7.1. Creating a Group
Problem
You want to create a group.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers (ADUC) snap-in.
If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name and click OK.
In the left pane, browse to the parent container of the new group, right-click on it, and select New → Group.
Enter the name of the group and select the group scope (global, domain local, or universal) and group type (security or distribution).
Click OK.
Using a command-line interface
In the following example, <GroupDN>
should be
replaced
with the DN of the group to create,
<GroupScope>
should be
l
, g
, or u
for domain local, global, and universal groups, respectively, and
-secgroup
should be set to yes
if the group is a security group or no
otherwise.
Another recommended option is to set -desc
for
specifying a group description.
> dsadd group "<GroupDN
>" -scope <GroupScope
> -secgrp yes|no -desc "<GroupDesc
>"
Using VBScript
' The following code creates a global security group. ' ------ SCRIPT CONFIGURATION ------ strGroupParentDN = "<GroupParentDN>
" ' e.g. ou=Groups,dc=rallencorp,dc=com strGroupName = "<GroupName>
" ' e.g. ExecAdminsSales strGroupDescr = "<GroupDesc>
" ' e.g. Executive Admins for Sales group ' ------ END CONFIGURATION --------- ' Constants taken from ADS_GROUP_TYPE_ENUM Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4 Const ADS_GROUP_TYPE_GLOBAL_GROUP = 2 Const ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.