Manager can update membership list Part 2

There are 3 posts to this topic. This post demonstrates how
to find the guid for the script, which permits a user to manage a group’s
membership list.  The goal is to automate
the task of giving a user permissions to manage a group without having admin
rights. The manager of the list can remove/add users without being a domain
admin.

First we need to find the guid that will give the manager of
the group these extend rights. Once, we have this guid, then we can apply this
guid to the AD group.

What is the guid and how do we find this guid?

We need to find the Global Unique Identifier for
the Self Membership extended right.

 

Open ADSI Edit

Right-Click ADSI Edit and select Connect To

 

Connect to Configuration

Select CN=Configuration and then CN=Extended-Rights

 

Open CN=Self-Membership

Find the guid under rightsGuid

Now we can apply this guid to the AD Access Rule on the AD
object, which will be explained in the next post. In the next post we will look at the rights and how to determine  the rights.