home
projects
about
contact
follow
feed
settings
Categories
Archive
Blogroll

Microsoft PowerShell MVP

Cozumpark Bilisim Portali
Setting Primary Groups of Active Directory Users with Powershell
Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comment | 2,101 views | 02/03/2010 12:19

As you know, changing Primary Group of Active Directory users is a difficult job for system administrators.
You need to set a new one, then assign that as a primary, after all you can remove old group.
But that’s easy if you know Powershell.

1
2
3
4
5
6
7
8
9
10
11
12

$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($User.AdsPath))
$User.Put("primaryGroupId", $NewGroupToken)
$User.SetInfo()
$DomainUsers.Remove([String]($User.AdsPath))

This script simply set IIS_USERS as a primary group of Active Directory users.



Leave a Reply

Serving on IIS7.5 on Windows Server 2008 R2 with PHP Fastcgi | Netcraft Report
© 2009-2011 Yusuf Ozturk (MCSE+S) | Powered by WordPress | Theme by yusufozturk