Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, you can create a group, and set its' type and scope, from the command-line.
The syntax is:
dsadd group group_DN -samid SAM_Name -secgrp yes | no -scope l | g | u
where:
group_DN is the distinguished name of the group, like any of the following:
"CN=accountants,CN=Users,DC=JSIINC,DC=COM"
"CN=Accounts Payables,CN=Users,DC=JSIINC,DC=COM"
SAM_Name is the unique SAM name for the group, like accountants.
yes | no indicates if the group type is a security group (yes), or a distribution group (no).
l | g | u is the group scope where l is domain local, g is global, and u is universal.
If the domain functional level is Windows 2000 mixed, only security groups with domain local scopes or global scopes are permitted.To
add a member to a group, the syntax is:
dsmod group group_DN -addmbr member_DN where:
group_DN is the distinguished name of the group.
member_DN is the distinguished name of the object that you wish to add to the group,
like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM".
NOTE: To delete a group:
dsrm group_DN
NOTE: To delete a member:
dsmod group group_DN -rmmbr member_DN
NOTE: For additional options, type dsadd group /? or dsmod group /?.
0 comments
Hide comments
