16.16. Changing the Scope or Type of a Group

Problem

You want to change the scope or type of a group.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Enter the name of the group you want to modify and click Find Now.

  5. Double-click on the group in the results pane.

  6. In the group properties dialog box, select the new scope or type and click OK.

Using a command-line interface

The following example changes the group scope for <GroupDN> to <NewScope>, which should be l for domain local group, g for global group, or u for universal group.

> dsmod group "<GroupDN>" -scope <NewScope>

The following example changes the group type for <GroupDN>. For the -secgrp switch, specify yes to change to a security group or no to make the group a distribution list.

> dsmod group "<GroupDN>" -secgrp yes|no

Using VBScript

' This code sets the scope and type of the specified group 
' to a universal security group.
' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>" ' e.g., cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- ' Constants taken from ADS_GROUP_TYPE_ENUM ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 1 ADS_GROUP_TYPE_GLOBAL_GROUP = 2 ADS_GROUP_TYPE_LOCAL_GROUP = 4 ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648 ADS_GROUP_TYPE_UNIVERSAL_GROUP ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.