PowerShell: Add All Members of an OU to a Security Group
KB ID 0001589 Problem I’ve written in the past about ‘Bulk Adding Users from CSV files, into Groups’. But what if you want to add ALL users in a particular OU into a security group? Solution The syntax is; Get-ADUser -SearchBase ‘OU=Source-OU,OU=PNL,DC=pnl,DC=com’ -Filter * | ForEach-Object {Add-ADGroupMember -Identity ‘SG-Test-Group’ -Members $_ } Here I’ve got 20 users that need adding to a group, in this...
Windows – Unable to Move an OU
KB ID 0001336 Problem I was doing some AD redesign work for a client this week, and I needed to move an Organisational Unit (OU). However the domain had other ideas; Active Directory Domain Services Windows cannot move object {OU-Name} because: Access is denied. It wasn’t a rights issue, (I was an Enterprise Administrator). Solution As it turns out, it was the same problem I’d had back when Server 2008 first came out...
Windows Server ‘Can’t Delete an OU’
KB ID 0000105 Problem Error “You do not have sufficient privileges to delete {OU Name}, or this object is protected from accidental deletion” Cause In Windows domains you have the option to prevent an OU from accidental deletion so that even a Domain/Enterprise admin cannot delete it. That’s fine until you need to delete one. Solution To delete a protected OU 1. On the the Server (with administrative privileges). 2. Start...
Granting Users Password Change Ability (Password Administration)
KB ID 0000503 Problem This is a two part operation, firstly you need to give the user(s) the rights to change passwords, then give them the tools to do so. Solution Step 1: Grant the rights (Delegation of Control) 1. Whilst logged into a domain controller with administrative access, open “Active Directory Users and Computers” and create a group that you are going to allow password reset rights to. Note: In this example...
Active Directory – Modify all users in an OU to “Password Never Expires”
KB ID 0000532 Problem A while back I did a job for a school, many weeks later their users have had to change their passwords. Nothing strange there, the problem is now their teachers DONT want to have their passwords changing at all. For a single user you can simply edit the user object and set it to “Password Never Expires” for a LOT of users this can be more time consuming. Solution Warning: There is a caveat! If the...