Solved

Power Shell - Active Directory - updating Managed by tab for multiple groups

Posted on 2013-05-20
4
1,572 Views
Last Modified: 2013-06-12
Hi EE

I have the script below that lets me update the managedby attribute for multiple groups .. Can someone help me modify this or a new script to remove what is in the managedby tab?


import-CSV filename.csv | foreach {get-qadgroup $_.groupname | set-qadgroup -managedby $_.manager
get-qadgroup $_.groupname | Add-QADPermission -Account $_.manager -Rights WriteProperty -Property Member -ApplyTo ThisObjectOnly
}
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 39181671
Try this if you would like to leave that managedby option blank.

import-CSV filename.csv | foreach {get-qadgroup $_.groupname | set-qadgroup -managedby $null
get-qadgroup $_.groupname | Remove-QADPermission -Account $_.manager -Rights WriteProperty -Property Member -ApplyTo ThisObjectOnly
}
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39181706
Hi Rajitha14

It does remove the option but I get the error below , any ideas ?

Remove-QADPermission : A parameter cannot be found that matches parameter name 'Account'.
At C:\powershell\ManagedByRemove.ps1:2 char:58
+ get-qadgroup $_.groupname | Remove-QADPermission -Account <<<<  $_.manager -Rights WriteProperty -Property Member -Ap
plyTo ThisObjectOnly
    + CategoryInfo          : InvalidArgument: (:) [Remove-QADPermission], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.RemovePermissionCm
   dlet
0
 
LVL 16

Accepted Solution

by:
Rajitha Chimmani earned 500 total points
ID: 39182001
Try the second command with below syntax.

get-qadgroup $_.groupname | Get-QADPermission -Account $_.manager -Rights WriteProperty -Property Member -ApplyTo ThisObjectOnly | Remove-QADPermission

Note: I have not tried this command myself. Please test with a test group before running it for all groups.
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39241894
thank you
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question