Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, you can create a group, and set its' type and scope, from the command-line.
The syntax is:
dsadd group group_DN -samid SAM_Name -secgrp yes | no -scope l | g | u
group_DN is the distinguished name of the group, like any of the following: "CN=accountants,CN=Users,DC=JSIINC,DC=COM" "CN=Accounts Payables,CN=Users,DC=JSIINC,DC=COM" SAM_Name is the unique SAM name for the group, like accountants. yes | no indicates if the group type is a security group (yes), or a distribution group (no). l | g | u is the group scope where l is domain local, g is global, and u is universal. If the domain functional level is Windows 2000 mixed, only security groups with domain local scopes or global scopes are permitted.To add a member to a group, the syntax is:
dsmod group group_DN -addmbr member_DN where:
group_DN is the distinguished name of the group. member_DN is the distinguished name of the object that you wish to add to the group, like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM". NOTE: To delete a group: dsrm group_DN NOTE: To delete a member: dsmod group group_DN -rmmbr member_DN NOTE: For additional options, type dsadd group /? or dsmod group /?.