Exchange 2007 & Manager Can Update Membership List

Posted by Chris on October 22, 2008 in Active Directory, Exchange, PowerShell | Tags :, , ,

I recently went through another migration. One of the post migration tasks was to fix permission to update lists. The “ManagedBy” attribute had been copied across, but not the security descriptor from the group.

This show PowerShell script can be run from the Exchange Management Shell to grab the value from ManagedBy and write it back to the security descriptor. It’s a little messy, especially as there’s no way to check on the AD level if the box is ticked except by the security descriptor.

Function Get-Groups {
  $domainSearcher = New-Object DirectoryServices.DirectorySearcher
  $domainSearcher.Filter = ("(&(objectClass=group)(mail=*)(managedBy=*))")
  [Void]$domainSearcher.PropertiesToLoad.Add("managedby")
  [Void]$domainSearcher.PropertiesToLoad.Add("name")

  $objSearcher.FindAll() `
    | Select-Object `
      @{n="GroupName";e={$_.Properties.name}}, `
      @{n="ManagedBy";e={ ([ADSI]("LDAP://" + `
        $_.Properties.managedby)).Get("userPrincipalName") }}
}

Get-Groups | %{
  Add-ADPermission -Identity $_.GroupName -User $_.ManagedBy `
    -AccessRights WriteProperty -Properties "member" }

Related posts:

  1. Get-DsAcl The goal of this PowerShell function is to create a...
  2. Changing the Primary Group with PowerShell Exactly as the title says, an example of how to...

Related posts brought to you by Yet Another Related Posts Plugin.

Respond to this post