Creating Groups
This topic shows how to create several types of groups.
When you create a new group, you can use flags from the ADS_GROUP_TYPE_ENUM enumeration to assign a group type to the group, such as global (ADS_GROUP_TYPE_GLOBAL_GROUP), domain local (ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP), local (ADS_GROUP_TYPE_LOCAL_GROUP), universal (ADS_GROUP_TYPE_UNIVERSAL_GROUP) or security-enabled (ADS_GROUP_TYPE_SECURITY_ENABLED). If you do not specify a group type, the default is to create a global, secured group (ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED). For more information about the ADS_GROUP_TYPE_ENUM enumeration, see "ADS_GROUP_TYPE_ENUM" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
The following Visual Basic .NET code example shows how to create a new group, called Practice Managers in an organizational unit called Consulting. In a domain, the sAMAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the sAMAccountName attribute is optional. For more information about the sAMAccountName attribute, see "sAMAccountName" or "SAM-Account-Name attribute" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the new group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")
' Add the new group Practice Managers.
Dim group As DirectoryEntry = ou.Children.Add("CN=Practice Managers", "group")
' Set the samAccountName for the new group.
group.Properties("samAccountName").Value = "pracmans"
' Commit the new group to the directory.
group.CommitChanges()
The following C# code example shows how to create a new group, called Practice Managers in the organizational unit called Consulting. In a domain, the sAMAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the sAMAccountName attribute is optional. For more information about the sAMAccountName attribute, see "sAMAccountName" or "SAM-Account-Name attribute" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");
// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";
// Commit the new group to the directory.
group.CommitChanges();
The following Visual Basic .NET code example shows how to create a local domain group called Managers in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the new local domain group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")
' Add the Managers group.
Dim mgr As DirectoryEntry = ou.Children.Add("CN=Managers", "group")
' Set the group type to a secured domain local group.
mgr.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP Or ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED
' Commit the new group to the directory.
mgr.CommitChanges()
The following C# code example shows how to create a local domain group called Managers in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the new local domain group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the Managers group.
DirectoryEntry mgr = ou.Children.Add("CN=Managers", "group");
// Set the group type to a secured domain local group.
mgr.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP |
ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED;
// Commit the new group to the directory.
mgr.CommitChanges();
The following Visual Basic .NET code example shows how create a non-security group, which is a distribution list called Full Time Employees, in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the Full Time Employees distribution list to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")
' Add the Full Time Employees distribution list.
Dim dl As DirectoryEntry = ou.Children.Add("CN=Full Time Employees", "group")
' Set the group type to global.
dl.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP
' Commit the new group to the directory.
dl.CommitChanges()
The following C# code example shows how create a non-security group, which is a distribution list called Full Time Employees, in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the Full Time Employees distribution list to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the Full Time Employees distribution list.
DirectoryEntry dl = ou.Children.Add("CN=Full Time Employees", "group");
// Set the group type to global.
dl.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP;
// Commit the new group to the directory.
dl.CommitChanges();
The following Visual Basic .NET code example shows how to add an entire group to another group.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the North America group) that you
' wish to add.
Dim group As DirectoryEntry = dom.Children.Find("CN=North America")
' Connect to the group that you wish to add "group" to.
Dim mgr As New DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM")
' Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties("member").Add(group.Properties("distinguishedName").Value)
' Commit the changes to the directory.
mgr.CommitChanges()
The following C# code example shows how to add an entire group to another group.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the North America group) that you
// wish to add.
DirectoryEntry group = dom.Children.Find("CN=North America");
// Connect to the group that you wish to add "group" to.
DirectoryEntry mgr = new DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM");
// Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties["member"].Add(group.Properties["distinguishedName"].Value);
// Commit the changes to the directory.
mgr.CommitChanges();
See Also
Reference
Concepts
Group Management
Using COM Interop to Access ADSI
Send comments about this topic to Microsoft.
Copyright © 2007 by Microsoft Corporation. All rights reserved.