通过

创建组

  • 项目

本主题说明如何创建几种类型的组。

创建新组时,可以使用 ADS_GROUP_TYPE_ENUM 枚举中的标志,将某个组类型分配给该组,例如全局组 (ADS_GROUP_TYPE_GLOBAL_GROUP)、域本地组 (ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP)、本地组 (ADS_GROUP_TYPE_LOCAL_GROUP)、通用组 (ADS_GROUP_TYPE_UNIVERSAL_GROUP) 或启用了安全性的组 (ADS_GROUP_TYPE_SECURITY_ENABLED)。如果您没有指定组类型,则默认为创建全局安全组 (ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED)。有关 ADS_GROUP_TYPE_ENUM 枚举的详细信息,请参阅 MSDN Library(网址为 https://go.microsoft.com/fwlink/?LinkID=27252)中的“ADS_GROUP_TYPE_ENUM”。

下面的 Visual Basic .NET 代码示例说明如何创建一个名为 Practice Managers 的新组,该组位于名为 Consulting 的组织单元中。在域中,sAMAccountName 属性是强制的,但在 Windows Server 2003 或更高版本的域中,sAMAccountName 属性是可选的。有关 sAMAccountName 属性的详细信息,请参阅 MSDN Library(网址为 https://go.microsoft.com/fwlink/?LinkID=27252)中的“sAMAccountName”或“SAM-Account-Name attribute”(SAM-Account-Name 属性)。

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the Consulting organizational unit) that you 
' wish to add the new group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")

' Add the new group Practice Managers.
Dim group As DirectoryEntry = ou.Children.Add("CN=Practice Managers", "group")

' Set the samAccountName for the new group.
group.Properties("samAccountName").Value = "pracmans"

' Commit the new group to the directory.
group.CommitChanges()

下面的 C# 代码示例说明如何创建一个名为 Practice Managers 的新组,该组位于名为 Consulting 的组织单元中。在域中,sAMAccountName 属性是强制的,但在 Windows Server 2003 或更高版本的域中,sAMAccountName 属性是可选的。有关 sAMAccountName 属性的详细信息,请参阅 MSDN Library(网址为 https://go.microsoft.com/fwlink/?LinkID=27252)中的“sAMAccountName”或“SAM-Account-Name attribute”(SAM-Account-Name 属性)。

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you 
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");

// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";

// Commit the new group to the directory.
group.CommitChanges();

下面的 Visual Basic .NET 代码示例说明如何创建一个名为 Managers 的本地域组,该组位于 Consulting 组织单元中。使用 使用 COM Interop 访问 ADSI 指定 ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 标志。

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the Consulting organizational unit) that you 
' wish to add the new local domain group to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")

' Add the Managers group.
Dim mgr As DirectoryEntry = ou.Children.Add("CN=Managers", "group")

' Set the group type to a secured domain local group.
mgr.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP Or ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED

' Commit the new group to the directory.
mgr.CommitChanges()

下面的 C# 代码示例说明如何创建一个名为 Managers 的本地域组,该组位于 Consulting 组织单元中。使用 使用 COM Interop 访问 ADSI 指定 ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP 标志。

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you 
// wish to add the new local domain group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the Managers group.
DirectoryEntry mgr = ou.Children.Add("CN=Managers", "group");

// Set the group type to a secured domain local group.
mgr.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP | 
ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED;

// Commit the new group to the directory.
mgr.CommitChanges();

下面的 Visual Basic .NET 代码示例说明如何创建一个非安全组,该组位于 Consulting 组织单元中,是一个名为 Full Time Employees 的分发列表。使用 使用 COM Interop 访问 ADSI 指定 ADS_GROUP_TYPE_GLOBAL_GROUP 标志。

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the Consulting organizational unit) that you
' wish to add the Full Time Employees distribution list to.
Dim ou As DirectoryEntry = dom.Children.Find("OU=Consulting")

' Add the Full Time Employees distribution list.
Dim dl As DirectoryEntry = ou.Children.Add("CN=Full Time Employees", "group")

' Set the group type to global.
dl.Properties("groupType").Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP

' Commit the new group to the directory.
dl.CommitChanges()

下面的 C# 代码示例说明如何创建一个非安全组,该组位于 Consulting 组织单元中,是一个名为 Full Time Employees 的分发列表。使用 使用 COM Interop 访问 ADSI 指定 ADS_GROUP_TYPE_GLOBAL_GROUP 标志。

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the Full Time Employees distribution list to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the Full Time Employees distribution list.
DirectoryEntry dl = ou.Children.Add("CN=Full Time Employees", "group");

// Set the group type to global.
dl.Properties["groupType"].Value = ActiveDs.ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP;

// Commit the new group to the directory.
dl.CommitChanges();

下面的 Visual Basic .NET 代码示例说明如何向其他组添加整个组。

' Bind to the domain that this user is currently connected to.
Dim dom As New DirectoryEntry()

' Find the container (in this case, the North America group) that you
' wish to add.
Dim group As DirectoryEntry = dom.Children.Find("CN=North America")

' Connect to the group that you wish to add "group" to.
Dim mgr As New DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM")

' Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties("member").Add(group.Properties("distinguishedName").Value)

' Commit the changes to the directory.
mgr.CommitChanges()

下面的 C# 代码示例说明如何向其他组添加整个组。

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the North America group) that you
// wish to add.
DirectoryEntry group = dom.Children.Find("CN=North America");

// Connect to the group that you wish to add "group" to.
DirectoryEntry mgr = new DirectoryEntry("LDAP://CN=Managers,OU=Consulting,DC=Fabrikam,DC=COM");

// Add the distinguishedName of "group" to the members property of "mgr".
mgr.Properties["member"].Add(group.Properties["distinguishedName"].Value);

// Commit the changes to the directory.
mgr.CommitChanges();

另请参见

参考

System.DirectoryServices

概念

组管理
使用 COM Interop 访问 ADSI

Send comments about this topic to Microsoft.

版权所有 (C) 2007 Microsoft Corporation。保留所有权利。