16.12. Creating a Group Account

Problem

You want to create a group account.

Solution

Using a graphical user interface

  1. From the Administrative Tools, open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, browse to the parent container of the new group, right-click on it, and select New Group.

  4. Enter the name of the group and select the group scope (global, domain local, or universal) and group type (security or distribution).

  5. Click OK.

Using a command-line interface

In the following command, <GroupDN> should be replaced with the distinguished name of the group account to create; <GroupScope> should be l, g, or u for domain local group, global group, or universal group, respectively; and -secgroup should be set to yes if the group is a security group or no otherwise. Another recommended option to set is -desc to specify a description of the group.

> dsadd group "<GroupDN>" -scope <GroupScope> -secgrp yes|no -desc "<GroupDesc>"

Here is an example:

> dsadd group "cn=mygroup,cn=users,dc=rallencorp,dc=com" -scope g -secgrp yes -desc
"A test group"

Using VBScript

' The following code creates a global security group.
' ------ SCRIPT CONFIGURATION ------
strGroupParentDN = "<GroupParentDN>"  ' e.g., ou=Groups,dc=rallencorp,dc=com
strGroupName     = "<GroupName>"      ' e.g., ExecAdminsSales
strGroupDescr    = "<GroupDesc>" ' e.g., ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.