• State Verified Answer
  • Replies 3 replies
  • Subscribers 64 subscribers
  • Views 1233 views
  • Users 0 members are here
Options
Related

SetACL Owner Computer Object

craig mcfarlane
7 months ago

Guys. 

I have knocked this script up in AD Powershell which sets the owner of an AD Computer to Domain Admins. I am trying to get the same kind of script working but via Quest Powershell. No matter what i knock up its not working. 


Anyone got any suggestions to Quest Powershell this script? 

Import-Module ActiveDirectory

# Specify the computer name
$computerName = "AD-Computer-Name"

# Get the computer object from Active Directory and retrieve its DistinguishedName
$computerObject = Get-ADComputer -Filter {Name -eq $computerName} -Properties DistinguishedName

if ($computerObject) {
    $dn = $computerObject.DistinguishedName

        $acl = Get-Acl -Path "AD:$($DN)"
      
        $acl.SetOwner($user)
        Set-Acl -Path "AD:$($DN)" $acl

} else {
    Write-Output "Computer not found in Active Directory: $computerName"
}

Top Replies

  • 7 months ago +1 verified

    Hi   

    The below should work, or at least give you a pointer.

    # Specify the computer name
$ComputerName = "SQL001"

# Specify the owner
$Owner = "Domain Admins"

# Get the computer object from…

Parents
  • +1 7 months ago

    Hi   

    The below should work, or at least give you a pointer.

    # Specify the computer name
$ComputerName = "SQL001"

# Specify the owner
$Owner = "Domain Admins"

# Get the computer object from Active Directory and retrieve its DistinguishedName
$ComputerObject = Get-QADComputer  -LdapFilter "(name=$($ComputerName))"  -SecurityMask 'Owner'

If(-not $ComputerObject)
{
    Write-Output "Computer not found in Active Directory: $computerName"
    Return
}

# Get the owner object
$OwnerObject = Get-QADObject -LdapFilter "(name=$($owner))"
If(-not $OwnerObject)
{
    Write-Output "Owner not found in Active Directory: $Owner"
    Return
}

If(($ComputerObject) -and ($OwnerObject))
{
    Write-Output "Current Owner: $($ComputerObject.Security.Owner)"

    If($ComputerObject.Security.Owner.NTAccountName -ne $OwnerObject.NTAccountName)
    {
        # Set the Owner of the Computer Object
        $Result = $ComputerObject | Set-QADObjectSecurity -Owner $OwnerObject.NTAccountName -Proxy
    
        # Retrieve the owner information after change
        $ComputerObject = Get-QADComputer -LdapFilter "(name=$($ComputerName))" -SecurityMask 'Owner'

        Write-Output "New Owner: $($ComputerObject.Security.Owner)"
    }
    Else
    {
        Write-Output "No change as new and old owner match"
    }
}
Else
{
    Write-Output "ComputerObject and Owner Object are not both populated   
}

  • 0 7 months ago in reply to Stu.Pollock

    Thanks Stu. Will check this out. Yes even looking at your script there were defo parts missing from when i tried to Quest it. 

Reply Children
No Data