Recipe16.16.Changing the Scope or Type of a Group

Previous page
Table of content
Next page

Recipe 16.16. Changing the Scope or Type of a Group

Problem

You want to change the scope or type of a group.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Enter the name of the group you want to modify and click Find Now.

  5. Double-click on the group in the results pane.

  6. In the group properties dialog box, select the new scope or type and click OK.

Using a command-line interface

The following example changes the group scope for <GroupDN> to <NewScope>, which should be l for domain local group, g for global group, or u for universal group.

> dsmod group "<GroupDN>" -scope <NewScope>

The following example changes the group type for <GroupDN>. For the -secgrp switch, specify yes to change to a security group or no to make the group a distribution list.

> dsmod group "<GroupDN>" -secgrp yes|no

Using VBScript
' This code sets the scope and type of the specified group  ' to a universal security group. ' ------ SCRIPT CONFIGURATION ------ strGroupDN = "<GroupDN>"  ' e.g., cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com ' ------ END CONFIGURATION ---------     ' Constants taken from ADS_GROUP_TYPE_ENUM ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 1 ADS_GROUP_TYPE_GLOBAL_GROUP       = 2 ADS_GROUP_TYPE_LOCAL_GROUP        = 4 ADS_GROUP_TYPE_SECURITY_ENABLED   = -2147483648 ADS_GROUP_TYPE_UNIVERSAL_GROUP    = 8     set objGroup = GetObject("LDAP://" & strGroupDN ) objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP _                        Or ADS_GROUP_TYPE_SECURITY_ENABLED objGroup.SetInfo

Discussion

Group scope and type are stored as a flag in the groupType attribute on group objects. To directly update groupType, you must logically OR the values associated with each type and scope as shown in the API solution. Note that there is no specific value for the distribution list type. If you want to create a distribution list, do not include the ADS_GROUP_TYPE_SECURITY_ENABLED flag when setting groupType.

For a good description of the usage scenarios for each group type, see Chapter 11 in Active Directory (O'Reilly).


See Also

MS KB 231273 (Group Type and Scope Usage in Windows), MSDN: ADS_GROUP_TYPE_ENUM, and MSDN: What Type of Group to Use.


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
A Practitioners Guide to Software Test Design
C++ GUI Programming with Qt 3
File System Forensic Analysis
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy