21.6 Creating a Group

Now we will move on to creating groups. Creating a group is very similar to creating a user. You use the same IADsContainer::Create method:

Set objGroup = objSalesOU.Create("group", "cn=Managers")
objGroup.Put "sAMAccountName", "Managers"

This code assumes we already have a pointer to an OU in the objSalesOU variable. The IADs::Put method is used to set the sAMAccountName, a mandatory attribute with no default value, just like with users.

The IADsGroup interface that operates on group objects supports four methods and one property that is specific to the group object, as listed in Table 21-4.

Table 21-4. The IADsGroup interface

IADsGroup methods and properties



Adds users to the group as members


Removes user members from the group


Tests to see if a user is a member of a group


Returns a list of all the members of the group


Returns the text describing the group

In Example 21-7, we show how to create a group with both the WinNT and LDAP providers.

Example 21-7. Creating a group with both the WinNT and LDAP providers
Option Explicit

Dim objDomain, objGroup

'Creating a group in a Windows NT domain
Set objDomain = GetObject("WinNT://MYDOMAIN")
Set objGroup = objDomain.Create("group","My Group")

'Creating a local group on a computer or member server

'Valid for Windows NT, Windows 2000 and Windows Server 2003
Set objComputer = GetObject("WinNT://MYCOMPUTER,Computer")
Set objGroup = objComputer.Create("group","My Group")

'Creating a group in Active Directory
Set objDomain = GetObject("LDAP://cn=Users,dc=mycorp,dc=com")
Set objGroup = objDomain.Create("user","cn=My Group")
ObjGroup.Put "sAMAccountName", "MyGroup"

    Part II: Designing an Active Directory Infrastructure
    Part III: Scripting Active Directory with ADSI, ADO, and WMI