Creating different types of security groups
As mentioned before, there are different types of security groups available in Active Directory: global, domain local, and universal. You may refer to the TechNet article at http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx to know more about group scopes.
To create a new group in Active Directory, the New-ADGroup
cmdlet can be used. This cmdlet accepts three parameters. These are name
of the group, the Organizational Unit path
in AD, and groupScope
, such as domain local/global/universal. Of these, name
and groupScope
need to be provided mandatorily.
Here is the simple command line to create a new blank AD group in AD with no members in it.
The following command creates a new Active Directory group of type DomainLocal
in the specified OU:
New-ADGroup -Name "Test Group1" -Path "OU=Groups,OU=Prod,DC=techibee,DC=ad" -groupScope domainlocal
Similarly, to create other group types, change the parameter -groupScope
....