Creating a group

Administration > SQL Server Administration > Administration Tasks > Active Directory Administration > Creating a group

Creating a group

You can use Active Directory groups to set SQL Server instance and database access permissions. Groups allow you to assign and manage access permissions for multiple users more efficiently. You can use Active Directory Domain Services to create an AD group on a domain controller machine.

To create a group in Active Directory, do the following:

1. On the domain controller machine, start Active Directory Users and Computers.

2. In the left navigation pane, expand the domain, then click on Users. The list of current users and groups appears.

3. Right-click on Users, point to New, and then click Group. The New Object window appears.

4. Enter the group information in the appropriate fields:

◦ Group name — Specify a name for group.

◦ Group scope — Select Global.

◦ Group type — Select Security.

5. Click OK to create the group.

6. Confirm that the group appears in the list of users and groups.

After creating an Active Directory group, you should grant the group the following permissions in SQL Server:

1. Access to the server. See Creating server logins for users and groups (Model Explorer)

2. Access to a database. See Adding principals to a database (Model Explorer)

To grant access to users under nested groups, you must perform the following:

1. Create a server login for each nested group under the main group. See Creating server logins for users and groups (Model Explorer).

2. Add the nested group as a database principal to each database where user permissions are derived from that group. See Adding principals to a database (Model Explorer).

For more information about Active Directory, refer to the Microsoft help:

Active Directory Domain Services

https://docs.microsoft.com/windows/desktop/ad/active-directory-domain-services