Set-ACL for AD Computer Object

Question

Set-ACL for AD Computer Object

I am trying Set-Aclon a computer object in AD. First, I get the ACL using:

$acl = (Get-Acl AD:\'CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com').Access

Which gives me all the ACLs for this computer object. Then I use:

$acl.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("Computername","FullControl")))

Any pointers in the right direction are helpful. My goal is to add a computer object to the computer object "Tester1" and give it full access permissions.

+4

powershell active-directory acl

bundyfx Jul 13 '15 at 4:40

source share

2 answers

ACE AD, System.DirectoryServices.ActiveDirectoryAccessRule System.Security.AccessControl.FileSystemAccessRule.

: ACE Active Directory Powershell

0

Yuriy 30 . '16 15:25

Ansgar wiechers · Accepted Answer · 2015-07-13T07:10:49+0000

ActiveDirectory is not a file system. You must create a new ACE for the AD object as ActiveDirectoryAccessRule.

$path = "AD:\CN=Tester1,OU=Ou1,OU=OU2,OU=OU3,DC=Contoso,DC=com"
$acl = Get-Acl -Path $path
$ace = New-Object Security.AccessControl.ActiveDirectoryAccessRule('DOMAIN\Computername','FullControl')
$acl.AddAccessRule($ace)
Set-Acl -Path $path -AclObject $acl

Set-ACL for AD Computer Object

More articles: