AD OU Owner Manager is a user-friendly tool that allows you to view and securely change Organizational Unit (OU) ownerships in your Active Directory environment. This tool provides a solution especially for those who want to standardize OU ownerships with Domain Admins or other administrator groups.
Core Features
OU Owner Report Section:
- Automatically scan all current OU ownership information with the Generate OU Owner Report button
- All information is automatically exported to a CSV file for later review and documentation purposes
Change OU Owner Section:
- Select Domain Admins or other administrator groups (containing admin value) from the dropdown menu
- Assign the selected group as the owner of all OUs using the Change Owner with Selected Group button
- View change results in the right panel after the operation
- All changes are automatically recorded in a CSV file for change management and audit purposes
Why You Should Use This Tool
- Easy to Use: Manage OU ownerships through a simple GUI interface
- Bulk Operations: Change ownership of all OUs with a single click
- Audit Compliance: Provide evidence for security audits with automatically generated CSV reports
- Time Saving: Reduce hours of manual work to minutes
- Error Prevention: Eliminate human errors that can occur during manual ownership changes
Usage Steps
Document Current State:
Launch the AD OU Owner Manager powershell script on ISE Click on “Generate OU Owner Report” Save the generated CSV report (as evidence of pre-change state)
- Change Ownerships:
Select “Domain Admins” group or your preferred administrator group from the dropdown menu Click on “Change Owner with Selected Group” Review the results on screen when the process completes Save the automatically generated post-change CSV report
- Verify Results:
Review the post-change report to ensure all OUs were correctly updated In case of any errors, manual corrections can be made using the previous CSV report
Security Benefits
Using this tool to transfer OU ownerships to the Domain Admins group provides these advantages:
Standardized Permissions: Consistent ownership and permission structure for all OUs Reduced Attack Surface: Elimination of security risks from scattered permission structures Simplified Management: Easier tracking of changes through centralized management Audit Readiness: Easy demonstration that OU ownerships are correctly configured during security audits
Periodically use the tool (e.g., quarterly) to check OU ownerships
GUI Interfaces , If you want to try the script I wrote, you can get it on Github
If you found this powershell script helpful, feel free to share it with your team and check out my blog for more quick tips and insights!