SCMDM: Set-EnrollmentPermissions returns "Error encountered when delegating container..."
Here's another MDM SP1 issue for you. This one involves the Set-EnrollmentPermissions command and an error you can receive if SCMDMEnrollmentServers has full permissions on the specified OU:
========
Issue: When running the Set-EnrollmentPermissions command you may receive the following error:
Set-EnrollmentPermissions : Error encountered when delegating container "OU=SCMDM Managed Devices (Instance1),DC=yonaloc,DC=nttest,DC=microsoft,DC=com" permission to Enrollment Server.
At line:1 char:26
+ Set-EnrollmentPermissions <<<< "SCMDM MAnaged Devices (Instance1)"
Cause: The Set-EnrollmentPermissions command verifies what permissions SCMDMEnrollmentServers has on the specified OU (i.e. the OU that is passed in the command). There is a known issue in this verification process where it will return false if Full Permissions are enabled.
Resolution: Do not enable full permission for SCMDMEnrollmentServers group on the device OU. To workaround this issue delete the SCMDMEnrollmentServers group from Security. To do this follow these steps:
Run DSA.MSC.
Find the OU where you were trying to set permissions.
Right click on the OU and select Properties.
On the Security tab, click on SCCMEnrollmentServers(<your instance name>) and remove it.
The last step is to run the Set-EnrollmentPermissions command again. This time it should succeed without error.
========
J.C. Hornbeck | Manageability Knowledge Engineer