Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between PowerShell ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use PowerShell ADSI to Migrate AD Group Members
This post provides a simple example of how we can use PowerShell ADSI to modify an AD group. In this example, we modify the description attribute of an AD group. You can also use ADSI to clear the attributes for an AD group.
#OU containing the AD group
$adGroupOU="OU=Application,OU=Groups,DC=alkanesolutions,DC=co,DC=uk"
#AD group name
$addADGroup = "CN=alkane_ad_group"
#Full distinguished name of AD group
$distinguishedName = "$addADGroup,$adGroupOU"
#check if exists
$group = ([ADSISearcher] "(distinguishedName=$distinguishedName)").FindOne()
if ($group -ne $null)
{
#modify AD group description
$adGroupObj = [ADSI]("LDAP://$($group.Properties.distinguishedname)")
$adGroupObj.put('description',"Alkane description")
$adGroupObj.SetInfo()
}
