Solved

Changing 'Managed By' user on multiple AD groups

Posted on 2010-09-15
9
3,114 Views
Last Modified: 2013-12-19
Hi,

I have around 130 groups in AD (2003) which I need to change "Managed By" attribute for each group. Rather that do this manually and select the user for each group, does anyone know how I can do this for multiple groups at a time?

I've had a look at some utilities such as ADO++ and Hyena, but neither let me change the "Managed By" attribute.

Thanks
0
Comment
Question by:HoricePlant
9 Comments
 
LVL 5

Expert Comment

by:chqshaitan
ID: 33681328
you can do this by using the ldife command.

have a read of this post by someone asking a similiar question to you.
0
 
LVL 3

Expert Comment

by:EichhornH
ID: 33681340
Hello,

you can do this with the command line tool dsacls.exe
An example to set permissions to groups:
dsacls DN-to-the-target-group  /G  the-manager-group:RPWP;member;

I found an article to this:
http://technet.microsoft.com/en-us/magazine/2007.02.activedirectory.aspx
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 33681440
Below is a VBS logoff script that I use. It writes the last logged in user to the managed by description.
I can very quickly and easily see where someone was logged in and it allows me to see what users use what computers.
For real time results, you could make it a logon script.

Set objSysInfo = CreateObject("ADSystemInfo") 

Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName) 

 

objComputer.Put "managedBy", objSysInfo.Username 

objComputer.SetInfo

Open in new window

0
 

Author Comment

by:HoricePlant
ID: 33683393
Thanks for the suggestions so far. I'm currently looking into each one to see which suits best.
0
 

Author Comment

by:HoricePlant
ID: 33689485
Hi - unless I've understood incorrectly (which is always possible!)...

LDIFE (or LDIFDE in Windows Server 2003) looks like it's only used for importing and exporting LDAP data, rather than modifying the "Managed By" property of the object.

DSACLS is used to set security on object properties rather than actually setting the property value (i.e. I would be able to change the security permissions for who could alter the "Telephone Number" field of an object, rather that set the telephone number itself). Plus, I couldn't see the "Managed By" property was supported?

JMoody10 - I'm too good with VBS, but would you be able to advise if VBS could be used to set the "Managed By" property of an AD group? For example, using the domain microsoft.com and the group name A_TEST, I'd like to set the Managed By field to the user "jsmith"?
0
 

Author Comment

by:HoricePlant
ID: 33689494
Sorry - my last comment (last paragraph) should be started "I'm NOT too good with VBS..."!!!
0
 

Author Comment

by:HoricePlant
ID: 33689754
Okay - I've discovered the answer myself. Found a program called ADModify, which can change any attribute / property of an object in AD and supports bulk changes. It has both a GUI interface (requires .Net 2.0) or you can use command line.

Link to Microsoft site for ADModify:
http://technet.microsoft.com/en-us/library/aa996216%28EXCHG.65%29.aspx

0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 34171274
Question PAQ'd and stored in the solution database.
0

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Resolve DNS query failed errors for Exchange
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now