Hello @Papp László
I would suggest to check the script mentioned in this similar post:
as well this ones:
Hope this can help you configure the automation you need,
------------
--If the reply is helpful, please Upvote and Accept as answer--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I want to set the following settings using PowerShell.
Add a User to an Organizational Unit. That’s ok.
And after that set the Following rights to the User on the Organizational Unit
Read all properties
Write all properties
Create Computer objects
Delete Computer objects
Create Group objects
Delete Group objects
Create User objects
Delete User objects
This question originates from these settings to BDC that I do not have to scroll every time and select checkboxes.
Hello @Papp László
I would suggest to check the script mentioned in this similar post:
as well this ones:
Hope this can help you configure the automation you need,
------------
--If the reply is helpful, please Upvote and Accept as answer--
Hello,
If you are familiar with PowerShell AccessControl module this could help you start:
$UserToAdd = Get-ADUser AccountXX
$ObjectToEdit = Get-ADOrganizationalUnit SomeOUName
$ObjectToEdit | Get-PacAccessControlEntry -Principal $UserToAdd.SamAccountName
$AceToAdd = @(
New-PacAccessControlEntry -Principal $UserToAdd.SamAccountName -ActiveDirectoryRights ReadAndWriteProperty
)
$ObjectToEdit | Add-PacAccessControlEntry -AceObject $AceToAdd -Verbose
You can find the PS module here: https://github.com/rohnedwards/PowerShellAccessControl
Otherwise you have to dig into .NET AD objects, which in my eyes looks a lot more complicated with the above solution.
A simple example can look like this:
$ACL = Get-ACL -Path "SomeOU"
$ACL.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRule "AccountXXX","WriteProperty","Allow","Descendents","bf967aba-0de6-11d0-a285-00aa003049e2"))
Set-Acl $ACL
where the last value equals to the User GUID
Hope this can give you some hint were you can start.
Cheers,
Hi,
You can use the powershell commend to set the ACLs settings on this OU :
$oupath = "OU=Groups,DC=domain,DC=local"
$User = get-aduser -identy Username
$objACL = Get-ACL "AD:\\$oupath"
$objACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($User,"DeleteChild","Deny", 'None'')
$objACL.AddAccessRule($objACE)
Set-acl -AclObject $objACL "AD:${OU}"
You can refer to the following link to get more details about how set active directory delegation using Powershell:
active-directory-delegation-via-powershell
Please don't forget to mark helpful reply as answer