Create Group Using PowerShell ADUC, dsadd or admod

Posted on March 23rd, 2009 in Active Directory, Microsoft, Scripts, Server 2003, Server 2008 by Gil Kreslavsky

Creating a Group Using a graphical user interface

  1. Open the Active Directory Users and Computers .
  2. In the left pane, browse to the parent container of the new group, right-click on it, and select New Group.
  3. Enter the name of the group and select the group type (global, domain local, or universal) and group type (security or distribution).
  4. Click OK.

Using dsadd in command-line interface

dsadd group “<GroupDN>” -scope <GroupScope> -secgrp yes|no -desc “<GroupDesc>

Where <GroupDN> replace with DN of the group ,

Where <GroupScope> use one of the above

  • l – for domain local
  • g – for global
  • u – for universal

Where –secgroup

  • yes if the group is a security group
  • no for any other

Where desc fill group description

Using dsadd in command-line interface

> admod -b “<GroupDN>” objectClass::group groupType::
<GroupType>” sAMAccountName::”<Pre-Windows2000Name>” -add

Example: We will create global security group called “Accounting” in Accounting OU in testdomain.com

> dsadd group "cn=Accounting,ou=Accounting,dc=testdomain,dc=com"-scope global-
secgrp yes
> admod-b "cn=Accounting,ou=Accounting,dc=testdomain,dc=com" groupType::-2147483646
sAMAccountName::"Finance Users" -add

When using AdMod, you need specify the numeric value for group type, These values are predefined in Active Directory

Universal Distribution Group Value – “8”

Universal Security Group Value – “–2147483640”

Domain Local Distribution Group Value – “4”

Domain Local Security Group Value – “–2147483644”

Global Distribution Group Value – “2”

Global Security Group Value – “–2147483646”

Create Group Using VBScript

Example bellow shows how to create a global security group.
' ------  CONFIGURATION ------
strGroupParentDN = "<GroupParentDN>" ' e.g. ou=Groups,dc=testdomain,dc=com
strGroupName     = "<GroupName>"     ' e.g. Accounting
strGroupDescr    = "<GroupDesc>"     ' e.g. Accounting group
' ------ END CONFIGURATION ---------
' Constants taken from ADS_GROUP_TYPE_ENUM
Const ADS_GROUP_TYPE_GLOBAL_GROUP       = 2
Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4
Const ADS_GROUP_TYPE_SECURITY_ENABLED   = -2147483648
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP    = 8
set objOU = GetObject("LDAP://" & strGroupParentDN)
set objGroup = objOU.Create("group","cn=" & strGroupName)
objGroup.Put "groupType", ADS_GROUP_TYPE_GLOBAL_GROUP _
                         Or ADS_GROUP_TYPE_SECURITY_ENABLED
objGroup.Put "sAMAccountName", strGroupName
objGroup.Put "description", strGroupDescr
objGroup.SetInfo

Create Group Using PowerShell

To create a group using the Quest cmdlets, use the following syntax:

new-QADGroup -ParentContainer ‘<Parent OU DN>‘ -name ‘<GroupName>‘ -samaccountname ‘<GroupName> -grouptype ‘Distribution’ -groupscope ‘Universal’ 
Where <Parent OU DN> – Fill OU DN
Where <GroupName> – Fill Group Name
After –grouptype – set group type (Distribution or Security)
After –groupscope – set if (Universal, Domain Local)

Related Articles

Post a comment

CommentLuv Enabled



« « Previous post: PowerShell script to find all Local Users on a remote computer
Next post: Manage services from command prompt in Windows XP,Vista,2003,2008 » »


Search Kreslavsky.com
Custom Search