Below you will find scripts that will allow you to mass change the owner of different Active Directory objects such as:
- Users
- Groups
- Organizational Unit
- Computers
In a “normal” situation, the owner of Active Directory objects is:
- Domain Admins
- Company Administrators
- BUILTIN\Administrators
- NT AUTHORITY\System
When an object is created by a user who is not a member of one of the above groups through delegation or use of the “Account Operator” group, the user who created the object is the owner.
This situation can pose security issues, if you only have a few objects it is possible to do it by hand, but if you have several dozen/hundreds it can take a lot of time.
Notice
The scripts are written with the French name of the groups, you must adapt them according to the language of your Active Directory environment
You can find the scripts here: PowerShell/Active Directory/Fix Owner Objects · master · RDR-IT / Scripts · GitLab
If you only want to display the affected objects:
Users :
Computers:
Groupe :
Organizational Unit:
Sources :