security group in active directory, you can create when you plan to manage permission in sharepoint from AD end. This provides additional security, tracking, control and manage permission for the secure contents present in sharpeoint sites. You need to create AD groups of type security in domain controller in windows server 2019. Then add security group to sharepoint site by following the option “Grant Permissions” from ribbon.
Types of group scopes
There are three group scopes like Domain local, Global, Universal.
Types of active directory groups
There are two types of AD groups like Security Groups, Distribution Groups.
Real world situation, there are dedicated organizational unit or we call as OU unit where groups are created. Here i am focusing on creating AD group. Follow the step by step process described in this post and understand how to create security group in AD with global group scope.
- Open “Active Directory Users and Computers” from start menu or following dsa.msc snap in windows server 2019.
- Right click on “OU”, navigate to “New” and select “Group” to create AD group.
- Enter AD group name, select group scope as “Global”, select group type as “Security” and click on “OK” to apply changes.
- Active directory group is created. Right click on the group, select “Properties”.
- Clcik on global security group properties general to see details in it.
- Global security group properties Memebrs to add users to the group created.Click on “Add” to add users.
- “Members Of” properties to see this group is part of any other group.
- global security group properties security to check oermission of this group. You can check in , check out box to edit or modify changes.
- managed by group property can find details as below.
- global security group properties object will display details as below.
Powershell to create security group in active directory
We can create security group in active directory using powershell command New-ADGroup as well so as to make it quick.
New-ADGroup -DisplayName "SPMCSE-Owners" -GroupScope DomainLocal -Name "SPMCSE-Owners" New-ADGroup -DisplayName "SPMCSE-Contributor" -GroupScope DomainLocal -Name "SPMCSE-Contributor" New-ADGroup -DisplayName "SPMCSE-Reader" -GroupScope DomainLocal -Name "SPMCSE-Reader" New-ADGroup -DisplayName "SPMCSE-ViewOnly" -GroupScope DomainLocal -Name "SPMCSE-ViewOnly"
Categories: Active Directory, administration, powershell, powershell command, powershell script, windows server 2019
Leave a Reply