Jaa


How to add local group to AD LDS Readers role using PowerShell

Posting this snippet in case someone needs to add a local group to AD LDS readers role, using PowerShell/ADSI.

 

#Get the SID of a local group

$myGroup = New-Object security.principal.ntaccount("myGroup2")

$myGroupSid = $myGroup.Translate([security.principal.securityidentifier])

 

#connect to partition

$readersRole = [adsi]"LDAP://mdt:389/CN=Readers,CN=Roles,DC=myPartition"

 

#Add the group as member to Readers

$memberToAdd = "<SID=$myGroupSid>"

$readersRole.member.Add($memberToAdd)

$readersRole.CommitChanges()

 

 

#connect to partition again, to confirm (or can use adsiedit.msc)

$readersRole = [adsi]"LDAP://mdt:389/CN=Readers,CN=Roles,DC=myPartition"

$readersRole.member