//
stai leggendo...
domanda

Managed by for groups

Richard Siddaway's Blog

Many Active Directory objects have a ManagedBy attribute that shows the business owner of the group. Setting this doesn’t confer rights to manage the object. However in AD users and computers if you look at the Managed by tab for a group you will see a check box with the label “Manager can update membership list”

This doesn’t set an attribute – it sets permissions on the group members property. The Microsoft cmdlets don’t handle AD permissions – a major omission in my mind – but if you have a copy of the Quest cmdlets handy you can do this

$user = Get-QADUser -Identity dgreen

$group = Get-QADGroup -Identity Accounts -IncludeAllProperties
$group |  Set-QADGroup -ManagedBy $user

$group | Add-QADPermission -Property Member -Account $user -ApplyTo ThisObjectOnly -Rights WriteProperty

Get the user and group objects.  Set the managedBy property using Set-QADGroup.  There is a switch to enable the manager update the membership…

View original post 47 altre parole

Annunci

Discussione

Non c'è ancora nessun commento.

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...

%d blogger hanno fatto clic su Mi Piace per questo: