Thanks mklement.

I know I need to put my glasses more frequently, but:

$groupSID = (Get-ADGroup -Identity "GroupName" -Properties ObjectSID).ObjectSID
$identityReference = $groupSID.Value
$readAllRule =
>>   [System.DirectoryServices.ActiveDirectoryAccessRule]::new(
>>     $identityReference,
>>     [System.DirectoryServices.ActiveDirectoryRights]::GenericRead,
>>     [System.Security.AccessControl.AccessControlType]::Allow,
>>     [System.DirectoryServices.ActiveDirectorySecurityInheritance]::Descendents,
>>     [guid]::Empty
>>   )
Cannot find an overload for "new" and the argument count: "5".
At line:1 char:1
+ $readAllRule =
+ ~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

PS H:\Scripts\Superscript> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17763.7671

And $IdentityReference gives the correct SID.

Running on a W2k19 server.

Thanks :-)

Luuke