Current experience is that this script doen't seem to work on a domain controller without the FSMO roles. You get allot of timing issues. On the DC with FSMO everything works.
Server 2022 psversion 5.1 & 7.4.1 non FSMO errors.
Get-ADObject : Directory object not found
DefenderForIdentity.psm1:394 char:24
tADObject = Get-ADObject -Identity $gpo.Path -Properties gPCFileSysPa
Test-Path : Cannot bind argument to parameter 'Path' because it is null.
DefenderForIdentity.psm1:401 char:41
} while (-not ((Test-Path -Path $gPCFileSysPath) -or ($maxWai
The property 'GpoStatus' cannot be found on this object. Verify that the property exists and can be set.
DefenderForIdentity.psm1:1345 char:38
isabled)) { $gpo.GpoStatus = [Microsoft.GroupPolicy.GpoStatus]::UserS
You cannot call a method on a null-valued expression.
DefenderForIdentity.psm1:1346 char:5
$gpo.MakeAclConsistent()
Set-MDIGPOMachineExtension : Cannot process argument transformation on parameter 'Guid'. Cannot convert the "System.Object[]" value of type "System.Object[]" to type "System.Guid".
DefenderForIdentity.psm1:1347 char:52
$gpoUpdated = Set-MDIGPOMachineExtension -Guid $gpo.Id.Guid -Extens
Set-GPPermission : Cannot convert 'System.Object[]' to the type 'System.Guid' required by parameter 'Guid'. Specified method is not supported.
DefenderForIdentity.psm1:1352 char:32
Set-GPPermission -Guid $gpo.Id.Guid -TargetType Group -Target ...
WARNING: Unable update GPO DS version and extensions
The property 'GpoStatus' cannot be found on this object. Verify that the property exists and can be set.
DefenderForIdentity.psm1:1195 char:38
isabled)) { $gpo.GpoStatus = [Microsoft.GroupPolicy.GpoStatus]::UserS