Información ​aquí.

Aparte ejecuto este script porque el problema puede deberse a usuarios que se han creado con un schema de AD de 2003. Habría que subir cuando antes el nivel funcional.

# Description: This script will add missing permissions for the Terminal
#Server License Server group to user objects in Active Directory.
# This may solve problems with TS CALs not beeing issued and event id
#4105 being logged at the license server.

# Constants
$URL = "LDAP://DC=uco,DC=es";

cls
$root = New-Object DirectoryServices.DirectoryEntry $URL
$ds = New-Object DirectoryServices.DirectorySearcher
$ds.PageSize = 2000
$ds.SearchRoot = $root
$ds.filter = "objectCategory=Person"
$src = $ds.findall()
write-host "Found" $src.count "user objects.`n"
$src | %{
$de = $_.getdirectoryentry()
$accessrules = $de.get_objectsecurity().getaccessrules($true, $false,[System.Security.Principal.SecurityIdentifier]) | ?{$_.ObjectType -eq "5805bc62-bdc9-4428-a5e2-856a0f4c185e"}
if ((measure-object -inputobject $accessrules).count -eq 0)
  {
    $ar = new-object System.DirectoryServices.ActiveDirectoryAccessRule([System.Security.Principal.SecurityIdentifier]"S-1-5-32-561", 48, "Allow", [guid]"5805bc62-bdc9-4428-a5e2-856a0f4c185e")
    $de.get_objectsecurity().addaccessrule($ar)
    $de.commitchanges()
    write-host -f yellow ("Added:`t" + $de.properties["sAMAccountName"])
    start-sleep -m 200
  }
else
  {
    write-host -f green ("OK:`t" + $de.properties["sAMAccountName"])
  }
}