Add an AD LDS Group to the Directory

Applies To: Windows Server 2008

In addition to the four role-based groups that are provided by default in each directory partition in the Active Directory Lightweight Directory Services (AD LDS) (Administrators, Instances, Readers, and Users), you can add your own groups. You can add both AD LDS users and Windows users to the AD LDS groups that you create.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition..

To add an AD LDS group to the directory

  1. To open Active Directory Service Interfaces (ADSI) Edit, on a computer with the AD LDS server role installed, click Start, click Administrative Tools, and then click ADSI Edit.

  2. Connect and bind to the AD LDS instance to which you want to add a group. For more information, see Manage an AD LDS Instance Using ADSI Edit.

  3. In the console tree, double-click the directory partition to which you want to add the group.

  4. In the console tree, right-click the container to which you want to add the group, point to New, and then click Object.

  5. In Select a class, click Group, and then click Next.

  6. In Value, type a common name (CN) for the new group, and then click Next.

  7. If you want to set values for additional attributes, click More attributes.

  8. After setting all the desired attributes for the new group, click Finish.


When you type a value for the groupType attribute, 2147483650 (equivalent to 0x80000002 hexadecimal) represents a security-enabled account (global) group.