1
00:00:01,440 --> 00:00:04,030
So creating security groups is fairly straightforward.

2
00:00:04,030 --> 00:00:06,500
I'm pretty sure everybody's familiar with the process,

3
00:00:06,500 --> 00:00:07,630
but we're going to go through it here.

4
00:00:07,630 --> 00:00:11,520
Here I am on a domain controller. You can do this, again, on a domain

5
00:00:11,520 --> 00:00:15,860
controller or any workstation with the admin tools installed.

6
00:00:15,860 --> 00:00:19,320
I'm going to open up the Active Directory Users and Computers

7
00:00:19,320 --> 00:00:22,640
Management Console. Just very simply right‑click Users,

8
00:00:22,640 --> 00:00:30,600
click New, and then Group. We'll provide a name. In this case, we'll

9
00:00:30,600 --> 00:00:38,710
do our VPN Servers group first. And the Group type should be Security,

10
00:00:38,710 --> 00:00:42,860
and the Group scope is really dependent on your requirements. We'll

11
00:00:42,860 --> 00:00:49,740
use a global group scope here, but you can use universal groups if you choose.

12
00:00:49,740 --> 00:01:05,300
And then I'll repeat the process for our NPS Servers and once again

13
00:01:05,300 --> 00:01:18,970
for our VPN Users. And finally, for our VPN devices,

14
00:01:18,970 --> 00:01:21,440
I'm going to use PowerShell to do that.

15
00:01:21,440 --> 00:01:26,130
So let's open an elevated PowerShell command window. Simply right‑click on

16
00:01:26,130 --> 00:01:34,350
the Start menu and choose Windows PowerShell (Admin). The PowerShell cmdlet

17
00:01:34,350 --> 00:01:41,510
to use for creating a group is New‑ADGroup, and we'll provide a name for

18
00:01:41,510 --> 00:01:46,780
the group as well, and we'll specify the scope of the group, in this case,

19
00:01:46,780 --> 00:01:53,940
a domain global group.

20
00:01:53,940 --> 00:01:59,000
We'll populate these groups once we're finished building out the infrastructure servers later.