change owner on ad objects in powershell

I'm looking to do a massive change to a bunch of computers in AD.  These computer objects need the owner change to a different user account.  I am looking to use Set-ADComputer powershell command but I can't figure out what other options I need to use.

Thanks.
KishwaukeeAsked:
Who is Participating?
 
QlemoConnect With a Mentor Batchelor, Developer and EE Topic AdvisorCommented:
Best to use get-acl, modify it, and than apply the change with set-acl (you will need to figure out yourself how to determine the corresponding computer object):
$obj = [LDAP]...
$acl = get-acl $obj
$acl.SetOwner([Security.Principal.NTaccount] "Domain\Login" )
set-acl -Path $obj -AclObject $acl

Open in new window

On the other hand, using external tools like dsacls is still a good idea, even in PowerShell; some stuff (like ACLs) are not handled in a comfortable way in PS.
0
 
Joseph DalyCommented:
When you say owner what exactly do you mean? I do not see any attribute listed as owner in active directory.
0
 
KishwaukeeAuthor Commented:
first you need to have advanced features turned on.  Then select an object and go to properties, then security, advanced, then the owner tab.  I can change them all this way however this will take way to long to do one by one, I need a massive change script.
0
 
Joseph DalyCommented:
Ok I see it now. That is actually the ACL of the object in active directory so you will not be able to change it using SET-ADCOMPUTER. To actually change that you would need to use a tool like DSACLS although Im not sure what the powershell equivalent is.

http://ss64.com/nt/dsacls.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.