Set group security attributes
Top  Previous  Next


[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=7
//BatchSettings.Debug=Yes

SET ADDomainPath=dc=com/dc=acme/dc=d2
SET ADOU=MyOU
SET ADOUPath=%ADDomainPath%/ou=%ADOU%

SET Permissions="D2\GroupX:WP;member" "D2\GroupX:WP;nTGroupMembers"
[Settings_End]

[Machines_Begin]
\\EDU8      NT PDC    Ok-AllDone
[Machines_End]


[Batch_Begin]
Data.Loop   
  DOS dsacls.exe ADpathToRFC1779(%ADOUPath%/cn=%col1%)  /G %Permissions%   
Data.Endloop   
[Batch_End]

[Data_Begin]
Group1                  
Group2                  
[Data_End]

What the script does

Adds "write members" and "write nTGroupMembers" permissions for group "GroupX" on listed groups ("Group1" and "Group2").

Required

dsacls.exe

What to modify in the example

·[Settings]: ADDomainPath - Domain path of groups listed in [Data] section  
·[Settings]: ADOU - Organizational unit of groups listed in [Data] section  
·[Settings]: Permissions - permissions to grant, here domain="d2", group="GroupX", permission="WP" (write property), object = "member" and "nTGroupMembers"  
·[Machines]: netbios name of the DC  

Common problems

"The system cannot find the file specified." - Means that object path is wrong or that the object does not exist.