Active Directory : Add Group Accounts(CUI)2019/02/22 |
|
Add Group Accounts with Commands on CUI.
|
|
| [1] | Run PowerShell or Command Prompt and use [dsadd group] command. |
# show current group list PS C:\Users\Administrator> dsquery group -name * "CN=Administrators,CN=Builtin,DC=srv,DC=world" "CN=Users,CN=Builtin,DC=srv,DC=world" "CN=Guests,CN=Builtin,DC=srv,DC=world" "CN=Print Operators,CN=Builtin,DC=srv,DC=world" "CN=Backup Operators,CN=Builtin,DC=srv,DC=world" ..... ..... # for example, add [DBAdmin] group PS C:\Users\Administrator> dsadd group CN=DBAdmin,CN=Users,DC=srv,DC=world ` -secgrp yes ` -scope g ` -desc "Database Admin Group" dsadd succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world PS C:\Users\Administrator> dsquery group -name DBAdmin "CN=DBAdmin,CN=Users,DC=srv,DC=world" # options for [dsadd group] PS C:\Users\Administrator> dsadd group /? Description: Adds a group to the directory. Syntax: dsadd group <GroupDN> [-secgrp {yes | no}] [-scope {l | g | u}] [-samid <SAMName>] [-desc <Description>] [-memberof <Group ...>] [-members <Member ...>] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}] ..... ..... |
| [2] | For adding members to a Group, Use [dsmod group] command. |
# for example, add [Redstone] user to [DBAdmin] group PS C:\Users\Administrator> dsmod group CN=DBAdmin,CN=Users,DC=srv,DC=world ` -addmbr CN=Redstone,CN=Users,DC=srv,DC=world dsmod succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world # verify PS C:\Users\Administrator> dsget group CN=DBAdmin,CN=Users,DC=srv,DC=world -members "CN=Redstone,CN=Users,DC=srv,DC=world" # if delete a member from a group, do like follows PS C:\Users\Administrator> dsmod group CN=DBAdmin,CN=Users,DC=srv,DC=world ` -rmmbr CN=Redstone,CN=Users,DC=srv,DC=world dsmod succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world |
| [3] | If you'd like to delete groups, use [dsrm] command. |
# for example, delete [DBAdmin] group PS C:\Users\Administrator> dsrm "CN=DBAdmin,CN=Users,DC=srv,DC=world" Are you sure you wish to delete CN=DBAdmin,CN=Users,DC=srv,DC=world (Y/N)? y dsrm succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world |
| [4] | If you use PowerShell, It's possible to use Cmdlet for PowerShell. |
# show current group list PS C:\Users\Administrator> Get-ADGroup -Filter * | Format-Table DistinguishedName DistinguishedName ----------------- CN=Administrators,CN=Builtin,DC=srv,DC=world CN=Users,CN=Builtin,DC=srv,DC=world CN=Guests,CN=Builtin,DC=srv,DC=world CN=Print Operators,CN=Builtin,DC=srv,DC=world CN=Backup Operators,CN=Builtin,DC=srv,DC=world ..... ..... # for example, add [DBAdmin] group PS C:\Users\Administrator> New-ADGroup DBAdmin ` -GroupScope Global ` -GroupCategory Security ` -Description "Database Admin Group" # verify PS C:\Users\Administrator> Get-ADGroup -Identity DBAdmin DistinguishedName : CN=DBAdmin,CN=Users,DC=srv,DC=world GroupCategory : Security GroupScope : Global Name : DBAdmin ObjectClass : group ObjectGUID : 401cf330-57a3-4352-bb00-8e1932b47036 SamAccountName : DBAdmin SID : S-1-5-21-1938244123-2570910143-1886879425-1110 # if delete, do like follows PS C:\Users\Administrator> Remove-ADGroup -Identity "CN=DBAdmin,CN=Users,DC=srv,DC=world" Confirm Are you sure you want to perform this action? Performing the operation "Remove" on target "CN=DBAdmin,CN=Users,DC=srv,DC=world". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y # options for [New-ADGroup] PS C:\Users\Administrator> Get-Help New-ADGroup NAME New-ADGroup SYNOPSIS Creates an Active Directory group. SYNTAX New-ADGroup [-Name] <String> [-GroupScope] {DomainLocal | Global | Universal} [-AuthType {Negotiate | Basic}] [-Cre dential <PSCredential>] [-Description <String>] [-DisplayName <String>] [-GroupCategory {Distribution | Security}] [-HomePage <String>] [-Instance <ADGroup>] [-ManagedBy <ADPrincipal>] [-OtherAttributes <Hashtable>] [-PassThru] [- Path <String>] [-SamAccountName <String>] [-Server <String>] [-Confirm] [-WhatIf] [<CommonParameters>] ..... ..... |
| Sponsored Link |