Failed to Validate GPO Security Descriptor
When AD Bridge fails to validate Active Directory and GPO Security Descriptor, the following is returned:
Error: Failed to validate the discretionary access control list Error: Failed to validate GPO Security Descriptor
This typically occurs when there is a failure to validate the system access control list and discretionary access control list.
We have created a Security Descriptor tool usage: /opt/pbis/libexec/verify-sd <hex-string>. This tool displays relative security descriptor validation error information. It accepts hex string representations of security descriptors and performs the same validation checks as gpagent.