Add an AD LDS Group to the Directory

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

You can administer users and groups in Active Directory Lightweight Directory Services (AD LDS) through the ADSI Edit snap-in or through your directory-enabled applications. For information about users and groups in AD LDS, see Understanding AD LDS Users and Groups.

To create users in AD LDS, you must first import the optional user classes that are provided with AD LDS into the AD LDS schema. These user classes are provided in importable .ldf files, which you can find in the directory %windir%\adam on the computer where AD LDS is installed.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.

To add an AD LDS group to the directory

  1. Open ADSI Edit.

  2. Connect and bind to the AD LDS instance to which you want to add a group. For more information, see Use ADSI Edit to Manage an AD LDS Instance.

  3. In the console tree, double-click the directory partition to which you want to add the group.

  4. In the console tree, right-click the container to which you want to add the group, point to New , and then click Object .

  5. In Select a class , click Group , and then click Next .

  6. In Value , type a common name (CN) for the new group, and then click Next .

  7. If you want to set values for additional attributes, click More attributes .

  8. After setting all the desired attributes for the new group, click Finish .

Additional considerations

  • To open ADSI Edit, on a computer with the AD LDS server role installed, click Start , click Administrative Tools , and then click ADSI Edit .

  • When you type a value for the groupType attribute, 2147483650 (equivalent to 0x80000002 hexadecimal) represents a group type of "account."

  • You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click Start , click Administrative Tools , and then click Active Directory Module for Windows PowerShell . For more information, see Add an AD LDS Group to the Directory (https://go.microsoft.com/fwlink/?LinkId=137810). For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkID=102372).

Additional references