Creating Groups
This topic shows how to create several types of groups.
When you create a new group, you can use flags from the ADS_GROUP_TYPE_ENUM enumeration to assign a group type to the group, such as global (ADS_GROUP_TYPE_GLOBAL_GROUP), domain local (ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP), local (ADS_GROUP_TYPE_LOCAL_GROUP), universal (ADS_GROUP_TYPE_UNIVERSAL_GROUP) or security enabled (ADS_GROUP_TYPE_SECURITY_ENABLED). If you do not specify a group type, the default is to create a global, secured group (ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED).
[Visual Basic .NET]
The following Visual Basic .NET code example shows how to create a new group, called "Practice Managers" in an organizational unit called "Consulting". In a Windows 2000 Server domain, the samAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the samAccountName attribute is optional.
' Bind to the domain that this user is currently connected to. Dim dom As New DirectoryEntry() ' Find the container (in this case, the Consulting organizational unit) that you ' wish to add the new group to. Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting") ' Add the new group Practice Managers. Dim group As DirectoryEntry = ou.Children.Add("CN=Practice Managers", "group") ' Set the samAccountName for the new group. group.Properties("samAccountName").Value = "pracmans" ' Commit the new group to the directory. group.CommitChanges()
[C#]
The following C# code example shows how to create a new group, called "Practice Managers" in the organizational unit called "Consulting". In a Windows 2000 Server domain, the samAccountName attribute is mandatory, but on a Windows Server 2003 or later domain, the samAccountName attribute is optional.
// Bind to the domain that this user is currently connected to. DirectoryEntry dom = new DirectoryEntry(); // Find the container (in this case, the Consulting organizational unit) that you // wish to add the new group to. DirectoryEntry ou = dom.Children.Find("OU=Consulting"); // Add the new group Practice Managers. DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group"); // Set the samAccountName for the new group. group.Properties["samAccountName"].Value = "pracmans"; // Commit the new group to the directory. group.CommitChanges();
[Visual Basic .NET]
The following Visual Basic .NET code example shows how to create a local domain group called "Managers" in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.
' Bind to the domain that this user is currently connected to. Dim dom As New DirectoryEntry() ' Find the container (in this case, the Consulting organizational unit) that you ' wish to add the new local domain group to. Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting") ' Add the Managers group. Dim mgr As DirectoryEntry = ou.Children.Add("CN=Managers", "group") ' Set the group type to a secured domain local group. mgr.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP Or ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED ' Commit the new group to the directory. mgr.CommitChanges()
[C#]
The following C# code example shows how to create a local domain group called "Managers" in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP flag.
// Bind to the domain that this user is currently connected to. DirectoryEntry dom = new DirectoryEntry(); // Find the container (in this case, the Consulting organizational unit) that you // wish to add the new local domain group to. DirectoryEntry ou = dom.Children.Find("OU=Consulting"); // Add the Managers group. DirectoryEntry mgr = ou.Children.Add("CN=Managers", "group"); // Set the group type to a secured domain local group. mgr.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED; // Commit the new group to the directory. mgr.CommitChanges();
[Visual Basic .NET]
The following Visual Basic .NET code example shows how create a non-security group, which is a distribution list called "Full Time Employees", in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.
' Bind to the domain that this user is currently connected to. Dim dom As New DirectoryEntry() ' Find the container (in this case, the Consulting organizational unit) that you ' wish to add the Full Time Employees distribution list to. Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting") ' Add the Full Time Employees distribution list. Dim dl As DirectoryEntry = ou.Children.Add("CN=Full Time Employees", "group") ' Set the group type to global. dl.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP ' Commit the new group to the directory. dl.CommitChanges()
[C#]
The following C# code example shows how create a non-security group, which is a distribution list called "Full Time Employees", in the "Consulting" organizational unit. Use COM Interop to specify the ADS_GROUP_TYPE_GLOBAL_GROUP flag.
// Bind to the domain that this user is currently connected to. DirectoryEntry dom = new DirectoryEntry(); // Find the container (in this case, the Consulting organizational unit) that you // wish to add the Full Time Employees distribution list to. DirectoryEntry ou = dom.Children.Find("OU=Consulting"); // Add the Full Time Employees distribution list. DirectoryEntry dl = ou.Children.Add("CN=Full Time Employees", "group"); // Set the group type to global. dl.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP; // Commit the new group to the directory. dl.CommitChanges();
[Visual Basic .NET]
The following Visual Basic .NET code example shows how to add an entire group to another group.
' Bind to the domain that this user is currently connected to. Dim dom As New DirectoryEntry() ' Find the container (in this case, the North America group) that you ' wish to add. Dim group As DirectoryEntry = dom.Children.Find("CN=North America") ' Connect to the group that you wish to add "group" to. Dim mgr As New DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM") ' Add the distinguishedName of "group" to the members property of "mgr". mgr.Properties("member").Add(group.Properties("distinguishedName").Value) ' Commit the changes to the directory. mgr.CommitChanges()
[C#]
The following C# code example shows how to add an entire group to another group.
// Bind to the domain that this user is currently connected to. DirectoryEntry dom = new DirectoryEntry(); // Find the container (in this case, the North America group) that you // wish to add. DirectoryEntry group = dom.Children.Find("CN=North America"); // Connect to the group that you wish to add "group" to. DirectoryEntry mgr = new DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM"); // Add the distinguishedName of "group" to the members property of "mgr". mgr.Properties["member"].Add(group.Properties["distinguishedName"].Value); // Commit the changes to the directory. mgr.CommitChanges();