# Creating an AWS Managed Microsoft AD group
<a name="ms_ad_manage_users_groups_create_group"></a>

You can create groups in your AWS Managed Microsoft AD. Use the following procedure to create a security group with an Amazon EC2 instance that is joined to your AWS Managed Microsoft AD directory. Before you can create security groups, you need to complete the procedures in [Installing the Active Directory Administration Tools](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_install_ad_tools.html).

------
#### [ Active Directory Administration Tools ]

Use the following procedures to create an AWS Managed Microsoft AD group with Active Directory Administration Tools.

**To create a group**

1. Connect to the instance where the Active Directory Administration Tools were installed.

1. Open the Active Directory Users and Computers tool. There is a shortcut to this tool in the **Administrative Tools** folder.
**Tip**  
You can run the following from a command prompt on the instance to open the Active Directory Users and Computers tool box directly.  

   ```
   %SystemRoot%\system32\dsa.msc
   ```

1. In the directory tree, select an OU under your directory's NetBIOS name OU where you want to store your group (for example, Corp\\Users). For more information about the OU structure used by directories in AWS, see [What gets created with your AWS Managed Microsoft AD](ms_ad_getting_started_what_gets_created.md).  
![Active Directory Users and Computers tool showing example OU structure.](http://docs.aws.amazon.com/directoryservice/latest/admin-guide/images/create-security-groups-OU.png)

1. On the **Action** menu, click **New**, and then click **Group** to open the new group wizard.

1. Type a name for the group in **Group name**, select a **Group scope** that meets your needs, and select **Security** for the **Group type**. For more information on Active Directory group scope and security groups, see [ Active Directory security groups](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups) in Microsoft Windows Server documentation.

1. Click **OK**. The new security group will appear in the **Users** folder.

------
#### [ PowerShell ]

You can use PowerShell commands to create groups. For more information, see [New-ADGroup](https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adgroup?view=windowsserver2022-ps) in Windows Server 2022 PowerShell documentation.

------