In this lesson, you will learn How to Create Active Directory Groups with 3 methods On Server 2016 with Step by Step Guide. But Before that, You need to understand Groups, its types, Install it and Finally How to Manage that, which I will be Providing that on the Next Article.
A group can be defined as a collection of user or computer accounts that functions as a security principal, in much the same way that a user does. Groups enable administrators to assign permissions to multiple users simultaneously. By using groups, administrators can grant multiple users the same permission level for resources on the network. If for example, you have 25 users in the graphics department who need access to a color printer, you can either assign each user the appropriate permissions for the printer or you can create a group containing the 25 users and assign the appropriate permissions to the group.
In Windows Server 2016 and Windows Server 2012R2, Groups are divided into two sections:
- Group Type: Group type defines how a group is used within Active Directory.
- Group Scope: The group scope controls which objects the group can contain. Group scopes available in an Active Directory domain include domain local groups, global groups, and universal groups.
Group Types is also divided into two Types:
- Distribution Groups: Distribution groups are Nonsecurity-related groups created for the distribution of information to one or more persons.
- Security Groups: Security groups are Security-related groups created for granting resource access permissions to multiple users.
Create Active Directory Groups with 3 methods
Method 1: Create Group Using Active Directory Administrative Center
Step 1. Open Server Manager. On the Tools menu, select Active Directory Administrative Center to open the Active Directory Administrative Center console, or open run dialog box and type Dsac.exe and Press Enter. This Will open the Active Directory Administrative Center console.
Step 2. Select Your Domain, the select New at the right pane at the right side, after selecting New Select Group.
Step 3. Now you have to give a name for the Group which you want. I have selected the Security Group with the Group scope of the Global.
Note: The name you select can be up to 64 characters long and must be unique in the domain. You must also choose a group type and a group scope.
Note 2: If you want more editing’s after you clicked ok, you can edit the settings once again. just, right click on the Group and select the Properties and add the Information which you will need.
Method 2: Create Groups Using Active Directory Users & Computers
Step 1. Open Server Manager, on the Tools menu, select Active Directory Users and Computers to open the Active Directory Users and Computers console, or open run dialog box and type Dsa.msc and Press Enter. This Will open the Active Directory Users and Computers.
Step 2. When the Active Directory Users and Computers opens, right click on the Domain and select New, after that select Group.
Step 3. Give a Name for the Group, and when you are done click ok. This time I added it Group type to the Distribute but the Group scope is in the Global Catalog.
Note: If you want more editing’s after you clicked ok, you can edit the settings once again. just, right click on the Group and select the Properties and add the Information which you will need.
Method 3: Create Group using PowerShell
Most of my friends they are asking from me, how can you remember the PowerShell cmdlets. I am telling them I am using the Help system and the search system of PowerShell. Here is an Example.
I want to create a new AD Group so I will simply search for Active Directory Group in PowerShell by typing get-command *adGroup* command.
Now you can see there are groups, So I need to create a new Group. I will simply select the New-ADGroup.
Now, there is also another question in our mind, and that is, what are the syntaxes of this command. In order to get the syntaxes, I will type Get-Help New-AdGroup Command and the help system for this cmdlets will appear.
Now that you have found the syntax, so just type down the cmdlet and go on.
Note: When you are creating an ADgroup these things are required, that’s why I am using them in my command.
- Group Category
- Group Scope
- Sam Account
New-ADGroup -GroupCategory “Security” -GroupScope “Global” -Name “Filestab” -Path “DC=Techroz e,dc=com” -SamAccountName “Filestav” -Server “Ghulam.Techroze.com”
Note: If you want to edit the Group, you can use the Set-ADGroup cmdlet.