My friends,
In Active Directory, I have a script that changes the manager of a many Groups in the .Cvs file, this part works ok.
I am trying to “Check the Box” to indicate:
“Manager can update membership list”
for all the groups in the .csv file
Here’s the script:
Import-Csv -Path "C:\Folderx\TheTest.csv" |
foreach {
Set-ADgroup -Identity $_.Group -Managedby Joe.Jones
$guid = [guid]'bf9679c0-0de6-11d0-a285-00aa003049e2'
$sid = Get-ADUser -Identity Joe.Jones | select SID
$ctrlType = [System.Security.AccessControl.AccessControlType]::Allow
$rights = [System.DirectoryServices.ActiveDirectoryRights]::WriteProperty -bor [System.DirectoryServices.ActiveDirectoryRights]::ExtendedRight
$rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($sid, $rights, $ctrlType, $guid)
$group = Get-ADGroup „$_.Group“
$aclPath = "AD:\" + $group.distinguishedName
$acl = Get-Acl $aclPath
$acl.AddAccessRule($rule)
Set-Acl -acl $acl -path $aclPath
}
Here’s the .CVS File - “C:\Folderx\Filex.csv”
Group
GROUPLGATestTesting
GROUPLGATestTesting2
Here’s the first two errors
New-Object : Cannot find an overload for "ActiveDirectoryAccessRule" and the argument count: "4".
At C:\Powershell\ManagedBy Changes ManagedBy Manager Can Update Membership LIst.ps1:8 char:9
+ $rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObj
ectCommand
Get-ADGroup : Cannot find an object with identity: '@{Group=GROUPLGATestTesting}.Group' under:
'DC=usda,DC=net'.
At C:\Powershell\ManagedBy Changes Manager Can Update Membership LIst.ps1:9 char:10
+ $group = Get-ADGroup „$_.Group“
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (@{Group=GROUPLGATestTesting}.Group:ADGroup) [Get
-ADGroup], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentity
NotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
The four arguments have good values in them:
PS C:\WINDOWS\system32>
$guid
Guid
bf9679c0-0de6-11d0-a285-00aa003049e2
$sid
SID
S-1-5-21-34734673467-88884444555-3041422421-9999
$ctrlType
Allow
$rights
WriteProperty, ExtendedRight
But the $rule variable did not get any value in it.
So the trouble begins with this line:
$rule = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($sid, $rights, $ctrlType, $guid)
Thank you in advance for your help.