View a markdown version of this page

Creating an Amazon Managed Microsoft AD group - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating an Amazon Managed Microsoft AD group

Use the following procedure to create an Amazon Managed Microsoft AD group with Amazon Directory Service Data in the Amazon Web Services Management Console, Amazon CLI, or Amazon Tools for PowerShell.

Before you begin, complete the following:
Amazon Web Services Management Console

You can create a new Amazon Managed Microsoft AD group in the Amazon Web Services Management Console. When you create a new group, you specify the group's details and determine the group's type and scope. You also have the option to add users and child groups to your new group or add your new group to a parent group.

To create an Amazon Managed Microsoft AD group with the Amazon Web Services Management Console

  1. Open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.

  2. From the navigation pane, choose Active Directory, and then choose Directories. You're directed to the Directories screen where you can view a list of directories in your Amazon Web Services Region.

  3. Choose a directory. You're directed to the Directory details screen.

  4. Choose Group. The tab shows a list of groups in your Amazon Web Services Region.

  5. Choose Create group. You're directed to a procedure where you finish creating your new group.

  6. The Specify group details page opens. Enter a Group name. Group names must meet the following conditions:

    • Must be unique group name

    • Can be up to 64 characters long

    • Can only contain alphanumeric characters

    • ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

    Warning

    The group name cannot be changed after the group is created.

  7. Choose the Group type from one of the following:

    • Security

    • Distribution

  8. Choose the Group scope from one of the following:

    • Domain local

    • Universal

    • Global

      • You can turn on Compare scopes to display a chart of the similarities and differences between group scopes. To learn more, see Group scope.

  9. After providing the primary information and contact methods, choose Next.

  10. The Add users to group - Optional page opens and you can add users to the new group. To find a user to add to the group, enter the user logon name in the search box under the Users section. Select the users you want to add to the group and choose Next.

  11. The Add child groups - Optional page opens and you can add existing groups to the new group. The existing groups becomes child groups of the newly created group. When you add a child group to your group, your group becomes the parent group, and the child group inherits all of your group's roles and permissions. To find groups to add, enter the group name in the search box under the Add child groups section. Select the children groups you want to add to the new group and choose Next.

  12. The Add parent groups - Optional page opens and you can add the new group to existing groups. The new group becomes the parent group of the existing groups. When you add your group to a parent group, your group becomes the child group and inherits all of the parent group's roles and permissions. To find groups to add, enter the group name in the search box under the Add parent groups section. Select the parent groups you want to add to the new group and choose Next.

  13. On the Review and create group page, review your choices, and then choose Create group.

Amazon CLI

The following describes how to format a request that creates an Amazon Managed Microsoft AD group with the Amazon Directory Service Data CLI. When you create a new group, you must include your Directory ID number and a group name. You can also add other attributes, such as a group display name with the DisplayName attribute. For more information, see Amazon Directory Service Data attributes and Group type and group scope.

To create an Amazon Managed Microsoft AD group with the Amazon CLI

  • Open the Amazon CLI, and run the following command with your Directory ID, group name, and display name: 

aws ds-data create-group \
    --directory-id d-1234567890 \
    --sam-account-name "your-group-name" \
    --other-attributes '{
        "DisplayName": { "S": "myGroupDisplayName"},
        "Description":{ "S": "myGroupDescription"}
    }'

For more information, see create-group.

PowerShell

The following describes how to format a request that creates an Amazon Managed Microsoft AD group with Amazon Tools for PowerShell. When you create a new group, you must include your Directory ID number and a group name. You can also add other attributes, such as a group display name with the DisplayName attribute. For more information, see Amazon Directory Service Data attributes and Group type and group scope.

To create an Amazon Managed Microsoft AD group with Amazon Tools for PowerShell

  • Open PowerShell, and run the following command with your Directory ID, group name, and display name:

New-DSDGroup `
    -DirectoryId d-1234567890 `
    -SAMAccountName "your-group-name" `
    -OtherAttribute @{
        DisplayName = [Amazon.DirectoryServiceData.Model.AttributeValue]@{S = 'myGroupDisplayName' }
        Description = [Amazon.DirectoryServiceData.Model.AttributeValue]@{S = 'myGroupDescription' }
    }

For more information, see New-DSDGroup.