Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This topic shows how to create several types of groups.
When you create a new group, you can use flags from the ADS_GROUP_TYPE_ENUM enumeration to assign a group type to the group, such as global (ADS_GROUP_TYPE_GLOBAL_GROUP), domain local (ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP), local (ADS_GROUP_TYPE_LOCAL_GROUP), universal (ADS_GROUP_TYPE_UNIVERSAL_GROUP) or security-enabled (ADS_GROUP_TYPE_SECURITY_ENABLED). If you do not specify a group type, the default is to create a global, secured group (ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED). For more information about the ADS_GROUP_TYPE_ENUM enumeration, see "ADS_GROUP_TYPE_ENUM" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
The following Visual Basic .NET code example shows how to create a new group, called Practice Managers in an organizational unit called Consulting. In a domain, the sAMAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the sAMAccountName attribute is optional. For more information about the sAMAccountName attribute, see "sAMAccountName" or "SAM-Account-Name attribute" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the new group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")
' Add the new group Practice Managers.
Dim group As DirectoryEntry = ou.Children.Add("CN=Practice Managers", "group")
' Set the samAccountName for the new group.
group.Properties("samAccountName").Value = "pracmans"
' Commit the new group to the directory.
group.CommitChanges()
The following C# code example shows how to create a new group, called Practice Managers in the organizational unit called Consulting. In a domain, the sAMAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the sAMAccountName attribute is optional. For more information about the sAMAccountName attribute, see "sAMAccountName" or "SAM-Account-Name attribute" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");
// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";
// Commit the new group to the directory.
group.CommitChanges();
The following Visual Basic .NET code example shows how to create a local domain group called Managers in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the new local domain group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")
' Add the Managers group.
Dim mgr As DirectoryEntry = ou.Children.Add("CN=Managers", "group")
' Set the group type to a secured domain local group.
mgr.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP Or ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED
' Commit the new group to the directory.
mgr.CommitChanges()
The following C# code example shows how to create a local domain group called Managers in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the new local domain group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the Managers group.
DirectoryEntry mgr = ou.Children.Add("CN=Managers", "group");
// Set the group type to a secured domain local group.
mgr.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP |
ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED;
// Commit the new group to the directory.
mgr.CommitChanges();
The following Visual Basic .NET code example shows how create a non-security group, which is a distribution list called Full Time Employees, in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the Full Time Employees distribution list to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")
' Add the Full Time Employees distribution list.
Dim dl As DirectoryEntry = ou.Children.Add("CN=Full Time Employees", "group")
' Set the group type to global.
dl.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP
' Commit the new group to the directory.
dl.CommitChanges()
The following C# code example shows how create a non-security group, which is a distribution list called Full Time Employees, in the Consulting organizational unit. Use Using COM Interop to Access ADSI to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the Full Time Employees distribution list to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the Full Time Employees distribution list.
DirectoryEntry dl = ou.Children.Add("CN=Full Time Employees", "group");
// Set the group type to global.
dl.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP;
// Commit the new group to the directory.
dl.CommitChanges();
The following Visual Basic .NET code example shows how to add an entire group to another group.
' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()
' Find the container (in this case, the North America group) that you
' wish to add.
Dim group As DirectoryEntry = dom.Children.Find("CN=North America")
' Connect to the group that you wish to add "group" to.
Dim mgr As New DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM")
' Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties("member").Add(group.Properties("distinguishedName").Value)
' Commit the changes to the directory.
mgr.CommitChanges()
The following C# code example shows how to add an entire group to another group.
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the North America group) that you
// wish to add.
DirectoryEntry group = dom.Children.Find("CN=North America");
// Connect to the group that you wish to add "group" to.
DirectoryEntry mgr = new DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM");
// Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties["member"].Add(group.Properties["distinguishedName"].Value);
// Commit the changes to the directory.
mgr.CommitChanges();
Group Management
Using COM Interop to Access ADSI
Send comments about this topic to Microsoft.
Copyright © 2007 by Microsoft Corporation. All rights reserved.