Creating groups in Active Directory (AD) is a foundational task for managing permissions, organizing users, and controlling access to network resources. This guide walks you through how to create and configure security or distribution groups using Active Directory Users and Computers (ADUC).
Step 1: Open Active Directory Users and Computers
- Click Start or press ⊞ Win.
- Navigate to the Windows Administrative Tools folder.
- Click on Active Directory Users and Computers.
Need help launching ADUC? Click here for a full guide.
Step 2: Choose the Organizational Unit (OU)
- Right-click the OU where you want to create the group.
- Select New > Group.
Step 3: Configure Group Properties
A dialog box titled New Object – Group will appear. Here, specify the following:
- Group Name: Choose a meaningful and consistent name.
- Group Scope:
- Domain Local: Assign permissions within the same domain.
- Global: Use for users across the same domain or trusted domains.
- Universal: Ideal for multiple domains across a forest.
- Group Type:
- Security: Used to assign security permissions.
- Distribution: Used for email distribution lists only.
Click OK to finish creating the group.
Step 4: Add Members to the Group
- Right-click the newly created group and select Properties.
- Go to the Members tab.
- Click Add and search for users or other groups to include.
Step 5: Assign Permissions
Once members are added, you can assign permissions to the group:
- Right-click on a resource (e.g., folder, printer, application).
- Select Properties > Security tab.
- Add your group and configure the appropriate permission level (Read, Write, Full Control).
Final Notes
- Use clear naming conventions like
HR_ReadOnlyorFinance_FullAccess. - Document each group’s purpose and scope.
- Review and clean up unused groups regularly.
