Setting Primary Groups of Active Directory Users with Powershell

March 2nd, 2010 admin Posted in Hosting & IIS7, Windows Powershell, Windows Server | No Comments »

As you know, changing Primary Group of Active Directory users is a difficult job for system administrators.
You need to set a new one, then assign that as a primary, after all you can remove old group.
But that’s easy if you know Powershell.

1
2
3
4
5
6
7
8
9
10
11
12

$User = [ADSI] "LDAP://CN=$Username,$CustomerOU,$FQDN"
$DomainNC = ([ADSI]"LDAP://RootDSE").DefaultNamingContext
$DomainUsers = [ADSI]"LDAP://CN=Domain Users,CN=Users,$DomainNC"
$DomainUsers.GetInfoEx(@("primaryGroupToken"), 0)
$OldGroupToken = $DomainUsers.Get("primaryGroupToken")
$DomainGuests = [ADSI]"LDAP://CN=IIS_USERS,CN=Users,$DomainNC"
$DomainGuests.GetInfoEx(@("primaryGroupToken"), 0)
$NewGroupToken = $DomainGuests.Get("primaryGroupToken")
$DomainGuests.Add([String]($User.AdsPath))
$User.Put("primaryGroupId", $NewGroupToken)
$User.SetInfo()
$DomainUsers.Remove([String]($User.AdsPath))

This script simply set IIS_USERS as a primary group of Active Directory users.

Tags: , , ,


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

«
»