AD Delegation specific rights

I’m looking for the commands to control AD delegation via a powershell script which I can find a few examples on how to set full rights using special functions or set-acl to an OU as an example but nothing on how to set specific rights. There is not a lot of good documentation or information on how to do this that I can find.

Here are the rights I need to add to an assortment (roughly 100) of OU locations:

Reset password
Read/Write lockouttime
Read/Write pwdlastset
Read/Write UserAccountcontrol
Write Account Restrictions
Read MemberOf

I have the foreach written with the OU’s but do not know how to just set the above specific rights for a AD group.


Please help or anything you can point me to for assistance would be great.