Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Changing 'Managed By' user on multiple AD groups

Posted on 2010-09-15
9
Medium Priority
?
3,507 Views
Last Modified: 2013-12-19
Hi,

I have around 130 groups in AD (2003) which I need to change "Managed By" attribute for each group. Rather that do this manually and select the user for each group, does anyone know how I can do this for multiple groups at a time?

I've had a look at some utilities such as ADO++ and Hyena, but neither let me change the "Managed By" attribute.

Thanks
0
Comment
Question by:HoricePlant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Expert Comment

by:chqshaitan
ID: 33681328
you can do this by using the ldife command.

have a read of this post by someone asking a similiar question to you.
0
 
LVL 3

Expert Comment

by:EichhornH
ID: 33681340
Hello,

you can do this with the command line tool dsacls.exe
An example to set permissions to groups:
dsacls DN-to-the-target-group  /G  the-manager-group:RPWP;member;

I found an article to this:
http://technet.microsoft.com/en-us/magazine/2007.02.activedirectory.aspx
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 33681440
Below is a VBS logoff script that I use. It writes the last logged in user to the managed by description.
I can very quickly and easily see where someone was logged in and it allows me to see what users use what computers.
For real time results, you could make it a logon script.

Set objSysInfo = CreateObject("ADSystemInfo") 
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName) 
 
objComputer.Put "managedBy", objSysInfo.Username 
objComputer.SetInfo

Open in new window

0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:HoricePlant
ID: 33683393
Thanks for the suggestions so far. I'm currently looking into each one to see which suits best.
0
 

Author Comment

by:HoricePlant
ID: 33689485
Hi - unless I've understood incorrectly (which is always possible!)...

LDIFE (or LDIFDE in Windows Server 2003) looks like it's only used for importing and exporting LDAP data, rather than modifying the "Managed By" property of the object.

DSACLS is used to set security on object properties rather than actually setting the property value (i.e. I would be able to change the security permissions for who could alter the "Telephone Number" field of an object, rather that set the telephone number itself). Plus, I couldn't see the "Managed By" property was supported?

JMoody10 - I'm too good with VBS, but would you be able to advise if VBS could be used to set the "Managed By" property of an AD group? For example, using the domain microsoft.com and the group name A_TEST, I'd like to set the Managed By field to the user "jsmith"?
0
 

Author Comment

by:HoricePlant
ID: 33689494
Sorry - my last comment (last paragraph) should be started "I'm NOT too good with VBS..."!!!
0
 

Author Comment

by:HoricePlant
ID: 33689754
Okay - I've discovered the answer myself. Found a program called ADModify, which can change any attribute / property of an object in AD and supports bulk changes. It has both a GUI interface (requires .Net 2.0) or you can use command line.

Link to Microsoft site for ADModify:
http://technet.microsoft.com/en-us/library/aa996216%28EXCHG.65%29.aspx

0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 34171274
Question PAQ'd and stored in the solution database.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
What we learned in Webroot's webinar on multi-vector protection.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question