Invoke-IPAMGPOProvisioning Failure


  • Hello, 

    I am having issues running the "Invoke-IPAMGPOProvisioning cmdlet. I have read several technet articles including:

    Both of which describe my issue to a "T". However, neither really has a resolution except, "read this article to better understand". 

    Having read "that" article no less than a dozen times, I have attempted to run this script on 2 new IPAM Servers that were created from scratch, My account is a DA, as well as a local admin on the IPAM Server. Here is the exact syntax I am using: 

    Invoke-IPAMGPOProvisioning -Domain "myinternaldomain.local" -GPOPrefixName "SamePrefixChosenDuringProvisioningOfServer" -IPAMServerFQDN "MyIPAMserver.mydomain.local" -DomainController "MyInternal2012R2DC"

    I have attempted to run the command with a number of combinations of Delegated Users and Delegated Groups including DA, to no avail.

    Powershell is being run in an elevated manner, both as "Administrator" or as my domain user account which is a DA.

    Exact error encountered: 

    Invoke-IPAMGPOProvisioning : FAiled to import GPO. The system cannot find the file specified. (Exception from HRESULT: 0x80070002)
    At line:1 char:1

    The corresponding Windows Event ID: 2002
    Group Policy Management
    Import of backup failed. Error [The system cannot find the file specified]
    Directory: The system cannot find the file specified. 

    Instance: C:\Users\MyUsersName\AppData\Local\Temp\ipamprov
    Comment: {What looks to be a GPO GUID}

    What ive seen, If i have this "Instance" directory open during the time the invoke-ipamgpoprovisioning command is executed, I see the directory temporarily appear, and then immediately disappear, then the command fails. It seems as if it is creating the GPO, however, the "ImportGPO" portion kicks off then fails.

    When I initiate the command, my IPAMUG group is created in my local AD, and the IPAM server object is added as a member. So the script has enough privilege to modify AD. 

    The GPO Objects are not created. 

    Local Domain Background: 

    15 Domain Controllers, running a mixture of 2008R2 and 2012R2
    (Command being run from 2012 R2 IPAM Server, against a 2012 R2 DC

    1 Domain Controller running 2003 SP2

    Local Domain Name: company.local

    NetBIOS Domain Name:

    Primary Domain Controller in the network: running windows server 2008 R2

    Any insight, other than "Read this" 

    I have executed this process on other domains in the past, however I feel I may have an underlying Permissions issue or possible domain naming convention issue (local vs netbios  being different)

    Any reason why this wouldnt work while have a 2003 DC in the environment or a PDC that is not 2012R2? I havent see any system/domain requirements that state this, but just checking. 

    Wednesday, February 17, 2016 7:39 PM

All replies

  • A side note, I just re-ran the command while having Group Policy management open. The GPO's are created, however if you click on them an error window appears, stating that the System cannot find the specified file.

    In the back group my Invoke-ipamgpoprovisioning command has now timed out.

    If I refresh the Group Policy Management window, the GPO's are gone...

    So it seems now that the command has all the permissions needed, except the ability to "Import GPO's" which is where it fails...

    Smells like a permissions issue, back to the 2012R2 IPAM server, which is where it is attempting to dump the backup of the GPO's. 

    Wednesday, February 17, 2016 8:14 PM
  • Hi,
    The error “The system cannot find the file specified” could be caused by the following condition:
    The file is missing or not correctly located in the new source.
    Are you able to manually gain the resource ‘SamePrefixChosenDuringProvisioningOfServer’?

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact

    Friday, February 19, 2016 6:03 AM
  • Unfortunately no, The directory /ipamprov in C:\Users\MyUserName\AppData\Local\Temp\ipamprov actually does not exist. 

    I have attempted to create the directory manually as well as manually insert a folder named after the GUID of the GPO. Both are removed after the command errors out. 

    Another test note: 

    From my IPAM Server, I can manually create a new GPO object, with parameters without issue and subsequently back up the GPO or "Import" the GPO to several different folders within the C: on the server. However I am unable to backup or "Import" my GPO to the default location of the command: C:\Users\MyUserName\AppData\Local\Temp\ipamprov. 

    Is it possible to adjust the destination folder of the imbedded import process in invoke-ipamgpoprovisioning? 

    It seems it doesnt like the fact that this folder does not already exist, nor does it like it if it exists (via manual creation)

    I appreciate your response.

    Friday, February 19, 2016 2:10 PM
  • Anyone else have ideas? 

    It seems the script has permission to perform all tasks necessary but fails upon GPO import attempt. 

    Friday, April 15, 2016 2:04 PM