Solved

change owner on ad objects in powershell

Posted on 2012-03-13
4
2,049 Views
Last Modified: 2012-03-27
I'm looking to do a massive change to a bunch of computers in AD.  These computer objects need the owner change to a different user account.  I am looking to use Set-ADComputer powershell command but I can't figure out what other options I need to use.

Thanks.
0
Comment
Question by:Kishwaukee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37715047
When you say owner what exactly do you mean? I do not see any attribute listed as owner in active directory.
0
 

Author Comment

by:Kishwaukee
ID: 37715064
first you need to have advanced features turned on.  Then select an object and go to properties, then security, advanced, then the owner tab.  I can change them all this way however this will take way to long to do one by one, I need a massive change script.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37715104
Ok I see it now. That is actually the ACL of the object in active directory so you will not be able to change it using SET-ADCOMPUTER. To actually change that you would need to use a tool like DSACLS although Im not sure what the powershell equivalent is.

http://ss64.com/nt/dsacls.html
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 37734813
Best to use get-acl, modify it, and than apply the change with set-acl (you will need to figure out yourself how to determine the corresponding computer object):
$obj = [LDAP]...
$acl = get-acl $obj
$acl.SetOwner([Security.Principal.NTaccount] "Domain\Login" )
set-acl -Path $obj -AclObject $acl

Open in new window

On the other hand, using external tools like dsacls is still a good idea, even in PowerShell; some stuff (like ACLs) are not handled in a comfortable way in PS.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question