Group in Active Directory allows you to manage and control access to resources and permissions for users. Here’s how to create groups in Active Directory:
Open Active Directory Users and Computers:
1. Click Start or Press Window Key ⊞ Win.
2. Navigate to Windows Administrative Tools folder.
3. Click on Active Directory Users and Computers.
You can also open Active Directory Users and Computers by Clicking Here
Create Group under an Organizational Unit (OU) you wish:
1. Right Click the OU in which you want to add the group.
2. Click on New.
3. Select Group.
Group Properties:
A “New Object – Group” dialog box will open. Here, you can specify the following properties for the group:
a. Group Name: Enter a name for the group.
b. Group Scope: There are three types of group scopes:
• Domain Local: Used to assign permissions within a single domain.
• Global: Used to group users from the same domain or across trusted domains for resource access.
• Universal: Used for more complex scenarios, typically when dealing with multiple domains in a forest.
C Group Type: There are two group types:
• Security: Used for security purposes, like assigning permissions.
• Distribution: Used for email distribution lists.
5. Click OK:
After specifying the group properties, click “OK” to create the group.
6. Adding Members:
You can add members to the group by right-clicking on the group, selecting “Properties” and then searching for and adding the users or other groups you want to include.
7. Assigning Permissions:
Once the group is created and members are added, you can assign permissions to the group. Right-click the group you want to apply permissions to, and select “Properties,” go to the “Security” tab, and add the group with the appropriate permissions.
