# Creating an AWS Managed Microsoft AD group
<a name="ms_ad_manage_users_groups_create_group"></a>

You can create groups in your AWS Managed Microsoft AD. Use the following procedure to create a security group with an Amazon EC2 instance that is joined to your AWS Managed Microsoft AD directory. Before you can create security groups, you need to complete the procedures in [Installing the Active Directory Administration Tools](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_install_ad_tools.html).

------
#### [ Active Directory Administration Tools ]

Use the following procedures to create an AWS Managed Microsoft AD group with Active Directory Administration Tools.

**To create a group**

1. Connect to the instance where the Active Directory Administration Tools were installed.

1. Open the Active Directory Users and Computers tool. There is a shortcut to this tool in the **Administrative Tools** folder.
**Tip**  
You can run the following from a command prompt on the instance to open the Active Directory Users and Computers tool box directly.  

   ```
   %SystemRoot%\system32\dsa.msc
   ```

1. In the directory tree, select an OU under your directory's NetBIOS name OU where you want to store your group (for example, Corp\$1Users). For more information about the OU structure used by directories in AWS, see [What gets created with your AWS Managed Microsoft AD](ms_ad_getting_started_what_gets_created.md).  
![\[Active Directory Users and Computers tool showing example OU structure.\]](http://docs.aws.amazon.com/directoryservice/latest/admin-guide/images/create-security-groups-OU.png)

1. On the **Action** menu, click **New**, and then click **Group** to open the new group wizard.

1. Type a name for the group in **Group name**, select a **Group scope** that meets your needs, and select **Security** for the **Group type**. For more information on Active Directory group scope and security groups, see [ Active Directory security groups](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups) in Microsoft Windows Server documentation.

1. Click **OK**. The new security group will appear in the **Users** folder.

------
#### [ PowerShell ]

You can use PowerShell commands to create groups. For more information, see [New-ADGroup](https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adgroup?view=windowsserver2022-ps) in Windows Server 2022 PowerShell documentation.

------