|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
10-20-2007
| #1 (permalink) |
| | Bulk modify AD Hello! Using Powershell Scripting to Bulk Modify Active Directory Objects http://msexchangeteam.com/archive/20...19/447301.aspx I would like to bulk modify the "Allow inheritable permissions from parent to propagate to this object" check box. I`ve tried: [PS] C:\\admodify.ps1 "OU=test,OU=Dev,DC=lab,DC=ad" "(&(objectClass=user))" Subtree DACL_PROTECTED 4096 Result: WARNING: System.DirectoryServices.DirectoryServicesCOMException (0x8007200A): Th e specified directory service attribute or value does not exist. (Exception from HRESULT: 0x8007200A) Any suggestions how this could be accomplished? Regards Jan Egil R. |
My System Specs |
|
10-21-2007
| #2 (permalink) |
| | RE: Bulk modify AD The short answer is that you cannot accomplish this task in this way. The "Allow inheritable permissions from parent to propagate to this object" check box is not an AD attribute and cannot be modified by any variation of the script you are trying to use. If you use ADSIEdit to examine an OU you will see that such an attrribute doesn't exist - which is why you are getting the error message. The checkbox is set on the security tab of the object - use the Advanced tab to view To change the setting with a script you need something like this ## sets the "Allow inheritable permissions from parent to propagate to this object"check box $ou = [ADSI]"LDAP://ou=sectest2,ou=sectest,dc=psuguk,dc=org" $sec = $ou.psbase.objectSecurity $isProtected = $false ## allows inheritance $preserveInheritance = $true ## preserver inhreited rules $sec.SetAccessRuleProtection($isProtected, $preserveInheritance) $ou.psbase.commitchanges() You will need to wrap this code with loops through whatever objects you need to set this for -- Richard Siddaway Please note that all scripts are supplied "as is" and with no warranty Blog: http://richardsiddaway.spaces.live.com/ PowerShell User Group: http://www.get-psuguk.org.uk "jer" wrote: Quote: > Hello! > > Using Powershell Scripting to Bulk Modify Active Directory Objects > http://msexchangeteam.com/archive/20...19/447301.aspx > > > I would like to bulk modify the "Allow inheritable permissions from parent > to propagate to this object" check box. > I`ve tried: > [PS] C:\\admodify.ps1 "OU=test,OU=Dev,DC=lab,DC=ad" "(&(objectClass=user))" > Subtree DACL_PROTECTED 4096 > > Result: > WARNING: System.DirectoryServices.DirectoryServicesCOMException > (0x8007200A): Th > e specified directory service attribute or value does not exist. (Exception > from > HRESULT: 0x8007200A) > > Any suggestions how this could be accomplished? > > Regards > Jan Egil R. > |
| My System Specs |
|
10-28-2007
| #3 (permalink) |
| | Re: Bulk modify AD Thanks for your reply, I`ve tested by putting your script in a ps1 file and edited the LDAP-string. I cleared the "Allow inheritable permissions from parent to propagate to this object" check box for a test-user in the test-OU I specified in the LDAP-string. The script runs without any errors, but I can`t see the check box being checked afterwards. Any idea what could be wrong? "RichS" <RichS@xxxxxx> skrev i melding news:944F391B-6516-4D57-B35C-CF45E35AC23B@xxxxxx Quote: > The short answer is that you cannot accomplish this task in this way. > The > "Allow inheritable permissions from parent to propagate to this object" > check box is not an AD attribute and cannot be modified by any variation > of > the script you are trying to use. > > If you use ADSIEdit to examine an OU you will see that such an attrribute > doesn't exist - which is why you are getting the error message. > > The checkbox is set on the security tab of the object - use the Advanced > tab > to view > > To change the setting with a script you need something like this > > ## sets the "Allow inheritable permissions from parent to propagate to > this > object"check box > > $ou = [ADSI]"LDAP://ou=sectest2,ou=sectest,dc=psuguk,dc=org" > $sec = $ou.psbase.objectSecurity > > $isProtected = $false ## allows inheritance > $preserveInheritance = $true ## preserver inhreited rules > > $sec.SetAccessRuleProtection($isProtected, $preserveInheritance) > $ou.psbase.commitchanges() > > You will need to wrap this code with loops through whatever objects you > need > to set this for > -- > Richard Siddaway > Please note that all scripts are supplied "as is" and with no warranty > Blog: http://richardsiddaway.spaces.live.com/ > PowerShell User Group: http://www.get-psuguk.org.uk > > > "jer" wrote: > Quote: >> Hello! >> >> Using Powershell Scripting to Bulk Modify Active Directory Objects >> http://msexchangeteam.com/archive/20...19/447301.aspx >> >> >> I would like to bulk modify the "Allow inheritable permissions from >> parent >> to propagate to this object" check box. >> I`ve tried: >> [PS] C:\\admodify.ps1 "OU=test,OU=Dev,DC=lab,DC=ad" >> "(&(objectClass=user))" >> Subtree DACL_PROTECTED 4096 >> >> Result: >> WARNING: System.DirectoryServices.DirectoryServicesCOMException >> (0x8007200A): Th >> e specified directory service attribute or value does not exist. >> (Exception >> from >> HRESULT: 0x8007200A) >> >> Any suggestions how this could be accomplished? >> >> Regards >> Jan Egil R. >> |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| PS for bulk management | PowerShell | |||
| Bulk Search | General Discussion | |||
| bulk BCC | Vista mail | |||
| Question re [bulk] | Vista mail | |||
| Bulk modify AD | PowerShell | |||
