For now I've got a script where I can see every user from my Active Directory who has the SID from AccountOperators (5-1-2-32-548) set and the ones who don't.
And now I want to that the user account without this SID, that they can be changed/edited from every other User with the SID set.
Not that they get the SID set.
Set-Acl
can set AD permissions just fine, but you don't want to set an ACL or SID. You want to add a user to the (builtin) domain group "Account Operators":
Import-Module ActiveDirectory
Set-ADGroupMember -Identity 'Account Operators' -Members 'username'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.