Active Directory Scripting – create Security Group

Posted by Albert Gareev on Feb 18, 2010 | Categories: Back-endSource code

Reference page: Active Directory – Sample Scripts (Excel/VBA)

How to create Security Group


Security Group object could be created within its container object – Organizational Unit. The example below is based on the assumption that we successfully retrieved an instance of Organizational Unit. An existing User Account will also be added to the newly created Security Group.

Note. You need to login as an authorized person to successfully execute the script. 

Common definitions

' Domain: DEV.ENV.COM
Dim sDomain, dvDC
sDomain = "DEV.ENV.COM"
dvDC = Split(sDomain, ".")

' Organizational Units
'  Company01 - Active Directory Path: ""
' User Accounts
'  User01 - belongs to Company01
' Security Groups
'  Group02 - new Security Group; will be created in Company01

Dim sGroupName, sUserPath
sGroupName= "Group02"
sUserPath = "cn=User01, ou=Company01, ou=Client, ou=Main, dc=dev,dc=env,dc=com"

'1. Create Security Group
boolRC = CreateGroup(objClientOU, objSecurityGroup)
If Not boolRC Then
'error-handling goes here
End If

'2. Add the User to the Group
objSecurityGroup.PutEx 3, "member", Array(sUserPath)

'Submit info back to Active Directory
On Error Resume Next
boolRC = (Err.Number <> 0)
On Error GoTo 0
If boolRC Then
    sReturnMessage = "Failed to add the user to Security Group " & sGroupName
End If

How to create new Security Group in Active Directory (Excel/VBA source code)

Note that we assume that we have a valid object instance in objOU.

If you build your own script

Depending on the scale of solution you implement you may want to refactor and expand the example presented below in order to exclude usage of global variables (sDomain, sGroupName, sUserPath, etc.) and provide reporting functionality (based on sReturnMessage).

Public Function CreateGroup(ByRef objOU, ByRef objGroup)
Dim boolRC
'Create Security Group
On Error Resume Next
Set objGroup = objOU.Create("Group", "cn=" & sGroupName)
boolRC = (Err.Number <> 0)
On Error GoTo 0
If boolRC Then
   sReturnMessage = "Failed to create Security Group " & sGroupName
   CreateGroup = False
   Exit Function
End If

objGroup.Put "sAMAccountName", sGroupName

'Submit group name
On Error Resume Next
boolRC = (Err.Number <> 0)
On Error GoTo 0
If boolRC Then
   sReturnMessage = "Failed to create Security Group " & sGroupName
   CreateGroup = False
   Exit Function
End If
CreateGroup = True

End Function


Active Directory Schema Terminology

User Class

Group Class

SAM-Account-Name Attribute

PutEx Method

SetInfo Method

  • One response to "Active Directory Scripting – create Security Group"

  • Forex Robots
    28th February 2010 at 18:50

    Hey, you’re automating testers, we’re automating Brokers!

    [ Albert’s reply.
    No, not quite like that.

    I automate certain software testing activities: workflow tree, data lifecycle, taking snapshots, information gathering, state change detection, verification, validation, logging and reporting.
    Investigation and decision-making, as well as communication and accountability are on humans and that’s how it must be.

    From your own blog, those robots perform monitoring, detection, forecasting, and trading based on criteria developed by people “who have been in the Forex trade for over 40 years”. Users either have to continuously maintain settings for those criteria (that is, to be trading experts on their own) or have to frequently download paid updates (that is, paying for someone else’s expertise).

    And, by the way, software testing is much more complicated :) ]

Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported
This work by Albert Gareev is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported.