Use ADSI to Modify an AD Group

Other Posts in this Series:

• LDAP Does Not Return All Active Directory Group Members
• The Difference Between ADSI and ADSISearcher
• Use ADSI to Check if a User is a Member of an AD Group
• Use ADSI to Check if a Computer is a Member of an AD Group
• Use ADSI to Migrate AD Group Members

• 1
• 2
• 3
• 4
• >>

This post provides a simple example of how we can use ADSI to modify an AD group.  In this example, we modify the description attribute of an AD group.  You can also use ADSI to clear the attributes for an AD group.

#OU containing the AD group
$adGroupOU="OU=Application,OU=Groups,DC=alkanesolutions,DC=co,DC=uk"

#AD group name
$addADGroup = "CN=alkane_ad_group"

#Full distinguished name of AD group		
$distinguishedName = "$addADGroup,$adGroupOU"

#check if exists
$group = ([ADSISearcher] "(distinguishedName=$distinguishedName)").FindOne()

if ($group -ne $null)
{		
    #modify AD group description
    $adGroupObj = [ADSI]("LDAP://$($group.Properties.distinguishedname)")
    $adGroupObj.put('description',"Alkane description") 
    $adGroupObj.SetInfo()
}