Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Power Shell - Active Directory - updating Managed by tab for multiple groups

Posted on 2013-05-20
4
Medium Priority
?
1,592 Views
Last Modified: 2013-06-12
Hi EE

I have the script below that lets me update the managedby attribute for multiple groups .. Can someone help me modify this or a new script to remove what is in the managedby tab?


import-CSV filename.csv | foreach {get-qadgroup $_.groupname | set-qadgroup -managedby $_.manager
get-qadgroup $_.groupname | Add-QADPermission -Account $_.manager -Rights WriteProperty -Property Member -ApplyTo ThisObjectOnly
}
0
Comment
Question by:MilesLogan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 39181671
Try this if you would like to leave that managedby option blank.

import-CSV filename.csv | foreach {get-qadgroup $_.groupname | set-qadgroup -managedby $null
get-qadgroup $_.groupname | Remove-QADPermission -Account $_.manager -Rights WriteProperty -Property Member -ApplyTo ThisObjectOnly
}
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39181706
Hi Rajitha14

It does remove the option but I get the error below , any ideas ?

Remove-QADPermission : A parameter cannot be found that matches parameter name 'Account'.
At C:\powershell\ManagedByRemove.ps1:2 char:58
+ get-qadgroup $_.groupname | Remove-QADPermission -Account <<<<  $_.manager -Rights WriteProperty -Property Member -Ap
plyTo ThisObjectOnly
    + CategoryInfo          : InvalidArgument: (:) [Remove-QADPermission], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.RemovePermissionCm
   dlet
0
 
LVL 16

Accepted Solution

by:
Rajitha Chimmani earned 2000 total points
ID: 39182001
Try the second command with below syntax.

get-qadgroup $_.groupname | Get-QADPermission -Account $_.manager -Rights WriteProperty -Property Member -ApplyTo ThisObjectOnly | Remove-QADPermission

Note: I have not tried this command myself. Please test with a test group before running it for all groups.
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39241894
thank you
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question