ADObjectOwner

1.0.1.1

src/ps1/Set-ADObjectOwner.ps1

                                #Requires -Modules ActiveDirectory

<#PSScriptInfo

.DESCRIPTION Sets the Access Control List Owner on an AD Object

.VERSION 1.0.1.1

.GUID 1f734259-d1b1-4ec1-9c25-56e06f381fc1

.AUTHOR Tom Stryhn

.COMPANYNAME Tom Stryhn

.COPYRIGHT 2021 (c) Tom Stryhn

.LICENSEURI https://github.com/tomstryhn/ADObjectOwner/blob/main/LICENSE

.PROJECTURI https://github.com/tomstryhn/ADObjectOwner

#>

function Set-ADObjectOwner {

    <#

    .SYNOPSIS

        Sets the Access Control List Owner on an AD Object

    .DESCRIPTION

        Sets the Access Control List Owner on an AD Object

        ## CAUTION ## - This script is provided on an “AS-IS” basis, any wrongful use could cause

                        irrevesible changes to Active Directory and related services. Therefore use it

                        with great caution. 

    .PARAMETER DistinguishedName

        The DistinguishedName of the Object you want to set the Owner on.

    .PARAMETER Owner

        The Owner to be set.

    .EXAMPLE

        PS C:\> Set-ADObjectOwner -DistinguishedName 'OU=TestOU,DC=Dev,DC=local' -Owner (Get-SecurityPrincipalNTAccount -SAMAccount 'Domain Admins')

        DistinguishedName         Owner        

        -----------------         -----        

        OU=TestOU,DC=Dev,DC=local Dev\Domain Admins

    .NOTES

        FUNCTION: Set-ADObjectOwner

        AUTHOR:   Tom Stryhn

        GITHUB:   https://github.com/tomstryhn/

    .INPUTS

        [string],[System.Security.Principal.NTAccount]

    .OUTPUTS

        [PSCustomObject]

    .LINK

        Get-ADObjectOwner

        Get-SecurityPrincipalNTAccount

    #>

    [CmdletBinding()]

    param (

        # DistinguishedName

        [Parameter(

            ValueFromPipelineByPropertyName = $true,

            Mandatory                       = $true

        )]

        [string]

        $DistinguishedName,

        # Owner

        [Parameter(

            Mandatory                       = $true

        )]

        [System.Security.Principal.NTAccount]

        $Owner

    )

    process {

        try {

            $objectPath = "ActiveDirectory:://RootDSE/" + $DistinguishedName

            $objectACL  = Get-Acl -Path $objectPath -ErrorAction Stop

        }

        catch {

            Write-Error -Message "Error getting ACL: [$DistinguishedName]" -ErrorAction Stop

        }

        try {

            $objectACL.SetOwner($Owner)

            Set-Acl -Path $objectPath -AclObject $objectACL -ErrorAction Stop

            Get-ADObjectOwner -DistinguishedName $DistinguishedName -ErrorAction Stop

        }

        catch {

            Write-Error -Message "Error setting ACL: [$DistinguishedName]" -ErrorAction Stop

        }

    }

}