Your network contains an Active Directory forest named contoso.com. The forest contains a
single domain. The domain contains two domain controllers named DC1 and DC2 that run
Windows Server 2012 R2.
The domain contains a user named User1 and a global security group named Group1.
You need to ensure that User1 can manage the group membership of Group1. The solution
must minimize the number of permissions assigned to User1.
Which cmdlet should you run?
A.
Add-AdPrincipalGroupMembership
B.
Install-AddsDomainController
C.
Install-WindowsFeature
D.
Install-AddsDomain
E.
Rename AdOh
F.
Set-AdAccountControl
G.
Set-AdGroup
H.
Set-User
Explanation:
The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can
modify commonly used property values by using the cmdlet parameters.
ManagedBy Specifies the user or group that manages the object by providing one of the
following property values. Note:
The identifier in parentheses is the LDAP display name for the property.
Distinguished Name
Example: CN=SaraDavis,OU=Europe,CN=Users,DC=corp,DC=contoso,DC=com
GUID (objectGUID)
Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
Security Identifier (objectSid)
Example: S-1 -5-21 -3165297888-301567370-576410423-1103
SAM Account Name (sAMAccountName)
Example: saradavis
The Install-ADDSDomainController cmdlet installs a domain controller in Active Directory.
Example: C:\PS>Install-ADDSDomainController -InstallDns -Credential (Get-Credential
CORP\Administrator) -DomainName “corp.contoso.com”
References:
http://technet.microsoft.com/en-us/library/hh974723.aspx
http://technet.microsoft.com/en-us/library/ee617199.aspx
http://technet.microsoft.com/en-us/library/ee617225.aspx
set-adgroup with managed by.
But ManagedBy attribute doesn’t give any rights… in AD Users & Computers you have to select the “Manager can update membership list” checkbox to give rights. And you can’t add the right with Set-AdGroup + ManagedBy. You need to use Add-ADPermission to give AccessRights.
Source: https://community.spiceworks.com/topic/803453-ad-group-manager-can-update-memebership-powershell