Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, you can create a group, and set its' type and scope, from the command-line.

The syntax is:

dsadd group group_DN -samid SAM_Name -secgrp yes | no -scope l | g | u

where:

                              group_DN   is the distinguished name of the group, like any of the following:                                                   "CN=accountants,CN=Users,DC=JSIINC,DC=COM"                                                   "CN=Accounts Payables,CN=Users,DC=JSIINC,DC=COM"                              SAM_Name   is the unique SAM name for the group, like accountants.                              yes | no   indicates if the group type is a security group (yes), or a distribution group (no).                              l | g | u  is the group scope where l is domain local, g is global, and u is universal.                                          If the domain functional level is Windows 2000 mixed, only security groups with domain local scopes or global scopes are permitted.
To add a member to a group, the syntax is:

dsmod group group_DN -addmbr member_DN where:

                              group_DN   is the distinguished name of the group.                              member_DN  is the distinguished name of the object that you wish to add to the group,                                         like "CN=Jerold Schulman,CN=Users,DC=JSIINC,DC=COM".                              NOTE: To delete a group:                              dsrm group_DN                              NOTE: To delete a member:                              dsmod group group_DN -rmmbr member_DN                              NOTE: For additional options, type dsadd group /? or dsmod group /?.