2.7 Creating and Deleting an Active Directory Group

Active Directory (AD) groups simplify the administration of user accounts or computers in different AD domains by collating them and assigning ubiquitous access rights.

Create an AD Group

we use the New-ADGroup cmdlet, to know the syntax of it:

Get-Command New-ADGroup -Syntax

the easiest way to create an AD group:

New-ADGroup "Group Name"

The system will ask you to specify the GroupScope parameter and then it will create a new group. However, this group will have default values, such as:

• It will be created in the default LDAP container called “Users”.
• It will have the “Security” group type.
• The Members, Member of, Description, Email and Notes fields will all be blank.

Let’s create a new group in the “Production” OU with a name of “IT-Support” and a description of “IT Support Group” and a group scope of “Global”.

New-ADGroup -Name "IT-Support" -Description "IT Support Group" -GroupScope "Global" -Path "OU=Production,DC=tinker,DC=lab"

Delete an AD Group

we use the Remove-ADGroup cmdlet, to know the syntax of it:

Get-Command Remove-ADGroup -Syntax

you could delete an AD group using its name, it’s GUID or it’s SID:

Remove-ADGroup -Identity "IT-Support"
Remove-ADGroup -Identity "517374cb-62fe-47c2-900d-1519b5c3ae44"
Remove-ADGroup -Identity "S-1-5-21-1345008726-4258840500-2711756360-1147"