delegate 'Create all child objects' permission in OU
up vote
0
down vote
favorite
I am using below script to delegate 'Create all child objects' permission in OU. It is working fine but Inheritance Type is getting set to 'This Object only'. How Can I set the Inheritance Type to 'This Object and all descendent Objects'.
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW"))
I have tried below overloads but none seem to work:
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'SelfAndChildren',([GUID]("00000000-0000-0000-0000-000000000000")).guid))
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
powershell active-directory ou
add a comment |
up vote
0
down vote
favorite
I am using below script to delegate 'Create all child objects' permission in OU. It is working fine but Inheritance Type is getting set to 'This Object only'. How Can I set the Inheritance Type to 'This Object and all descendent Objects'.
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW"))
I have tried below overloads but none seem to work:
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'SelfAndChildren',([GUID]("00000000-0000-0000-0000-000000000000")).guid))
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
powershell active-directory ou
Are you writing the ACL back to the object usingSet-Acl
?
– Gabriel Luci
2 days ago
@Gabriel Yes . It adding permission to ou after that only
– ranjit kumar
yesterday
What happens when you use$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
?
– Gabriel Luci
yesterday
It sets the inheritance type as 'Special'.
– ranjit kumar
5 hours ago
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am using below script to delegate 'Create all child objects' permission in OU. It is working fine but Inheritance Type is getting set to 'This Object only'. How Can I set the Inheritance Type to 'This Object and all descendent Objects'.
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW"))
I have tried below overloads but none seem to work:
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'SelfAndChildren',([GUID]("00000000-0000-0000-0000-000000000000")).guid))
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
powershell active-directory ou
I am using below script to delegate 'Create all child objects' permission in OU. It is working fine but Inheritance Type is getting set to 'This Object only'. How Can I set the Inheritance Type to 'This Object and all descendent Objects'.
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW"))
I have tried below overloads but none seem to work:
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'SelfAndChildren',([GUID]("00000000-0000-0000-0000-000000000000")).guid))
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
powershell active-directory ou
powershell active-directory ou
asked Nov 21 at 11:29
ranjit kumar
257
257
Are you writing the ACL back to the object usingSet-Acl
?
– Gabriel Luci
2 days ago
@Gabriel Yes . It adding permission to ou after that only
– ranjit kumar
yesterday
What happens when you use$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
?
– Gabriel Luci
yesterday
It sets the inheritance type as 'Special'.
– ranjit kumar
5 hours ago
add a comment |
Are you writing the ACL back to the object usingSet-Acl
?
– Gabriel Luci
2 days ago
@Gabriel Yes . It adding permission to ou after that only
– ranjit kumar
yesterday
What happens when you use$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
?
– Gabriel Luci
yesterday
It sets the inheritance type as 'Special'.
– ranjit kumar
5 hours ago
Are you writing the ACL back to the object using
Set-Acl
?– Gabriel Luci
2 days ago
Are you writing the ACL back to the object using
Set-Acl
?– Gabriel Luci
2 days ago
@Gabriel Yes . It adding permission to ou after that only
– ranjit kumar
yesterday
@Gabriel Yes . It adding permission to ou after that only
– ranjit kumar
yesterday
What happens when you use
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
?– Gabriel Luci
yesterday
What happens when you use
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
?– Gabriel Luci
yesterday
It sets the inheritance type as 'Special'.
– ranjit kumar
5 hours ago
It sets the inheritance type as 'Special'.
– ranjit kumar
5 hours ago
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53411140%2fdelegate-create-all-child-objects-permission-in-ou%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Are you writing the ACL back to the object using
Set-Acl
?– Gabriel Luci
2 days ago
@Gabriel Yes . It adding permission to ou after that only
– ranjit kumar
yesterday
What happens when you use
$acl.AddAccessRule((New-Object System.DirectoryServices.CreateChildAccessRule $s,"ALLOW",'All'))
?– Gabriel Luci
yesterday
It sets the inheritance type as 'Special'.
– ranjit kumar
5 hours ago