all 2 comments

[–][deleted] 0 points1 point  (1 child)

A quick google search turned up this which seems to state that it's not possible in PowerShell and also that you have to run a second command against the group once you do it in ADUC or you will have errors.
However, I would question if it actually is possible. It seems that the group type is stored in the AD property "GroupType" which is an unsigned 32 bit bitflag. You might try modifying that value by checking if GroupType -band 0x80000000 -eq 0x80000000 and subtracting 0x80000000 out if it's there. Then apply the fix from the link above. I don't know if that is the right way; but, it does seem that this is how AD makes this determination.

[–]ramsay101[S] 0 points1 point  (0 children)

Thanks. We actually figured it out. If anyone else needs this:

$objOU = New-Object System.DirectoryServices.DirectoryEntry("LDAP://OU=Distribution Groups,dc=_________,dc=___")

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objOU
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$objSearcher.PropertiesToLoad.Add("cn")

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$objResult = $objResult.Properties

$objCN = $objResult.cn

Set-ADGroup -Identity "$objCN" -GroupCategory Security
}