Powershell Set AD group ManagedBy

Powershell Set AD group ManagedBy

设置AD group ManagedBy 复选框

$samaccountname = "123456"$groupsid = "groupsid"$UserDN = (Get-ADUser $samaccountname).distinguishedname$GroupDN = (Get-ADGroup $groupsid).distinguishedname$userAccount = "{0}\{1}" -f 'CONTOSO', $samaccountname$rightGuid = Get-ItemProperty "AD:\CN=Self-Membership,CN=Extended-Rights,CN=Configuration,DC=contoso,DC=com" -Name rightsGuid | Select-Object -ExpandProperty rightsGuid$Guid = [GUID]$rightGuid$user = New-Object System.Security.Principal.NTAccount($userAccount)$sid = $user.translate([System.Security.Principal.SecurityIdentifier])$acl = Get-Acl AD:\$GroupDN$ctrl = [System.Security.AccessControl.AccessControlType]::Allow$rights = [System.DirectoryServices.ActiveDirectoryRights]::WriteProperty -bor [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight$intype = [System.DirectoryServices.ActiveDirectorySecurityInheritance]::None$group = [adsi]"LDAP://$GroupDN"$group.put("ManagedBy", $UserDN)$group.setinfo()$rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($sid, $rights, $ctrl, $guid)$acl.AddAccessRule($rule)Set-Acl -acl $acl -path AD:\$GroupDN$acl = Get-Acl AD:\$GroupDN$access = $acl.Access | Where-Object { $_.IdentityReference -eq $userAccount }if ($access -eq $null){ Write-Host "Cannot set Manager can not update membership list on Group $groupsid" -BackgroundColor DarkRed}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。