Assigning or Removing a Manager for an OU






Assigning or Removing a Manager for an OU

Problem

You want to assign or remove a manager for an OU.

Solution

Using a graphical user interface
  1. Open the ADUC snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Right-click on the OU and select Properties.

  5. Select the Managed By tab.

  6. Click the Change button.

  7. Locate the group or user to delegate control to and click OK.

  8. To remove a manager from an OU, return to the Managed By tab and click Clear.

Using a command line interface

To add a manager for an OU, use the following syntax:

	> admod b <ObjectDN> managedBy::<ManagerDN>

To clear the managedBy attribute, use the following:

	> admod b <ObjectDN> managedBy:-

Using VBScript
	strObjectDN = "ou=Finance,dc=rallencorp,dc=com"
	strUserDN = "cn=Joe Smith,ou=Finance,dc=rallencorp,dc=com"
	set objUser = GetObject("LDAP://" & strObjectDN)
	objUser.Put "managedBy", strUserDN
	objUser.SetInfo

Discussion

In the case of an OU, specifying a user, group, computer, or another OU in the Managed By tab does not confer any particular rights onto the manager; this is used as a strictly informational field. When you configure a manager for an OU, the manager's DN is placed in the OU's managedBy attribute, and the OU's DN is placed in the managers managedObjects attribute. managedObjects is a multivalued attribute to allow a single object to manage multiple objects simultaneously.

See Also

MSDN: Managed-by attribute [AD Schema] and MSDN: Managed-Objects [AD Schema]



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows