Good morning,
So I have a bit of an issue, I'm currently trying to script the entire lock down of AD
Access | Applies to | Permission |
Allow | This object and all child objects | Create user |
Allow | user | Write userAccountControl |
Allow | user | ExtendedRight Reset Password |
Allow | user | Write Public Information |
Allow | user | Read All Properties |
Allow | user | Read All Properties;Write All Properties pwdLastSet |
Allow | user | ExtendedRight Reset Password |
Allow | user | Write userAccountControl |
Allow | user | Write Personal Information |
Allow | user | Read All Properties |
Allow | user |
Write lockoutTime |
Those attributes I can't set using add-QADpermission, I'm guessing it's an extended attribute. Can someone provide any documentation detailing how I can set these permissions via a script using QADpermissions? Or any other option they may have?
Thanks
Alex