Skip to main content

PowerShell New-ADGroup: Create Active Directory Groups Guide

3 min read
powershell active-directory new-adgroup group-management tutorial

PowerShell New-ADGroup: Complete Guide to Creating AD Groups

Overview

The New-ADGroup cmdlet creates new security or distribution groups in Active Directory. Groups are used for permission management, email distribution, and organizing users.

Common Tasks:

  • Create security groups for permissions
  • Create distribution groups for email
  • Bulk create groups by department
  • Create groups in specific OUs
  • Organize groups by location/function

Prerequisites:

  • PowerShell 5.1 or later
  • Active Directory PowerShell module
  • Administrator permissions for the OU
  • Target OU must exist

Syntax

New-ADGroup [-Name] <string> [-GroupScope] <string> [-GroupCategory <string>] [-Path <string>] [-Description <string>]
```powershell

### Key Parameters

| Parameter | Type | Description |
|-----------|------|-------------|
| `-Name` | String | Group display name |
| `-GroupScope` | String | Scope: DomainLocal, Global, Universal |
| `-GroupCategory` | String | Type: Security or Distribution |
| `-Path` | String | OU distinguished name |
| `-Description` | String | Group description |

---

## Group Scopes

- **DomainLocal** - Only in current domain, contains global groups from any domain
- **Global** - Across forest, contains users/groups from same domain only
- **Universal** - Across domains, slower replication (use sparingly)

---

## Examples

### Example 1: Create Security Group (Global)

```powershell
New-ADGroup -Name "IT-Support" `
    -GroupScope Global `
    -GroupCategory Security `
    -Description "IT Support team members"
```powershell

### Example 2: Create in Specific OU

```powershell
$ouPath = "OU=Groups,DC=contoso,DC=com"
New-ADGroup -Name "IT-Support" `
    -GroupScope Global `
    -GroupCategory Security `
    -Path $ouPath `
    -Description "IT Support team members"
```powershell

### Example 3: Create Distribution Group

```powershell
$ouPath = "OU=Groups,DC=contoso,DC=com"
New-ADGroup -Name "Marketing-All" `
    -GroupScope Global `
    -GroupCategory Distribution `
    -Path $ouPath `
    -Description "All marketing staff for email distribution"
```powershell

### Example 4: Create Domain Local Group (for permissions)

```powershell
$ouPath = "OU=Groups,DC=contoso,DC=com"
New-ADGroup -Name "File-Share-Marketing-Read" `
    -GroupScope DomainLocal `
    -GroupCategory Security `
    -Path $ouPath `
    -Description "Read access to Marketing share"
```powershell

### Example 5: Bulk Create Department Groups

```powershell
$departments = @("Finance", "HR", "IT", "Sales", "Marketing")
$ouPath = "OU=Groups,DC=contoso,DC=com"

foreach ($dept in $departments) {
    New-ADGroup -Name "$dept-All" `
        -GroupScope Global `
        -GroupCategory Security `
        -Path $ouPath `
        -Description "All $dept department users"
    Write-Host "Created: $dept-All"
}
```powershell

### Example 6: Create from CSV

```powershell
$csv = Import-Csv "C:\groups.csv"
$ouPath = "OU=Groups,DC=contoso,DC=com"

foreach ($item in $csv) {
    New-ADGroup -Name $item.GroupName `
        -GroupScope Global `
        -GroupCategory $item.Category `
        -Path $ouPath `
        -Description $item.Description
    Write-Host "Created: $($item.GroupName)"
}
```powershell

### Example 7: Create with Error Handling

```powershell
try {
    $ouPath = "OU=Groups,DC=contoso,DC=com"
    New-ADGroup -Name "IT-Support" `
        -GroupScope Global `
        -GroupCategory Security `
        -Path $ouPath `
        -ErrorAction Stop
    Write-Host "✓ Group created successfully"
}
catch {
    if ($_.Exception.Message -like "*already exists*") {
        Write-Host "✗ Group already exists"
    }
    else {
        Write-Host "✗ Error: $($_.Exception.Message)"
    }
}
```powershell

### Example 8: Create Nested Groups (Parent/Child)

