Solved

change owner on ad objects in powershell

Posted on 2012-03-13
4
1,975 Views
Last Modified: 2012-03-27
I'm looking to do a massive change to a bunch of computers in AD.  These computer objects need the owner change to a different user account.  I am looking to use Set-ADComputer powershell command but I can't figure out what other options I need to use.

Thanks.
0
Comment
Question by:Kishwaukee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37715047
When you say owner what exactly do you mean? I do not see any attribute listed as owner in active directory.
0
 

Author Comment

by:Kishwaukee
ID: 37715064
first you need to have advanced features turned on.  Then select an object and go to properties, then security, advanced, then the owner tab.  I can change them all this way however this will take way to long to do one by one, I need a massive change script.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37715104
Ok I see it now. That is actually the ACL of the object in active directory so you will not be able to change it using SET-ADCOMPUTER. To actually change that you would need to use a tool like DSACLS although Im not sure what the powershell equivalent is.

http://ss64.com/nt/dsacls.html
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 37734813
Best to use get-acl, modify it, and than apply the change with set-acl (you will need to figure out yourself how to determine the corresponding computer object):
$obj = [LDAP]...
$acl = get-acl $obj
$acl.SetOwner([Security.Principal.NTaccount] "Domain\Login" )
set-acl -Path $obj -AclObject $acl

Open in new window

On the other hand, using external tools like dsacls is still a good idea, even in PowerShell; some stuff (like ACLs) are not handled in a comfortable way in PS.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question