HoricePlant
asked on
Changing 'Managed By' user on multiple AD groups
Hi,
I have around 130 groups in AD (2003) which I need to change "Managed By" attribute for each group. Rather that do this manually and select the user for each group, does anyone know how I can do this for multiple groups at a time?
I've had a look at some utilities such as ADO++ and Hyena, but neither let me change the "Managed By" attribute.
Thanks
I have around 130 groups in AD (2003) which I need to change "Managed By" attribute for each group. Rather that do this manually and select the user for each group, does anyone know how I can do this for multiple groups at a time?
I've had a look at some utilities such as ADO++ and Hyena, but neither let me change the "Managed By" attribute.
Thanks
Hello,
you can do this with the command line tool dsacls.exe
An example to set permissions to groups:
dsacls DN-to-the-target-group /G the-manager-group:RPWP;mem ber;
I found an article to this:
http://technet.microsoft.com/en-us/magazine/2007.02.activedirectory.aspx
you can do this with the command line tool dsacls.exe
An example to set permissions to groups:
dsacls DN-to-the-target-group /G the-manager-group:RPWP;mem
I found an article to this:
http://technet.microsoft.com/en-us/magazine/2007.02.activedirectory.aspx
Below is a VBS logoff script that I use. It writes the last logged in user to the managed by description.
I can very quickly and easily see where someone was logged in and it allows me to see what users use what computers.
For real time results, you could make it a logon script.
I can very quickly and easily see where someone was logged in and it allows me to see what users use what computers.
For real time results, you could make it a logon script.
Set objSysInfo = CreateObject("ADSystemInfo")
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
objComputer.Put "managedBy", objSysInfo.Username
objComputer.SetInfo
ASKER
Thanks for the suggestions so far. I'm currently looking into each one to see which suits best.
ASKER
Hi - unless I've understood incorrectly (which is always possible!)...
LDIFE (or LDIFDE in Windows Server 2003) looks like it's only used for importing and exporting LDAP data, rather than modifying the "Managed By" property of the object.
DSACLS is used to set security on object properties rather than actually setting the property value (i.e. I would be able to change the security permissions for who could alter the "Telephone Number" field of an object, rather that set the telephone number itself). Plus, I couldn't see the "Managed By" property was supported?
JMoody10 - I'm too good with VBS, but would you be able to advise if VBS could be used to set the "Managed By" property of an AD group? For example, using the domain microsoft.com and the group name A_TEST, I'd like to set the Managed By field to the user "jsmith"?
LDIFE (or LDIFDE in Windows Server 2003) looks like it's only used for importing and exporting LDAP data, rather than modifying the "Managed By" property of the object.
DSACLS is used to set security on object properties rather than actually setting the property value (i.e. I would be able to change the security permissions for who could alter the "Telephone Number" field of an object, rather that set the telephone number itself). Plus, I couldn't see the "Managed By" property was supported?
JMoody10 - I'm too good with VBS, but would you be able to advise if VBS could be used to set the "Managed By" property of an AD group? For example, using the domain microsoft.com and the group name A_TEST, I'd like to set the Managed By field to the user "jsmith"?
ASKER
Sorry - my last comment (last paragraph) should be started "I'm NOT too good with VBS..."!!!
ASKER
Okay - I've discovered the answer myself. Found a program called ADModify, which can change any attribute / property of an object in AD and supports bulk changes. It has both a GUI interface (requires .Net 2.0) or you can use command line.
Link to Microsoft site for ADModify:
http://technet.microsoft.com/en-us/library/aa996216%28EXCHG.65%29.aspx
Link to Microsoft site for ADModify:
http://technet.microsoft.com/en-us/library/aa996216%28EXCHG.65%29.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
have a read of this post by someone asking a similiar question to you.