```powershell
$ouPath = "OU=Groups,DC=contoso,DC=com"

# Create parent group
New-ADGroup -Name "IT-All" `
    -GroupScope Global `
    -GroupCategory Security `
    -Path $ouPath

# Create subgroups
New-ADGroup -Name "IT-Admins" `
    -GroupScope Global `
    -GroupCategory Security `
    -Path $ouPath

New-ADGroup -Name "IT-Support" `
    -GroupScope Global `
    -GroupCategory Security `
    -Path $ouPath
```powershell

### Example 9: Create with Naming Convention

```powershell
$departments = @("Finance", "HR", "IT")
$ouPath = "OU=Groups,DC=contoso,DC=com"

foreach ($dept in $departments) {
    $groupName = "$dept-All"
    New-ADGroup -Name $groupName `
        -GroupScope Global `
        -GroupCategory Security `
        -Path $ouPath `
        -Description "All users in $dept department (Global group - for permissions)"
}
```powershell

### Example 10: Create Distribution Groups for Email

```powershell
$csv = Import-Csv "C:\email-groups.csv"
$ouPath = "OU=Distribution-Groups,DC=contoso,DC=com"

foreach ($item in $csv) {
    New-ADGroup -Name $item.ListName `
        -GroupScope Global `
        -GroupCategory Distribution `
        -Path $ouPath `
        -Description "Email distribution list for $($item.Purpose)"
    Write-Host "Created: $($item.ListName)"
}
```powershell

---

## Best Practices

**Use consistent naming** - Follow department/function pattern
**Set descriptions** - Document group purpose
**Organize in OUs** - Separate security from distribution
**Use Global scope** - Preferred for most groups
**Document groups** - Maintain inventory of groups created

### Naming Convention
```powershell
Department-Function    (IT-All, Finance-All)
Resource-Permission    (File-Share-Read, Printer-Access)
Location-Type         (NYC-Users, Remote-Access)
```powershell

---

## Related Commands

- **[Get-ADGroup](/powershell-get-adgroup)** - Query groups
- **[Set-ADGroup](/powershell-set-adgroup)** - Modify groups
- **[Add-ADGroupMember](/powershell-add-adgroupmember)** - Add members
- **[Remove-ADGroup](/powershell-remove-adgroup)** - Delete groups

---

## FAQs

**Q: What's the difference between group scopes?**
A: DomainLocal for permissions, Global for members, Universal for multi-domain (rare).

**Q: Should I use Security or Distribution?**
A: Security for permissions/management, Distribution for email lists.

**Q: Can I change group scope after creation?**
A: Yes, but only between certain combinations. Global → Universal is allowed.

**Q: Can I change group type?**
A: Limited - only Security to Distribution in certain scopes.

---

## See Also

- **[Get-ADGroup](/powershell-get-adgroup)** - Query groups
- **[Active Directory Groups Guide](/active-directory-groups)** - Groups overview
- **[Add-ADGroupMember](/powershell-add-adgroupmember)** - Add members to groups

---

**Last Updated:** February 6, 2026
**Difficulty Level:** Intermediate
**Reading Time:** 9 minutes

Related Articles

PowerShell Add-ADGroupMember: Add Users to AD Groups Complete Guide

Master PowerShell Add-ADGroupMember cmdlet. Learn to add users, computers, and groups to Active Directory security groups. Includes 10+ examples and best practices.

PowerShell Get-ADGroup: Complete Guide to Query AD Groups

Master PowerShell Get-ADGroup cmdlet. Learn to query Active Directory groups by name, type, scope, and members. Includes 8+ examples and best practices.

PowerShell Remove-ADGroup: Delete Active Directory Groups

Master PowerShell Remove-ADGroup cmdlet. Learn to delete security and distribution groups from Active Directory with examples and best practices.