Creating Groups

Article
06/29/2006

This topic shows how to create several types of groups.

When you create a new group, you can use flags from the ADS_GROUP_TYPE_ENUM enumeration to assign a group type to the group, such as global (ADS_GROUP_TYPE_GLOBAL_GROUP), domain local (ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP), local (ADS_GROUP_TYPE_LOCAL_GROUP), universal (ADS_GROUP_TYPE_UNIVERSAL_GROUP) or security enabled (ADS_GROUP_TYPE_SECURITY_ENABLED). If you do not specify a group type, the default is to create a global, secured group (ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED).

[Visual Basic .NET]

The following Visual Basic .NET code example shows how to create a new group, called "Practice Managers" in an organizational unit called "Consulting". In a Windows 2000 Server domain, the samAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the samAccountName attribute is optional.

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the Consulting organizational unit) that you 
' wish to add the new group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")

' Add the new group Practice Managers.
Dim group As DirectoryEntry = ou.Children.Add("CN=Practice Managers", "group")

' Set the samAccountName for the new group.
group.Properties("samAccountName").Value = "pracmans"

' Commit the new group to the directory.
group.CommitChanges()

[C#]

The following C# code example shows how to create a new group, called "Practice Managers" in the organizational unit called "Consulting". In a Windows 2000 Server domain, the samAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the samAccountName attribute is optional.

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you 
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");

// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";

// Commit the new group to the directory.
group.CommitChanges();

[Visual Basic .NET]

The following Visual Basic .NET code example shows how to create a local domain group called "Managers" in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the Consulting organizational unit) that you 
' wish to add the new local domain group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")

' Add the Managers group.
Dim mgr As DirectoryEntry = ou.Children.Add("CN=Managers", "group")

' Set the group type to a secured domain local group.
mgr.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP Or ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED

' Commit the new group to the directory.
mgr.CommitChanges()

[C#]

The following C# code example shows how to create a local domain group called "Managers" in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you 
// wish to add the new local domain group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the Managers group.
DirectoryEntry mgr = ou.Children.Add("CN=Managers", "group");

// Set the group type to a secured domain local group.
mgr.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | 
ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED;

// Commit the new group to the directory.
mgr.CommitChanges();

[Visual Basic .NET]

The following Visual Basic .NET code example shows how create a non-security group, which is a distribution list called "Full Time Employees", in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the Full Time Employees distribution list to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")

' Add the Full Time Employees distribution list.
Dim dl As DirectoryEntry = ou.Children.Add("CN=Full Time Employees", "group")

' Set the group type to global.
dl.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP

' Commit the new group to the directory.
dl.CommitChanges()

[C#]

The following C# code example shows how create a non-security group, which is a distribution list called "Full Time Employees", in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the Full Time Employees distribution list to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the Full Time Employees distribution list.
DirectoryEntry dl = ou.Children.Add("CN=Full Time Employees", "group");

// Set the group type to global.
dl.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP;

// Commit the new group to the directory.
dl.CommitChanges();

[Visual Basic .NET]

The following Visual Basic .NET code example shows how to add an entire group to another group.

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the North America group) that you
' wish to add.
Dim group As DirectoryEntry = dom.Children.Find("CN=North America")

' Connect to the group that you wish to add "group" to.
Dim mgr As New DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM")

' Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties("member").Add(group.Properties("distinguishedName").Value)

' Commit the changes to the directory.
mgr.CommitChanges()

[C#]

The following C# code example shows how to add an entire group to another group.

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the North America group) that you
// wish to add.
DirectoryEntry group = dom.Children.Find("CN=North America");

// Connect to the group that you wish to add "group" to.
DirectoryEntry mgr = new DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM");

// Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties["member"].Add(group.Properties["distinguishedName"].Value);

// Commit the changes to the directory.
mgr.CommitChanges();

Creating Groups

[Visual Basic .NET]

[C#]

[Visual Basic .NET]

[C#]

[Visual Basic .NET]

[C#]

[Visual Basic .NET]

[C#]

Additional resources