Active Directory Bulk Group Edit

active-directorybulk-actiongroups

Is there a way to update the "Managed By" field for every group in Active Directory? I would also need to check "Manager can update membership list" also.

Best Answer

This can be done through PowerShell

$DNOfManager=dsquery user -o dn -name "Testing Tester"
$GroupList=dsquery group DC=ad,dc=example,dc=local -limit 600 
Foreach ($group in $grouplist) {
    set-adgroup -Identity $Group -ManagedBy $DNOfManager
    add-adpermission -Identity $Group -user $DNOfManager -AccessRights ReadProperty, WriteProperty -Properties 'Member'
}

This is undebugged, but should get you most of the way there. What it does:

  1. Uses dsquery to grab the Distinguished Name of the user with the full-name of "Testing Tester".
  2. Uses dsquery to fetch a list of candidate groups, and passes that to a variable as a list.
  3. Iterate through the list. On each list-member:
    1. Assign the ManagedBy attribute
    2. Assign the rights to update the Member attribute

So long as $DNOfManager is set right, this should set all groups in the domain to be managed by that one manager. ALL of them. Make sure the query in step one is defined right and doesn't pick up groups you don't want (Domain Admins?).

Related Topic