Windows 2025
Sponsored Link

Active Directory : Add Group Accounts2024/11/29
 

Add Group Accounts on Active Directory.

[1] Run PowerShell with admin privilege and configure like follows. 
# show current group list
PS C:\Users\Administrator> Get-ADGroup -Filter * | Format-Table DistinguishedName 

DistinguishedName
-----------------
CN=Administrators,CN=Builtin,DC=srv,DC=world
CN=Users,CN=Builtin,DC=srv,DC=world
CN=Guests,CN=Builtin,DC=srv,DC=world
CN=Print Operators,CN=Builtin,DC=srv,DC=world
CN=Backup Operators,CN=Builtin,DC=srv,DC=world
CN=Replicator,CN=Builtin,DC=srv,DC=world
CN=Remote Desktop Users,CN=Builtin,DC=srv,DC=world
CN=Network Configuration Operators,CN=Builtin,DC=srv,DC=world
CN=Performance Monitor Users,CN=Builtin,DC=srv,DC=world
.....
.....

# for example, add [Development01] group
PS C:\Users\Administrator> New-ADGroup Development01 `
-GroupScope Global `
-GroupCategory Security `
-Description "Database Admin Group" 

# verify
PS C:\Users\Administrator> Get-ADGroup -Identity Development01 

DistinguishedName : CN=Development01,CN=Users,DC=srv,DC=world
GroupCategory     : Security
GroupScope        : Global
Name              : Development01
ObjectClass       : group
ObjectGUID        : a64cf4f2-45a4-4924-8e99-22eb6cf6419e
SamAccountName    : Development01
SID               : S-1-5-21-2649012655-406810028-4197379243-1111


# to add a member to a group, run like follows
PS C:\Users\Administrator> Add-ADGroupMember -Identity Development01 -Members Serverworld 

# verify
PS C:\Users\Administrator> Get-ADGroupMember -Identity Development01 

distinguishedName : CN=Server World,CN=Users,DC=srv,DC=world
name              : Server World
objectClass       : user
objectGUID        : 49f5d4ec-a6d0-40d2-818d-4af624250718
SamAccountName    : Serverworld
SID               : S-1-5-21-2649012655-406810028-4197379243-1103


# to delete a member from a group, run like follows
PS C:\Users\Administrator> Remove-ADGroupMember -Identity Development01 -Members Serverworld 

Confirm
Are you sure you want to perform this action?
Performing the operation "Set" on target "CN=Development01,CN=Users,DC=srv,DC=world".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y


# to delete a group, run like follows
PS C:\Users\Administrator> Remove-ADGroup -Identity Development01 

Confirm
Are you sure you want to perform this action?
Performing the operation "Remove" on target "CN=Development01,CN=Users,DC=srv,DC=world".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
Active Directory : Add Group Accounts (GUI)
 

On GUI configuration, set like follows.

[2] Run [Server Manager] and open [Tools] - [Active Directory Users and Conputers],
next, Click with right button [Users] on left tree and select [New] - [Group].
[3]
Input a Group name you'd like to add.
* Group scope
Domain local It's possible to add groups in forests,
however, for adding access permission, it's possible to set access permission to groups which are in the Domain the group was created.
This group is mainly used for access control.
Global It's possible to add users and Global groups which are in the same Domain.
This group is mainly used for organization.
Universal It's possible to add groups in a forest.
This group is mainly used for organization on cross Domains.
* Group type
Security The group that you can set access permission.
Distribution The group that is used on Exchange Server.
[4] A new Group is just added.
[5] For adding users in a Group,
Right Click the Group and Open [Properties].
[6] Move to [Member] tab and Click [Add] button.
[7] Input a username you'd like to add to this Group and Click [OK].
[8] Confirm the Properties of the user you added to the Group.
Matched Content