Call me...


Hello
T he atheist rejects the claim that there is a
supernatural entity or force that interacts with existence...
Because it is a claim without basis.

Atheism makes no claims whatsoever.
Atheism asserts nothing.
Atheism IS NOT an act or an action
IT IS a position
 It has no objective.
Comparatively / Conversely:
Anti-theism IS an act or an action
 It IS NOT a position
 It has an objective.
Not all ATHEISTS are ANTI-THEIST.
All ANTI-THEISTS are ATHEIST.

Monday, December 28, 2020

Powershell: 'Manager can update membership list'

 I ran into a post on a Powershell Facebook group, where someone was asking how to use Powershell to interact with an Active Directory groups 'Managed by', and (more specifically) the 'Manager can update membership list' values...

This 'Manager can update membership list' value is not available from the Get/Set-ADGroup command...
It is an ACL, and it is obscure. (that GIUD tho!!!)


I ran into all kinds of complicated scripts / functions that woked on this... But its not that complicated... If you know the GUID value, that is...
Anyway - Here it is:



$GroupName
= "Some Group" # Group display Name
$ManagerName = "BossMan" # AD Username

$mgr = (Get-ADUser $ManagerName)
$grp = [ADSI]"LDAP://$((Get-ADGRoup $GroupName).DistinguishedName)"

[System.DirectoryServices.DirectoryEntryConfiguration]$Options = $grp.get_Options()
$Options.SecurityMasks = [System.DirectoryServices.SecurityMasks]'Dacl'

$Rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule ($(New-Object System.Security.Principal.SecurityIdentifier (($mgr).SID.Value)),`
[System.DirectoryServices.ActiveDirectoryRights]::WriteProperty, [System.Security.AccessControl.AccessControlType]::Allow, [Guid]"bf9679c0-0de6-11d0-a285-00aa003049e2")

$grp
.InvokeSet("managedBy", @("$($mgr.DistinguishedName)")) # Sets the Managed By
$grp.CommitChanges()

$grp
.get_ObjectSecurity().AddAccessRule($Rule) # Yep, it is an ACL, this sets it.
$grp.
CommitChanges()
 

No comments:

Post a Comment