none
Active Directory Adding a Group RRS feed

  • Question

  • The code below works fine for adding accounts to an existing group

    DirectoryEntry dirEntry = newDirectoryEntry("LDAP://"+ groupDN);
    dirEntry.Properties["member"].Add(userDn);
    dirEntry.CommitChanges();

    How can I create a new group with code?
    Thursday, March 15, 2018 2:07 PM

Answers

  • In general the steps to create a group in AD would be:

    1. Bind to the parent OU or container (where the new group will be created in the hierarchy of AD).
    2. Invoke the Create method of the container object. Pass the class of the new object (group) and the Relative Distnguished Name (the common name of the group) to the create method.
    3. Use the Put method of the group object to assign values to any mandatory attributes. For groups only the sAMAccountName is mandatory.
    4. Use the Put method of the group object to assign values to any optional attributes.
    5. Invoke the CommitChanges method of the group object to save the new group in AD.

    I code in PowerShell, but .NET code would be similar to:

    DirectoryEntry Parent = New DirectoryEntry("LDAP://ou=Sales,ou=West,dc=mydomain,dc=com")
    NewGroup = Parent.Create("group", "cn=New Group")
    NewGroup.Put("sAMAccountName", "NewGroup")
    NewGroup.CommitChanges()

    Edit: Reference:

    https://msdn.microsoft.com/en-us/library/aa772364(v=vs.85).aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Thursday, March 15, 2018 7:05 PM
  • Now it runs correctly. 

    DirectoryEntry parent = new DirectoryEntry("LDAP://ou=Sales,ou=West,dc=mydomain,dc=com"));  //Distinguished Name
    object[] args = { "group", "cn=baba" }; //Name
    DirectoryEntry NewGroup = parent.Invoke("Create", args) as DirectoryEntry;
    object[] args2 = { "sAMAccountName", "baba" }; //Group Name
    NewGroup.Invoke("Put", args2);
    NewGroup.CommitChanges();


    • Marked as answer by Arne Garvan Tuesday, March 20, 2018 1:34 PM
    • Edited by Arne Garvan Tuesday, March 20, 2018 6:39 PM
    Monday, March 19, 2018 2:19 PM
  • Ah, Invoke Put. I should have thought of that. Glad you got it to work.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Arne Garvan Tuesday, March 20, 2018 6:37 PM
    Tuesday, March 20, 2018 2:29 PM

All replies

  • In general the steps to create a group in AD would be:

    1. Bind to the parent OU or container (where the new group will be created in the hierarchy of AD).
    2. Invoke the Create method of the container object. Pass the class of the new object (group) and the Relative Distnguished Name (the common name of the group) to the create method.
    3. Use the Put method of the group object to assign values to any mandatory attributes. For groups only the sAMAccountName is mandatory.
    4. Use the Put method of the group object to assign values to any optional attributes.
    5. Invoke the CommitChanges method of the group object to save the new group in AD.

    I code in PowerShell, but .NET code would be similar to:

    DirectoryEntry Parent = New DirectoryEntry("LDAP://ou=Sales,ou=West,dc=mydomain,dc=com")
    NewGroup = Parent.Create("group", "cn=New Group")
    NewGroup.Put("sAMAccountName", "NewGroup")
    NewGroup.CommitChanges()

    Edit: Reference:

    https://msdn.microsoft.com/en-us/library/aa772364(v=vs.85).aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Thursday, March 15, 2018 7:05 PM
  • Now it runs correctly. 

    DirectoryEntry parent = new DirectoryEntry("LDAP://ou=Sales,ou=West,dc=mydomain,dc=com"));  //Distinguished Name
    object[] args = { "group", "cn=baba" }; //Name
    DirectoryEntry NewGroup = parent.Invoke("Create", args) as DirectoryEntry;
    object[] args2 = { "sAMAccountName", "baba" }; //Group Name
    NewGroup.Invoke("Put", args2);
    NewGroup.CommitChanges();


    • Marked as answer by Arne Garvan Tuesday, March 20, 2018 1:34 PM
    • Edited by Arne Garvan Tuesday, March 20, 2018 6:39 PM
    Monday, March 19, 2018 2:19 PM
  • Richard,

    you inspired me to get it done.

    Tuesday, March 20, 2018 1:41 PM
  • Ah, Invoke Put. I should have thought of that. Glad you got it to work.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Arne Garvan Tuesday, March 20, 2018 6:37 PM
    Tuesday, March 20, 2018 2:29 PM