Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
Converting a group to another group type
|
To convert a group to another group type using the Windows interface |
-
To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
-
In the console tree, click the folder that contains the group that you want to convert to another group type.
Where?
- Active Directory Users and
Computers\domain node\folder that contains the
group
- Active Directory Users and
Computers\domain node\folder that contains the
group
-
In the details pane, right-click the group, and then click Properties.
-
On the General tab, under Group type, click the group type.
Additional considerations
- To perform this procedure, you must be a
member of the Account Operators group, Domain Admins group, or
Enterprise Admins group in Active Directory Domain Services
(AD DS), or you must have been delegated the appropriate
authority. As a security best practice, consider using Run
as to perform this procedure.
- Another way to open Active Directory
Users and Computers is to click Start, click Run, and
then type dsa.msc.
- To convert a group, the domain functional
level must be set to Windows 2000 native or higher. Groups
cannot be converted when the domain functional level is set to
Windows 2000 mixed.
- You can also perform the task in this
procedure by using the Active Directory module for Windows
PowerShell. To open the Active Directory module, click
Start, click Administrative Tools, and then click
Active Directory Module for Windows PowerShell. For more
information, see Convert a Group to Another Type (http://go.microsoft.com/fwlink/?LinkId=138379). For
more information about Windows PowerShell, see
Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).
Additional references
|
|
To convert a group to another group type using a command line |
-
To open a command prompt, click Start, click Run, type cmd, and then click OK.
-
Type the following command, and then press ENTER:
dsmod group <GroupDN> -secgrp {yes|no}
| Parameter | Description |
|---|---|
|
<GroupDN> |
Specifies the distinguished name of the group object for which you want to change the group type. |
|
-secgrp |
Sets the group type value. |
|
{yes|no} |
Specifies that the group type is set to security group (yes) or distribution group (no). |
To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:
dsmod group /?
Additional considerations
- To perform this procedure, you must be a
member of the Account Operators group, Domain Admins group, or
Enterprise Admins group in AD DS, or you must have been
delegated the appropriate authority. As a security best practice,
consider using Run as to perform this procedure.
- To convert a group, the domain functional
level must be set to Windows 2000 native or higher. Groups
cannot be converted when the domain functional level is set to
Windows 2000 mixed.
- You can also perform the task in this
procedure by using the Active Directory module for Windows
PowerShell. To open the Active Directory module, click
Start, click Administrative Tools, and then click
Active Directory Module for Windows PowerShell. For more
information, see Convert a Group to Another Type (http://go.microsoft.com/fwlink/?LinkId=138379). For
more information about Windows PowerShell, see
Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).