Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

Creating a new group account

To create a new group account using the Windows interface
  1. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  2. In the console tree, right-click the folder under which you want to create a new group.

    Where?

    • Active Directory Users and Computers\domain node\folder

  3. Point to New, and then click Group.

  4. Type the name of the new group.

    By default, the name that you type is also entered as the pre–Windows 2000 name of the new group.

  5. In Group scope, click one of the options.

    For more information, see the section "Understanding group scope" in Understanding Group Accounts.

  6. In Group type, click one of the options.

    For more information, see the section "Understanding group types" in Understanding Group Accounts.

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.

  • To add a group, you can also click the folder in which you want to add the group, and then click the new group icon on the toolbar.

  • If the domain in which you are creating the group is set to the domain functional level of Windows 2000 mixed, you can select only the Security group type with Domain local or Global scopes.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Create a New Group (http://go.microsoft.com/fwlink/?LinkId=138377). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).

Additional references

To create a new group account using a command line
  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type the following command, and then press ENTER:

    dsadd group <GroupDN> -samid<SAMName> -secgrp {yes|no} -scope {l|g|u}

Parameter Description

<GroupDN>

Specifies the distinguished name of the group object to be added.

-samid

Sets the <SAMName> value.

<SAMName>

Specifies the Security Accounts Manager (SAM) name as the unique SAM account name for the group (for example, Operators).

-secgrp

Sets the value for the group type.

{yes|no}

Specifies whether the group that you want to add is a security group (yes) or a distribution group (no).

-scope

Sets the value for the group scope.

{l|g|u}

Specifies whether the scope of the group that you want to add is domain local (l), global (g), or universal (u).

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsadd group /? 

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • If the domain in which you are creating the group is set to the domain functional level of Windows 2000 mixed, you can select only the Security group type with Domain local or Global scopes.

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start, click Administrative Tools, and then click Active Directory Module for Windows PowerShell. For more information, see Create a New Group (http://go.microsoft.com/fwlink/?LinkId=138377). For more information about Windows PowerShell, see Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).

Additional references


Table Of Contents