Richard Siddaway's Blog

We saw how to create an AD security group here

http://msmvps.com/blogs/richardsiddaway/archive/2011/06/28/creating-ad-security-groups.aspx

This is how we can give a user full control of that group

function set-groupsecurity {            
[CmdletBinding()]            
param (            
 [string]$name            
)            
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
$root = $dom.GetDirectoryEntry()            
            
$search = [System.DirectoryServices.DirectorySearcher]$root            
$search.Filter = "(&(objectclass=group)(Name=$name))"            
$search.SizeLimit = 3000            
$result = $search.FindOne()            
            
$object = $result.GetDirectoryEntry()            
            
$sec = $object.ObjectSecurity            
            
## set the rights and control type            
$act = [System.Security.AccessControl.AccessControlType]::Allow            
$adrights = [System.DirectoryServices.ActiveDirectoryRights]::GenericAll            
            
## who does this apply to            
$domname = ([ADSI]"").Name            
$who = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList "$domname", "jtest"            
            
# apply rule            
$newrule = New-Object -TypeName System.DirectoryServices.ActiveDirectoryAccessRule -ArgumentList $who, $adrights, $act            
$sec.AddAccessRule($newrule)            
$object.CommitChanges()            
}

We get a directory object for the group and then get the ObjectSecurity. Create a new rule to allow full control. Assign it to user jtest (could just as easily be a group) and apply the rule