//+------------------------------------------------------------------------- // // THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF // ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO // THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A // PARTICULAR PURPOSE. // // Copyright (c) Microsoft Corporation. All rights reserved. // // AddGroup VC Sample: Adding a group to Active Directory // //-------------------------------------------------------------------------- Description =========== The AddGroup sample adds a group object to a specified container in Active Directory. The specified container is commonly an organizational unit. The sample uses the IDirectoryObject interface to create and set properties for the group object. Optionally, the sample can create a local, global, or universal domain group; and can also specify whether the new group is a distribution group, such as an e-mail distribution list, or a security group for use in access-control entries (ACEs). This sample uses the LDAP: provider and is suitable for Windows 2000 and later networks running Active Directory. Sample Files ============ * AddGroup.sln * AddGroup.vcproj * Main.Cpp * makefile * readme.txt Building the Sample =================== When you build this sample using Visual Studio, be sure that you have the INCLUDE directory for the Platform SDK set first in the Options list of include files. To build this sample 1. Open the solution AddGroup.sln. 2. From the Build menu, select Build. You can also build this sample at a command prompt using the supplied makefile. Running the Sample ================== You must run this sample in a Windows domain where you have permission to write to Active Directory. To run this sample 1. Open a command prompt and change to the directory where you built the sample. 2. After selecting suitable parameters, type the followin command. The last two parameters of the command are optional. addgroup \ [{global | local | universal}] [{Security | NoSecurity}] In this command: is Active Directory service path of the container in which to create the group. is the Windows 2000 group name. is the Windows NT 4 downlevel compatible group name. {global | local | universal} specifies the scope of the group. {security | nosecurity} specifies the security context of the group. Example Output ============== The following example assumes that the domain is Fabrikam.Com and that an organizational unit named "Example Org Unit" exists in that domain. The command Addgroup "LDAP://OU=Example Org Unit,DC=Fabrikam,DC=Com" "Win2K Group Name" \ "Downlevel Name" global security creates the group "Win2K Group Name" in the Fabrikam.Com domain with global scope and with security enabled. The output from this command is the following. New Group created with the following properties: NAME: CN=Win2K Group Name CLASS: group GUID: 8edcc9e9d52cbd48a30f1bd737b530d2 (this value differs in each run) ADSPATH: LDAP://CN=Win2K Group Name,OU=Example Org Unit,DC=Fabrikam,DC=Com PARENT: LDAP://OU=Example Org Unit,DC=Fabrikam,DC=Com SCHEMA: LDAP://schema/group You can verify the result by opening and examining the Active Directory Users and Computers snap-in of the Microsoft Management Console. How the Sample Works ==================== The sample defines the following functions. main Performs initialization, calls other functions, and performs finalization. CheckADHRESULT Displays ADSI or COM error message given an HRESULT. CrackADError Converts HRESULT to error string. CreateGroup Uses the IDirectoryObject inteface to create a group and set its properties. ParseCommandLine Parses the command line to determine parameters for the group. PrintADSObject Prints all the attributes of an Active Directory service object. See Also ======== IDirectoryObject::CreateDSObject Creating Groups in a Domain