OK - Got the controlaccessright created:
$newguid = [system.guid]::NewGuid()
$car = New-ADObject -PassThru -Path 'CN=Extended-Rights,CN=Configuration,<your DC bit>' -Name 'myCustom' -DisplayName 'myCustom' -Type 'controlAccessRight' -OtherAttributes @{'appliesTo' = 'bf967a86-0de6-11d0-a285-00aa003049e2', 'bf967a9c-0de6-11d0-a285-00aa003049e2', 'bf967aba-0de6-11d0-a285-00aa003049e2'; 'rightsGuid' = $newguid.tostring(); 'validAccesses' = 48 }
All that's left is to assign the rightsguid to the AttributeSecurityGUID of the attributes I want to add to the propertyset
Even though I am schema admins it says 'insufficient rights' when I try to run this:
Set-ADObject -Identity 'CN=MyCustomAtt,CN=Schema,CN=Configuration,<your DC bit>' -Partition 'CN=Schema,CN=Configuration,<your DC bit>' -Add @{'attributeSecurityGUID' = $newguid.tobytearray() }