Skip to content

Instantly share code, notes, and snippets.

@jflyoo

jflyoo/Modify-ADObject.md

Last active September 3, 2022 13:54
Show Gist options
  • Save jflyoo/0bc52ec722eb41ed90c0b882c507c7a7 to your computer and use it in GitHub Desktop.
Save jflyoo/0bc52ec722eb41ed90c0b882c507c7a7 to your computer and use it in GitHub Desktop.
Download ZIP
Powershell Active Directory Management
Raw
Modify-ADObject.md

To delegate a principal (group or user) Full Control of an AD object from Powershell. Assume the domain is test.local Assume the name of the group to be delegated Full Control is Some Group

$ou="AD:\OU=Computers,DC=test,DC=local"
$group = Get-ADGroup "Some Group"
$sid = new-object system.security.principal.securityidentifier $group.sid
$acl= get-acl $ou
$ace= new-object system.directoryservices.activedirectoryaccessrule $sid,"GenericAll",Allow"
$acl.addaccessrule($ace)
set-acl -aclobject $acl $ou

Source https://docs.microsoft.com/en-us/answers/questions/48065/add-delegation-activedirectory-powershell-permissi.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment