Groups are essential objects in an Active Directory (AD) alongside other AD objects, such as user accounts, OUs, and so on. A group object is of type container object in AD, as it contains other AD objects. This object plays a vital role in administering an active directory network. The primary purpose of a group in an AD is to simplify assigning permissions to AD users. How? You create a group for certain Active Directory users, make those users members of the group, and simply assign permissions to the group instead of assigning permissions to individual users. That is how it can save lots of your time and simplifies users’ access control in a network.
Let’s see a brief example to further illustrate how a group object simplifies access control and permission assignment. Let’s say you want to share a folder for 50 users working in the sales department. Now, you have two options: First, to assign permission individually for every 50 users. Second, to create a group, give permission once for your group, and make all 50 users members of that group. The efficient and easy way is, for sure, the second approach.
With the above overview of the AD group object and its role in mind, the rest of this guide shows you how to create and configure a group in a Windows Server-based Active Directory network. So stick reading on till the end.
Note: This guide is written based on Windows Server 2022. However, it also works on Windows Server 2019 and 2016.
RELATED: Install and Configure Active Directory in Windows Server 2022 Using PowerShell.
Create a Group in Active Directory: Windows Server 2022
To create an Active Directory group, you should log in with an AD user with administrative privilege, whether you use a local user account or you connect to the DC remotely. With that condition true, follow the steps below.
- Open Active Directory Users and Computers (ADUC). To do so, press the Windows + R keys to open the Run utility. Then, type
dsa.mscand hit enter. You can also open the ADUC by navigating through Server Manager >> Tools >> Active Directory User and Computers.
- On the ADUC console, select the OU or Container where you want to create the new group. Then, click the group icon on the top bar, or right-click the OU or container and select New -> Group from the menu, as shown in the below shot.
- On the New Object – Group window, put a name for your new Active Directory group. Then, specify the scope and type for your new group in the Group scope and Group type sections, respectively. Click OK once set.
- Group Name: Make sure to define a meaningful name for your new group that defines your group’s purpose. You should follow the naming convention of your organization.
- Group Scope: Depending on your AD forest structure, choose from Domain Local, Global, and Universal as your Group scope, whichever is appropriate. Read the details for each of these scopes HERE.
- Group Type: If your group is for assigning access permission to resources in your network, choose Security as your group type. If your group is for sending emails to users by an email application like Exchange, choose Distribution as your group type. Read the detailed differences HERE.
That is it! The above steps are all you need to go through to create a new Active Directory Group in Windows Server 2022.
Configure Active Directory Group: Window Server 2022
Once you have created your group in Active Directory, there are some basic yet necessary settings and tasks you should be able to perform on your group.
To add your group to another group in your AD, right-click it and select Add to a group. Then, type the name of the target group and click the Check Names button. Once found, the group name will be underlined. just click OK, and your group gets added there.
Another necessary task is moving your group to another container or OU in your AD. To do so, use the Move option of the group right-click menu. Then, select the target OU or Container and click OK. You can also use the Cut option and then paste it into the target OU or Container to move your group.
Like the above tasks, you can use the Rename and Delete options from the group right-click menu to rename and delete your AD group, respectively.
Another advanced configuration window for your AD group is its Properties window. Double-click your AD group or right-click it and select Properties to get to the Properties window. Once there, use the General tab to change your group name, description, scope, and type, as you can see in the below image.
Also, to add a user account or group to your AD group, go to the Members tab, click Add, type the user or group name and click Check Names. Once found, click OK to add it. Click OK on the Properties window to save the changes. Note that you can add an AD user to a group from the user account side I discussed HERE.
Lastly, use the Member Of tab to make your group a member of other AD groups. It is truly an alternative way to the one I discusses earlier. The process is like the Members tab I just discussed.
Wrap Up
Group is a crucial object in an Active Directory network with a super essential and effective role in the ease of Active Directory administration. The main purpose of an AD group is to simplify access control of AD users to network resources, as I discussed in the beginning.
With an overview of the Active Directory Group said first, you learned how to create it using the graphical UI method in Windows Server 2022. The article also discussed some necessary configurations and settings of an AD group you need to know for its further manipulations.
I hope you enjoy reading this guide. Feel free to put your questions and thoughts in the comment section. Also, make sure to share it with your friends who can find it helpful. Thank you.
You may also like to read Create a Root DNS Zone in Windows Server 2022 to Stop External Name Resolution.
