| Saleem |
| (Hey THIS is FUN) |
| 2007-04-25 06:27 AM |
Take Ownership
|
Hi guys
I have bit complicated issue, Our user accounts are created by a privileged user, hence the owner ship of all accounts are in his name, I want to remove his ownership and replace with domain admin ownership, doing one by one 2 5000 accounts is pain...
please suggest any short cut.
| Witto |
| (MM club member) |
| 2007-04-25 06:35 AM |
|
|
Re: Take Ownership
|
I do not get your question totally, but if it is about taking ownership of files, maybe this can help:
Hey, Scripting Guy! How Can I Take Ownership of a File or Folder By Using a Script?
| Saleem |
| (Hey THIS is FUN) |
| 2007-04-25 07:08 AM |
|
Re: Take Ownership
|
No! this is about taking ownership of user accounts from active directory...
| Saleem |
| (Hey THIS is FUN) |
| 2007-04-25 11:25 AM |
|
Re: Take Ownership
|
I got som hints
I can read the owner value now
$objuser=getobject("LDAP://CN=Jan Smith,OU=Accounts,DC=fabrican,DC=com")
? $objuser.samaccountname+ ";" + $objuser.ntSecurityDescriptor.owner
and this is the VB script for changing folder ownership:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colFolders = objWMIService.ExecQuery _
("Select * From Win32_Directory Where Name = 'C:\\Scripts'")
For Each objFolder in colFolders
objFolder.TakeOwnershipEx
Next
Can I user it for user account also ??
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-03 09:51 AM |
|
Re: Take Ownership
|
Any help can I expect ?
| Witto |
| (MM club member) |
| 2007-05-03 10:45 AM |
|
|
|
Re: Take Ownership
|
Most probably, the vbscript can be converted.
Quick try (I did not test it).
Code:
$strComputer = "."
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\cimv2")
$colFolders = $objWMIService.ExecQuery("Select * From Win32_Directory Where Name = 'C:\\Scripts'")
For Each $objFolder In $colFolders
$objFolder.TakeOwnershipEx
Next
But maybe SubInAcl can also help?
I read in an other forum that it is much faster than a script
SubInACL (SubInACL.exe)
ScriptingAnswers.com Forums Archive - take ownership
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-03 01:57 PM |
|
Re: Take Ownership
|
Can I use for user instead of Computer if I get the object of a User ??
I want to change the owner ship to "Domain/Admin"
Can I do it ??
| Witto |
| (MM club member) |
| 2007-05-03 06:26 PM |
|
|
|
Re: Take Ownership
|
Sorry, did not have to change permissions on a user object yet. I would have to study this first carefully...
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-03 09:53 PM |
|
Re: Take Ownership
|
Thanx Witto...
this issue is still burning in my head
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-06 12:07 PM |
|
Re: Take Ownership
|
Any good news guys ??
Lonkero
|
| (KiX Master Guru) |
| 2007-05-06 01:15 PM |
|
Re: Take Ownership
|
the wmi script above most likely doesn't work.
wmi is for controlling machine and what you need is something that pokes AD.
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-06 01:53 PM |
|
Re: Take Ownership
|
True
I wana chenge ownership of user Account. Please help guys....
|
Lonkero
|
| (KiX Master Guru) |
| 2007-05-06 08:41 PM |
|
Re: Take Ownership
|
hmm...
http://msdn2.microsoft.com/en-us/library/aa706128.aspx
not sure if you can do it with kixtart though.
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-07 09:30 AM |
|
Re: Take Ownership
|
I tried Jooel
it is not working
| Arend_ |
| (MM club member) |
| 2007-05-07 10:10 AM |
|
|
Re: Take Ownership
|
This can be used to obtain the owner information. Setting the owner information is a bit more difficult to say the least
Code:
Dim $ou, $sd
$ou = GetObject("LDAP://OU=SomeOuName,DC=YourOrg,DC=Com")
$sd = $ou.Get("ntSecurityDescriptor")
? $sd.Owner
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-07 10:16 AM |
|
Re: Take Ownership
|
Hi apronk
Thanx for your help, I reached that stage allready...
I tried this one also
$objuser.ntSecurityDescriptor.owner = "DOMAIN\Administrators"
$objuser.setinfo
But no use...
| Arend_ |
| (MM club member) |
| 2007-05-07 10:28 AM |
|
|
|
Re: Take Ownership
|
Then here you go
Code:
Dim $ou, $sd
$ou = GetObject("LDAP://CN=TestUser,OU=TestOU,DC=YourDomainName,DC=local")
$sd = $ou.Get("ntSecurityDescriptor")
? $sd.Owner
$sd.Owner = "YourDomainName\YourNewuser"
$ou.Put("ntSecurityDescriptor", $sd)
$ou.SetInfo
? @Error
| Saleem |
| (Hey THIS is FUN) |
| 2007-05-07 12:20 PM |
Re: Take Ownership
|
Masha Allah
Thanx Man..........
It's working.... u guys really rocks
|
Lonkero
|
| (KiX Master Guru) |
| 2007-05-07 03:52 PM |
|
Re: Take Ownership
|
right.
so it did work.
I expect to see udf out of this
| Arend_ |
| (MM club member) |
| 2007-05-07 05:20 PM |
|
|
|
Re: Take Ownership
|
Originally Posted By: Jooel
right.
so it did work.
I expect to see udf out of this
so it did work.
I expect to see udf out of this
Already done
Also one could also use this tactic when creating a user. So that one doesn't have to change it lateron.