Create DirectAccess Groups in Active Directory

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

In the DirectAccess Setup Wizard, you must select one or more security groups that contain the computer accounts for DirectAccess client and can optionally select or more security groups that contain the computer accounts of selected servers for selected server access.

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to create Active Directory Domain Services (AD DS) security groups. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Important

This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (https://go.microsoft.com/fwlink/?LinkId=179989).

To create a security group for DirectAccess client computers

  1. Click Start, type dsa.msc, and then press ENTER.

  2. In the Active Directory Users and Computers console tree, right-click Users, point to New, and then click Group.

  3. In the New Object - Group dialog box, under Group name, type the group name (example, DA_Clients).

  4. Under Group scope, choose Global, under Group type, choose Security, and then click OK.

To create a security group for selected servers

  1. Click Start, type dsa.msc, and then press ENTER.

  2. In the Active Directory Users and Computers console tree, right-click Users, point to New, and then click Group.

  3. In the New Object - Group dialog box, under Group name, type the group name (example, DA_SelServers).

  4. Under Group scope, choose Global, under Group type, choose Security, and then click OK.

  5. In the contents pane, double-click the group that you just added, and then click the Members tab.

  6. Click Add and specify the computer account name of a selected server, and then click OK. Repeat this step for the other selected server computer accounts.

  7. Click OK.

Note

You must add at least one member computer to the selected security group to specify it in Step 4 of the DirectAccess Setup Wizard.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.