5. Populating Groups
After you create a group, you can add members
to it. The domain level that the domain is running in determines
whether this group can have other groups as members.
To add members to an existing group, follow these steps:
1. Launch Server Manager on a machine that has the RSAT AD DS Tools installed.
2. Expand the Tools menu and run Active Directory Users and Computers.
3. Expand the domain folder (in this example, the companyabc.com folder).
4. Select the Users
container or the OU that was used in the previous section. In the right
pane, right-click the group that was created earlier, and select
Properties.
5. Enter a description for the group on the General tab, and then click the Members tab.
6. Click Add to add members to the group.
7. In the Select
Users, Contacts, Computers, Service Accounts or Groups window, type in
the name of each group member separated by a semicolon and click OK to
add these users to the group. If you don’t know the names, clicking the
Advanced button opens a window where you can perform a search to locate
the desired members.
8. When all the members are listed on the Members tab of the group’s property page, click OK to complete the operation.
6. Group Management
After a group is created, it needs to be
managed by an administrator, users, or a combination of both, depending
on the dynamics of the group.
To delegate control of a group to a particular user, follow these steps:
1. Launch Server Manager on a machine that has the RSAT AD DS Tools installed.
2. Expand the Tools menu and run Active Directory Users and Computers.
3. Select Advanced Features from the View menu.
4. Expand the domain folder (in this example, the companyabc.com folder).
5. Select the Users
container or the OU that was used in the previous section. In the right
pane, right-click the group that was created earlier, and select
Properties.
6. Select the Security tab.
7. At the bottom of the page, click the Advanced button.
8. In the Advanced Security Settings for Group dialog box, select the Permissions tab.
9. Click Add and then click Select a Principal.
10. In the Select
User, Computer, Service Account or Group window, type in the name of
the account for which you want to grant permissions, and click OK.
11. When the
Permissions Entry for Group window appears, click the Apply To
drop-down list arrow, and then select This Object Only as shown in Figure 2.
Figure 2. Granting permissions to modify group membership.
12. In the Properties section, check the boxes for Read Members and Write Members, and then click OK.
13. Click OK to close the Advanced Security Settings for Group dialog box.
14. Click OK to close the group’s property pages.
