add delegation activedirectory powershell - permission full control

Question

question

IanXue-MSFT asked Jul 16, '20 AlbertKaraev-1453 published May 26, '22

hello

I need to add full control permission (delegation) on OU in Active Directory to admin group

I understand that the command should be used : set-acl

But all articles write about authorization folder on a network folder and not users or groups with permission on AD

I want to use poweshell script and I did not find any articles on the subject - thank you for your help

windows-server-powershell

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Answer 1 · 2020-07-16T06:02:49.62Z

YoungYang-MSFT answered Jul 16, '20 AlbertKaraev-1453 published May 26, '22

Hi,

Maybe you can try this :

$ou = "AD:\OU=test,DC=test,DC=com"

$group = Get-ADGroup administrators

$sid = new-object System.Security.Principal.SecurityIdentifier $group.SID

$acl = get-acl $ou

$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $sid,"GenericAll","Allow"

$acl.AddAccessRule($ace)

set-acl -AclObject $acl $ou

Best wishes,

Young Yang

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlbertKaraev-1453 · May 25 at 09:24 PM

thx a lot!!!!!
if you need to set permissions for user - just change Get-ADGroup administrators to Get-ADUser USERNAME

0 ·