7.6. Changing the Scope or Type of a Group

Problem

You want to change the scope or type of a group.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Enter the name of the group you want to modify and click Find Now.

  5. Double-click on the group in the results pane.

  6. In the group properties dialog box, select the new scope or type and click OK.

Using a command-line interface

The following example changes the group scope for <GroupDN> to <NewScope>, which should be l for domain local group, g for global group, or u for universal group.

> dsmod group "<GroupDN>" -scope <NewScope>

The following example changes the group type for <GroupDN>. For the -secgrp switch, specify yes to change to a security group or no to make the group a distribution list.

> dsmod group "<GroupDN>" -secgrp yes|no

Using VBScript

' This code sets the scope and type of the specified group 
' to a universal security group.
' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- ' Constants taken from ADS_GROUP_TYPE_ENUM ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 1 ADS_GROUP_TYPE_GLOBAL_GROUP = 2 ADS_GROUP_TYPE_LOCAL_GROUP = 4 ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648 ADS_GROUP_TYPE_UNIVERSAL_GROUP ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial