WEBVTT

00:00.480 --> 00:07.860
Add in one group member to another in previous lessons we saw how to teach you the recounts and computer

00:07.860 --> 00:11.730
accounts for security groups by your Active Directory.

00:11.730 --> 00:12.830
Come on let's.

00:12.830 --> 00:20.130
Another common Active Directory operation related to security groups is add in one security group to

00:20.130 --> 00:21.860
another security group.

00:21.870 --> 00:30.960
This is done for reasons of management of permissions and memberships before proceeding to see how groups

00:30.960 --> 00:32.260
can be nested.

00:32.400 --> 00:39.950
Let's first understand what type of scope of groups can be added to a given security group.

00:39.960 --> 00:47.930
Mazhar this you might run into errors such as in this example and to start thinking what is wrong.

00:48.090 --> 00:53.970
So let's run this command and try to add one group to another.

00:54.060 --> 01:01.830
They've got gotten narrower and if you read the error message carefully it clearly states that a local

01:01.830 --> 01:05.880
group can not be a member of a universal group.

01:06.000 --> 01:12.230
It is good to know these things before attempting to enter a group in another group.

01:12.360 --> 01:20.290
You can read more about the different security group types and to the membership details.

01:20.400 --> 01:30.010
But in short universal group can be called Global and universal groups from any man in the same forest

01:30.010 --> 01:38.210
as members of a global group can hold other global groups from the same forest and to the local group

01:38.330 --> 01:46.320
can hold global groups from any domain including trusted universal groups from the same forest domain

01:46.320 --> 01:52.320
groups from the same domain and global and universal groups from other forests.

01:52.320 --> 01:56.810
No let's add two groups free to terrorist group.

01:56.820 --> 02:04.700
Now if we haven't got a narrower and test group three can be freely nested into test group.

02:04.720 --> 02:09.710
This command had a group named Test Group 3 to test group.

02:09.840 --> 02:17.300
If you notice they are not provide in any group scope information at the time of adding the command

02:17.320 --> 02:21.330
left will automatically calculate the group's sound.

02:21.360 --> 02:26.340
If the addition is not supported it will throw arrows.

02:26.370 --> 02:31.160
Otherwise the execution should get completed without any errors.

02:31.170 --> 02:41.400
We can check all the users and computers so we'll find the test group and check its members and we can

02:41.400 --> 02:46.850
find test groups 3 here and see that it was successful it added.

02:46.920 --> 02:53.820
What about Baalke groups creation as a resource another the example of an Imbolc users their computer

02:53.930 --> 02:59.140
account or group security groups can be added in bulk as well.

02:59.160 --> 03:03.090
For this demonstration we can use the following code.

03:03.210 --> 03:10.800
We can create for example for security groups and Active Directory so that you can add them to a new

03:10.800 --> 03:16.800
security group in Balkh create Imbolc groups is very easy.

03:16.980 --> 03:23.700
If they share a similar name and convention as shown in this code so we are creating the groups from

03:23.700 --> 03:34.350
1 to 4 and for each group will give a name Child group and a number from 1 to 4 and will add to this

03:34.350 --> 03:37.610
group to Active Directory is its name.

03:37.640 --> 03:42.250
The scope will be the domain local and the password.

03:42.390 --> 03:48.590
These groups will be located as groups in production all you.

03:48.720 --> 03:57.810
So running this code will create four groups with the name Child group 1 2 4 and 2 still do this operation

03:58.080 --> 03:59.160
in seconds.

03:59.280 --> 04:07.410
Now we can add this newly created groups to add security in our security group as members.

04:07.500 --> 04:14.490
First let's create a group to which we want to add this newly created four groups as a result before

04:14.490 --> 04:21.660
a group can be created by using the new dash A-D group command left the following command will create

04:21.990 --> 04:24.960
the parent group one security group.

04:25.080 --> 04:27.440
So let's Reinard we on you.

04:27.460 --> 04:34.470
Does the group Desch name parent group 1 and the scope for it will be Domain Local.

04:34.550 --> 04:43.530
Once the group is created we can add to the newly created for child groups to this parent group while

04:43.530 --> 04:51.840
I'm using the following command I will add a variable which will be called Groups and equal to get a

04:51.860 --> 05:00.460
group filter in all of the groups which contain child group in its name and then reparse This able to

05:00.640 --> 05:07.750
follow and command out there's a group member we are read in groups too through this group which is

05:07.750 --> 05:16.840
called parent group 1 and the groups which we are adding is taken from groups variable which we've created

05:16.840 --> 05:17.510
before.

05:17.620 --> 05:25.090
So the first line of the code will search left active directory for any group that has a name starting

05:25.150 --> 05:32.710
with child group and strong it's the details and the groups variable once the details are available

05:32.920 --> 05:41.060
they can be added to another security group parent group want to use in the address the group member

05:41.140 --> 05:43.990
command loud and the groups will be added.