Whenever you add delegation rights to an AD object (i.e. allow a user to manage the members of an organizational unit), you really invoke a change of security settings for the given AD object.
AD security descriptors can be very complex. Cloning AD security is easy, though. So if you want to apply the very same security settings to another AD object, you can read the existing security settings from one object, and copy them to another.
This script illustrates how you can read the security settings from one OU, and copy it to another OU. This requires the ActiveDirectory provider that ships with the ActiveDirectory module. This module is part of the free Microsoft RSAT tools that need to be present.
#requires -Version 2 -Modules ActiveDirectory Import-Module -Name ActiveDirectory # read AD security from NewOU1 $sd = Get-Acl -Path 'AD:\OU=NewOU1,DC=powershell,DC=local' # assign security to NewOU2 Set-Acl -Path 'AD:\OU=NewOU2,DC=powershell,DC=local' -AclObject $sd
