[Samba] net rpc group add & by/pass the group scope value

[Abraham.Alawi at csiro.au]

Hi folks,

Does anyone have a clue of how to by/pass the group scope value when creating a group in AD by using the net tools?

I can delete an AD group, add/remove members from a group but I can't create a group. I reckon it's because of the group scope value (even Power Shell/New-ADGroup prompts for it)

$ net -U $ADMIN_USER  -S $DC_ADDRESS rpc group add $GROUP_NAME  -c $OU

Error message:
Failed to add group $GROUP_NAME with error: Access is denied.

Powershell command (that works fine with the same credentials):
> New-ADGroup -Name $GROUP_NAME  "  -groupScope global -Path $OU

AD is win2k8 server, domain functional level is win2k3

Thanks,

Abraham Alawi
Linux/UNIX Systems and Storage Specialist | STACC Project
Information Management & Technology (IMT)
CSIRO
PLEASE NOTE
The information contained in this email may be confidential or privileged. Any unauthorised use or disclosure is prohibited. If you have received this email in error, please delete it immediately and notify the sender by return email. Thank you. To the extent permitted by law, CSIRO does not represent, warrant and/or guarantee that the integrity of this communication has been maintained or that the communication is free of errors, virus, interception or interference.
Please consider the environment before printing this email