question

IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT asked AlbertKaraev-1453 published

add delegation activedirectory powershell - permission full control

hello

I need to add full control permission (delegation) on OU in Active Directory to admin group

I understand that the command should be used : set-acl

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl?view=powershell-7

But all articles write about authorization folder on a network folder and not users or groups with permission on AD

I want to use poweshell script and I did not find any articles on the subject - thank you for your help

https://social.technet.microsoft.com/Forums/windowsserver/en-US/a1334d72-4e1d-41c9-aa13-3628fd9e6826/add-delegation-activedirectory-powershell-permission-full-control?forum=winserversecurity

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

YoungYang-MSFT avatar image
1 Vote"
YoungYang-MSFT answered AlbertKaraev-1453 published

Hi,

Maybe you can try this :

$ou = "AD:\OU=test,DC=test,DC=com"

$group = Get-ADGroup administrators

$sid = new-object System.Security.Principal.SecurityIdentifier $group.SID

$acl = get-acl $ou

$ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $sid,"GenericAll","Allow"

$acl.AddAccessRule($ace)

set-acl -AclObject $acl $ou

Best wishes,

Young Yang

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thx a lot!!!!!
if you need to set permissions for user - just change Get-ADGroup administrators to Get-ADUser USERNAME

0 Votes 0 ·