Administering Windows 2003 – MCSE 70-290

Creating Groups

Creating groups is similar to creating computer or user accounts.

  1. Open Active Directory Users and Computers.
  2. Right-click on the OU or area you want to create a group and choose New, Group. You can create groups within Organizational Units or just in the standard containers, such as Users.
  3. Enter a name for the group and a pre-Windows 2000 name for the group.
  4. Click the radio button next to the Group Scope you are interested in using. If you have only one domain, Universal will be grayed out.
  5. Click OK.

Adding Groups at the Command Line

Active Directory has several command line interface applications allowing administrators the flexibility of scripting functions within AD. You can use these command line tools to quickly add computer, contact, group, OU, user, or quota accounts.

Adding a group to the directory from the command line uses:

dsadd group GroupDN -secgrp [yes | no] -scope [l | g | u] -samid SAMName -desc Description -memberof Group. -members members.

GroupDN is the distinguished name of the group you would like to add.

-secgrp sets whether this is a security group (versus a distribution group) – the default is Yes.

-scope specifies local, global, or universal.

-samid SAMName is the SAM account name of the group, e.g. operators.

-desc Description is the description of the group.

-memberof Group. is a list of groups this group will be a member of. You can specify multiple groups separated by a space.

-members members. is a list of the groups or users you want to be placed into this group. You can specify multiple distinguished names with a space in between them.

There are additional options you can see if you type dsadd group /? at a command prompt.

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *