7.6. Changing the Scope or Type of a Group
Problem
You want to change the scope or type of a group.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, right-click on the domain and select Find.
Enter the name of the group you want to modify and click Find Now.
Double-click on the group in the results pane.
In the group properties dialog box, select the new scope or type and click OK.
Using a command-line interface
The following example changes the group scope for
<GroupDN> to
<NewScope>, which should be
l for domain local group, g for
global group, or u for universal group.
> dsmod group "<GroupDN>" -scope <NewScope>
The following example changes the group type for
<GroupDN>. For the
-secgrp switch, specify yes to
change to a security group or no to make the group
a distribution list.
> dsmod group "<GroupDN>" -secgrp yes|noUsing VBScript
' This code sets the scope and type of the specified group
' to a universal security group.
' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- ' Constants taken from ADS_GROUP_TYPE_ENUM ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 1 ADS_GROUP_TYPE_GLOBAL_GROUP = 2 ADS_GROUP_TYPE_LOCAL_GROUP = 4 ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648 ADS_GROUP_TYPE_UNIVERSAL_GROUP ...Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access