none
Set-Acl Set Security Permissions RRS feed

  • Question

  • Hello All,

    I am trying to set ACL permissions on per user basis, where I can allow an AD security group to reset password and unlock AD account. I understand that this can be done using delegation but my situation is different and I cannot use that feature.

    There use to be an article but its not available anymore https://blogs.technet.microsoft.com/joec/2013/04/25/active-directory-delegation-via-powershell/

    I am trying to apply permissions using ACL on AD users. I can read the ACLs using Get-ACL command but I am unsure how to use Set-Acl to apply new permissions. So my question is, in PowerShell how can I set ACL on AD users for a given AD security group? 

    • Moved by Bill_Stewart Monday, January 7, 2019 8:12 PM This is not "scripts on demand"
    Monday, November 12, 2018 12:00 AM

All replies


  • I am trying to set ACL permissions on per user basis, where I can allow an AD security group to reset password and unlock AD account. I understand that this can be done using delegation but my situation is different and I cannot use that feature.


    The only way to give access is that way. Delegation just sets the ACL on the object.

    ADUC is the easiest way to do this.  Just delegate the rules on OU that the group is to manage.

    The easiest way to do this is to add the group to the "Account Operators" group which allows user management by non-admins.


    \_(ツ)_/

    Monday, November 12, 2018 12:17 AM