How To: Force an object as an owner of multiple groups via GroupID Management Shell script

Applies To:

GroupID 8 and above

Business Scenario:

We have a large number of groups and we want to force a particular group to be the primary owner of multiple groups in bulk. Moreover, we want to prevent users/owners of groups from changing or removing the primary owner. Is this possible?

More Information:

We can use GroupID Management Shell to set a group/user as the primary owner of groups.

We can then use GroupID Management Console to restrict users/owners of groups from changing the primary owner.

Steps to enforce a primary owner:

1. Open GroupID Management Shell.
2. Type the following command:
    

   Get-Group -SearchContainer " OU=SmartGroups,OU=Corp,DC=abc,DC=com "| Set-Group - ManagedBy " CN=Roger Woods,OU=Engineering,OU=Corp Users,OU=Corp,DC=abc,DC=com " |OUT-NULL

   
   This command will get all the groups from a certain container and set RogerWoods from Engineering as their primary owner. 
   
   
   
   To force this setting for all groups regardless of any specific container, remove the following from the commandlet:
    

   -SearchContainer "OU=SmartGroups,OU=Corp,DC=abc,DC=com”

    
   In the commandlet:
    
   • The Get-Group cmdlet retrieves managed groups that are in one or more containers on a domain matching the given criteria.
   • The Set-Group cmdlet modifies an unmanaged group in Active Directory. However, you can use this cmdlet to modify those parameters of a SmartGroup that are native attributes of an unmanaged group in Active Directory.
   • The Out-Null cmdlet sends its output to NULL, in effect, removing it from the pipeline and preventing the output to be displayed on the screen. 

Steps to restrict users from changing/removing the primary owner:

Through GroupID Management Console, you can restrict users/group owners from changing or removing the primary owner that you set using the GroupID Management Shell command. 

1. In GroupID Management Console, select Self-Service > Portals > [required portal] > Designs > [required identity store].
2. On the Properties tab, select Group or SmartGroup from the Select Directory Object drop down list.
3. Select Owner in the name list and click Edit.
   
   
    
4. On the Edit Design Category dialog box, select Owner in the Fields area and click Edit.
5. On the Edit Field dialog box, set the access level to Administrator. Click OK and then save the changes.
   Now only the administrator can change a group's primary owner.

Related Articles:

• How To: Enforce a primary owner for groups
• How To: Ensure/enforce minimum number of additional owners for groups

References:

• GroupID Management Shell - User Guide
• Microsoft PowerShell commandlet - Out-Null