How do I set permissions to manage Active Directory group membership?

Recently I needed to automate the creation of Active Directory groups, and set the ManagedBy attribute to a specific user or service account.  Setting the ManagedBy attribute is straightforward, however being able to tick the checkbox “Manager can update membership list” is not so simple to do programatically.  Sure, you could always manually tick this checkbox, but that’s not the point – the solution needed to be fully automated.

 

Here’s an extract of the PowerShell script I used to make it happen (some error handling and logging has been stripped out):

 

Leave a Reply

Your email address will not be published. Required fields are marked *