The Set-EnrollmentPermissionscmdlet grants Mobile Device Manager (MDM) Enrollment Server permission to create computer objects for managed Windows Mobile devices in the specified Active Directory container.

You do not need to use this cmdlet if you plan to enroll devices in the default organizational unit (OU), SCMDM2008 Managed Devices. If you plan to use any other Active Directory container, you must run this cmdlet before you can use the New-EnrollmentRequestcmdlet to enroll a new device in the specified container. You only have to run this cmdlet one time for each container.

To run this cmdlet, you must be an Active Directory Domain Administrator or you must have the necessary permissions to change access control lists (ACLs) on organizational unit (OU) objects.


Set-EnrollmentPermissions [-Container] <ContainerIdParameter>
[-WhatIf] [-Confirm] [<CommonParameters>]


The following describes the Set-EnrollmentPermissionscmdlet parameters.

Container <ContainerIdParameter>

Specifies the container in Active Directory in which to create managed devices.


Informs you of what changes would be made if the action were to be performed (the cmdlet is not executed).


Prompts you for confirmation before the cmdlet executes.


This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, and -OutVariable. For more information, at the prompt, type get-help about_commonparameters.

Input Type


Output Type



This Set-EnrollmentPermissions command example gives MDM Enrollment Server permission to create computer objects for managed devices in the Active Directory organizational unit, yourOU.

Copy Code
C:\PS>Set-EnrollmentPermissions -container yourOU

Cmdlet Help

To view this information online, at the MDM Shell prompt, type

get-help Set-EnrollmentPermissions -detailed, or get-help Set-EnrollmentPermissions -full

See Also