot\MyBlogApp" # add the app pool $server = Get-IISServerManager $appPool = $server.ApplicationPools.Add($appPoolName) # list props # $appPool | select-object * $appPool.ManagedRuntimeVersion = "v4.0" # IMPORTANT that this is commited, otherwise ACL below will fail # none of the error messages will explain the app pool doesn't exist Stop-IISCommitDelay # verify it exists Get-ChildItem -Path IIS:\AppPools # add the folder New-Item -ItemType "directory" $appFolder # set permissions on folder $server = Get-IISServerManager $appPoolSid = $server.ApplicationPools["$appPoolName"].Attributes['applicationPoolSid'] $identifier = New-Object System.Security.Principal.SecurityIdentifier $appPoolSid.Value $user = $identifier.Translate([System.Security.Principal.NTAccount]) $acl = Get-Acl $appFolder #$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,"FullControl", "Allow") $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user,"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.SetAccessRule($rule) Set-Acl $appFolder $Acl # create the web app Reset-IISServerManager -Confirm:$false Start-IISCommitDelay New-WebApplication -Name $appName -Site $siteName -PhysicalPath $appFolder -ApplicationPool $appPoolName Stop-IISCommitDelay # # #
OR
LOGIN OR REGISTER
Registered users with one approved comment can comment without moderation