search
Categories
Sponsors
VirtualMetric Hyper-V Monitoring, Hyper-V Reporting
Archive
Blogroll

Badges
MCSE
Community

Cozumpark Bilisim Portali
Setting Primary Groups of Active Directory Users with Powershell
Posted in Hosting & IIS7, Windows Powershell, Windows Server | 1 Comment | 9,746 views | 02/03/2010 12:19

As you know, changing Primary Group of Active Directory users is a difficult job for system administrators.
You need to set a new one, then assign that as a primary, after all you can remove old group.
But that’s easy if you know Powershell.

1
2
3
4
5
6
7
8
9
10
11
12
$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($User.AdsPath))
$User.Put("primaryGroupId", $NewGroupToken)
$User.SetInfo()
$DomainUsers.Remove([String]($User.AdsPath))

This script simply set IIS_USERS as a primary group of Active Directory users.


Comments (1)

Rustle

June 12th, 2013
06:43:06

After $DomainGuests.Add([String]($User.AdsPath))
Shows an error:
Exception calling “Add” with “1” argument(s): “Unspecified error (Exception from HRESULT: 0x80004005 (E_FAIL))”
At line:1 char:18
+ $DomainGuests.Add <<<< ([String]($User.AdsPath))
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI



Leave a Reply