Chạy PowerShell hoặc Command Prompt và sử dụng lệnh dsadd group.
# show current group list
PS C:\Users\Administrator> dsquery group -name *
"CN=Administrators,CN=Builtin,DC=srv,DC=world"
"CN=Users,CN=Builtin,DC=srv,DC=world"
"CN=Guests,CN=Builtin,DC=srv,DC=world"
"CN=Print Operators,CN=Builtin,DC=srv,DC=world"
"CN=Backup Operators,CN=Builtin,DC=srv,DC=world"
.....
.....
# for example, add [DBAdmin] group
PS C:\Users\Administrator> dsadd group CN=DBAdmin,CN=Users,DC=srv,DC=world `
-secgrp yes `
-scope g `
-desc "Database Admin Group"
dsadd succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world
PS C:\Users\Administrator> dsquery group -name DBAdmin
"CN=DBAdmin,CN=Users,DC=srv,DC=world"
# options for [dsadd group]
PS C:\Users\Administrator> dsadd group /?
Description: Adds a group to the directory.
Syntax: dsadd group <GroupDN> [-secgrp {yes | no}] [-scope {l | g | u}]
[-samid <SAMName>] [-desc <Description>] [-memberof <Group ...>]
[-members <Member ...>] [{-s <Server> | -d <Domain>}] [-u <UserName>]
[-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
.....
.....
Để thêm thành viên vào nhóm sử dụng lệnh dsmod group
# for example, add [Redstone] user to [DBAdmin] group
PS C:\Users\Administrator> dsmod group CN=DBAdmin,CN=Users,DC=srv,DC=world `
-addmbr CN=Redstone,CN=Users,DC=srv,DC=world
dsmod succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world
# verify
PS C:\Users\Administrator> dsget group CN=DBAdmin,CN=Users,DC=srv,DC=world -members
"CN=Redstone,CN=Users,DC=srv,DC=world"
# if delete a member from a group, do like follows
PS C:\Users\Administrator> dsmod group CN=DBAdmin,CN=Users,DC=srv,DC=world `
-rmmbr CN=Redstone,CN=Users,DC=srv,DC=world
dsmod succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world
Nếu bạn muốn xóa nhóm sử dụng lệnh dsrm
# for example, delete [DBAdmin] group
PS C:\Users\Administrator> dsrm "CN=DBAdmin,CN=Users,DC=srv,DC=world"
Are you sure you wish to delete CN=DBAdmin,CN=Users,DC=srv,DC=world (Y/N)? y
dsrm succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world
Nếu bạn sử dụng PowerShell, bạn có thể sử dụng Cmdlet cho PowerShell
# show current group list
PS C:\Users\Administrator> Get-ADGroup -Filter * | Format-Table DistinguishedName
DistinguishedName
-----------------
CN=Administrators,CN=Builtin,DC=srv,DC=world
CN=Users,CN=Builtin,DC=srv,DC=world
CN=Guests,CN=Builtin,DC=srv,DC=world
CN=Print Operators,CN=Builtin,DC=srv,DC=world
CN=Backup Operators,CN=Builtin,DC=srv,DC=world
.....
.....
# for example, add [DBAdmin] group
PS C:\Users\Administrator> New-ADGroup DBAdmin `
-GroupScope Global `
-GroupCategory Security `
-Description "Database Admin Group"
# verify
PS C:\Users\Administrator> Get-ADGroup -Identity DBAdmin
DistinguishedName : CN=DBAdmin,CN=Users,DC=srv,DC=world
GroupCategory : Security
GroupScope : Global
Name : DBAdmin
ObjectClass : group
ObjectGUID : 401cf330-57a3-4352-bb00-8e1932b47036
SamAccountName : DBAdmin
SID : S-1-5-21-1938244123-2570910143-1886879425-1110
# if delete, do like follows
PS C:\Users\Administrator> Remove-ADGroup -Identity "CN=DBAdmin,CN=Users,DC=srv,DC=world"
Confirm
Are you sure you want to perform this action?
Performing the operation "Remove" on target "CN=DBAdmin,CN=Users,DC=srv,DC=world".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
# options for [New-ADGroup]
PS C:\Users\Administrator> Get-Help New-ADGroup
NAME
New-ADGroup
SYNOPSIS
Creates an Active Directory group.
SYNTAX
New-ADGroup [-Name] <String> [-GroupScope] {DomainLocal | Global | Universal} [-AuthType {Negotiate | Basic}] [-Cre
dential <PSCredential>] [-Description <String>] [-DisplayName <String>] [-GroupCategory {Distribution | Security}]
[-HomePage <String>] [-Instance <ADGroup>] [-ManagedBy <ADPrincipal>] [-OtherAttributes <Hashtable>] [-PassThru] [-
Path <String>] [-SamAccountName <String>] [-Server <String>] [-Confirm] [-WhatIf] [<CommonParameters>]
.....
.....
