|
|
|||||||
Hi guys I have bit complicated issue, Our user accounts are created by a privileged user, hence the owner ship of all accounts are in his name, I want to remove his ownership and replace with domain admin ownership, doing one by one 2 5000 accounts is pain... please suggest any short cut. |
||||||||
|
|
|||||||
I do not get your question totally, but if it is about taking ownership of files, maybe this can help: Hey, Scripting Guy! How Can I Take Ownership of a File or Folder By Using a Script? |
||||||||
|
|
|||||||
No! this is about taking ownership of user accounts from active directory... |
||||||||
|
|
|||||||
I got som hints I can read the owner value now $objuser=getobject("LDAP://CN=Jan Smith,OU=Accounts,DC=fabrican,DC=com") ? $objuser.samaccountname+ ";" + $objuser.ntSecurityDescriptor.owner and this is the VB script for changing folder ownership: strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colFolders = objWMIService.ExecQuery _ ("Select * From Win32_Directory Where Name = 'C:\\Scripts'") For Each objFolder in colFolders objFolder.TakeOwnershipEx Next Can I user it for user account also ?? |
||||||||
|
|
|||||||
Any help can I expect ? |
||||||||
|
|
|||||||
Most probably, the vbscript can be converted. Quick try (I did not test it). Code: $strComputer = "." $objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\cimv2") $colFolders = $objWMIService.ExecQuery("Select * From Win32_Directory Where Name = 'C:\\Scripts'") For Each $objFolder In $colFolders $objFolder.TakeOwnershipEx Next But maybe SubInAcl can also help? I read in an other forum that it is much faster than a script SubInACL (SubInACL.exe) ScriptingAnswers.com Forums Archive - take ownership |
||||||||
|
|
|||||||
Can I use for user instead of Computer if I get the object of a User ?? I want to change the owner ship to "Domain/Admin" Can I do it ?? |
||||||||
|
|
|||||||
Sorry, did not have to change permissions on a user object yet. I would have to study this first carefully... |
||||||||
|
|
|||||||
Thanx Witto... this issue is still burning in my head |
||||||||
|
|
|||||||
Any good news guys ?? |
||||||||
|
|
|||||||
the wmi script above most likely doesn't work. wmi is for controlling machine and what you need is something that pokes AD. |
||||||||
|
|
|||||||
True I wana chenge ownership of user Account. Please help guys.... |
||||||||
|
|
|||||||
hmm... http://msdn2.microsoft.com/en-us/library/aa706128.aspx not sure if you can do it with kixtart though. |
||||||||
|
|
|||||||
I tried Jooel it is not working |
||||||||
|
|
|||||||
This can be used to obtain the owner information. Setting the owner information is a bit more difficult to say the least Code: Dim $ou, $sd $ou = GetObject("LDAP://OU=SomeOuName,DC=YourOrg,DC=Com") $sd = $ou.Get("ntSecurityDescriptor") ? $sd.Owner |
||||||||
|
|
|||||||
Hi apronk Thanx for your help, I reached that stage allready... I tried this one also $objuser.ntSecurityDescriptor.owner = "DOMAIN\Administrators" $objuser.setinfo But no use... |
||||||||
|
|
|||||||
Then here you go Code: Dim $ou, $sd $ou = GetObject("LDAP://CN=TestUser,OU=TestOU,DC=YourDomainName,DC=local") $sd = $ou.Get("ntSecurityDescriptor") ? $sd.Owner $sd.Owner = "YourDomainName\YourNewuser" $ou.Put("ntSecurityDescriptor", $sd) $ou.SetInfo ? @Error |
||||||||
|
|
|||||||
Masha Allah Thanx Man.......... It's working.... u guys really rocks |
||||||||
|
|
|||||||
right. so it did work. I expect to see udf out of this |
||||||||
|
|
|||||||
Originally Posted By: Jooel right. so it did work. I expect to see udf out of this Already done Also one could also use this tactic when creating a user. So that one doesn't have to change it lateron. |