Assigning or Removing a Manager for an OU
You want to assign or remove a manager for an OU.
Using a graphical user interface
Using a command line interface
To add a manager for an OU, use the following syntax:
> admod b <ObjectDN> managedBy::<ManagerDN>
To clear the managedBy attribute, use the following:
> admod b <ObjectDN> managedBy:-
strObjectDN = "ou=Finance,dc=rallencorp,dc=com" strUserDN = "cn=Joe Smith,ou=Finance,dc=rallencorp,dc=com" set objUser = GetObject("LDAP://" & strObjectDN) objUser.Put "managedBy", strUserDN objUser.SetInfo
In the case of an OU, specifying a user, group, computer, or another OU in the Managed By tab does not confer any particular rights onto the manager; this is used as a strictly informational field. When you configure a manager for an OU, the manager's DN is placed in the OU's managedBy attribute, and the OU's DN is placed in the managers managedObjects attribute. managedObjects is a multivalued attribute to allow a single object to manage multiple objects simultaneously.
MSDN: Managed-by attribute [AD Schema] and MSDN: Managed-Objects [AD Schema]