diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py
index a07555257..0d8486180 100644
--- a/ipa-server/ipa-gui/ipagui/controllers.py
+++ b/ipa-server/ipa-gui/ipagui/controllers.py
@@ -18,12 +18,15 @@ import ipa.ipaclient
 import ipa.user
 import xmlrpclib
 import forms.user
+import forms.group
 from helpers import userhelper
 from ipa import ipaerror
 
 ipa.config.init_config()
 user_new_form = forms.user.UserNewForm()
 user_edit_form = forms.user.UserEditForm()
+group_new_form = forms.group.GroupNewForm()
+group_edit_form = forms.group.GroupEditForm()
 
 password_chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
 
@@ -283,10 +286,12 @@ class Root(controllers.RootController):
         return ""
 
     @expose()
+    @identity.require(identity.not_anonymous())
     def suggest_email(self, givenname, sn):
         if (len(givenname) == 0) or (len(sn) == 0):
             return ""
 
+        client.set_principal(identity.current.user_name)
         givenname = givenname.lower()
         sn = sn.lower()
 
@@ -331,13 +336,55 @@ class Root(controllers.RootController):
         client.set_principal(identity.current.user_name)
         return dict()
 
-
-    ############
-    # Resource #
-    ############
-
-    @expose("ipagui.templates.resindex")
+    @expose("ipagui.templates.groupnew")
     @identity.require(identity.not_anonymous())
-    def resindex(self, tg_errors=None):
+    def groupnew(self, tg_errors=None):
+        """Displays the new group form"""
+        if tg_errors:
+            turbogears.flash("There was a problem with the form!")
+
         client.set_principal(identity.current.user_name)
-        return dict()
+
+        return dict(form=group_new_form)
+
+    @expose()
+    @identity.require(identity.not_anonymous())
+    def groupcreate(self, **kw):
+        """Creates a new group"""
+        restrict_post()
+        client.set_principal(identity.current.user_name)
+
+        if kw.get('submit') == 'Cancel':
+            turbogears.flash("Add group cancelled")
+            raise turbogears.redirect('/')
+
+        tg_errors, kw = self.groupcreatevalidate(**kw)
+        if tg_errors:
+            return dict(form=group_new_form, tg_template='ipagui.templates.groupnew')
+
+        try:
+            new_group = ipa.group.Group()
+            new_group.setValue('cn', kw.get('cn'))
+            new_group.setValue('description', kw.get('description'))
+
+            rv = client.add_group(new_group)
+            turbogears.flash("%s added!" % kw.get('cn'))
+            # raise turbogears.redirect('/groupedit', cn=kw['cn'])
+            raise turbogears.redirect('/')
+        except ipaerror.exception_for(ipaerror.LDAP_DUPLICATE):
+            turbogears.flash("Group with name '%s' already exists" %
+                    kw.get('cn'))
+            return dict(form=group_new_form, tg_template='ipagui.templates.groupnew')
+        except ipaerror.IPAError, e:
+            turbogears.flash("Group add failed: " + str(e) + "<br/>" + str(e.detail))
+            return dict(form=group_new_form, tg_template='ipagui.templates.groupnew')
+
+    @validate(form=group_new_form)
+    @identity.require(identity.not_anonymous())
+    def groupcreatevalidate(self, tg_errors=None, **kw):
+        return tg_errors, kw
+
+    @validate(form=group_edit_form)
+    @identity.require(identity.not_anonymous())
+    def groupupdatevalidate(self, tg_errors=None, **kw):
+        return tg_errors, kw
diff --git a/ipa-server/ipa-gui/ipagui/forms/group.py b/ipa-server/ipa-gui/ipagui/forms/group.py
new file mode 100644
index 000000000..0dd9ef2d0
--- /dev/null
+++ b/ipa-server/ipa-gui/ipagui/forms/group.py
@@ -0,0 +1,48 @@
+import turbogears
+from turbogears import validators, widgets
+
+class GroupFields():
+    cn = widgets.TextField(name="cn", label="Name")
+    gidnumber = widgets.TextField(name="gidnumber", label="GID")
+    description = widgets.TextField(name="description", label="Description")
+
+    cn_hidden = widgets.HiddenField(name="cn")
+
+    group_orig = widgets.HiddenField(name="group_orig")
+
+class GroupNewValidator(validators.Schema):
+    cn = validators.PlainText(not_empty=True)
+    description = validators.String(not_empty=False)
+
+
+class GroupNewForm(widgets.Form):
+    params = ['group']
+
+    fields = [GroupFields.cn, GroupFields.description]
+
+    validator = GroupNewValidator()
+
+    def __init__(self, *args, **kw):
+        super(GroupNewForm,self).__init__(*args, **kw)
+        (self.template_c, self.template) = widgets.meta.load_kid_template("ipagui.templates.groupnewform")
+        self.group = GroupFields
+
+    def update_params(self, params):
+        super(GroupNewForm,self).update_params(params)
+
+
+class GroupEditValidator(validators.Schema):
+    gidnumber = widgets.TextField(name="gidnumber", label="GID")
+    description = widgets.TextField(name="description", label="Description")
+
+class GroupEditForm(widgets.Form):
+    params = ['group']
+
+    fields = [GroupFields.gidnumber, GroupFields.description]
+
+    validator = GroupEditValidator()
+
+    def __init__(self, *args, **kw):
+        super(GroupEditForm,self).__init__(*args, **kw)
+        (self.template_c, self.template) = widgets.meta.load_kid_template("ipagui.templates.groupeditform")
+        self.group = GroupFields
diff --git a/ipa-server/ipa-gui/ipagui/forms/user.py b/ipa-server/ipa-gui/ipagui/forms/user.py
index c5478bf8a..0fc6761f6 100644
--- a/ipa-server/ipa-gui/ipagui/forms/user.py
+++ b/ipa-server/ipa-gui/ipagui/forms/user.py
@@ -65,6 +65,8 @@ class UserEditValidator(validators.Schema):
     givenname = validators.String(not_empty=True)
     sn = validators.String(not_empty=True)
     mail = validators.Email(not_empty=True)
+    uidnumber = validators.Int(not_empty=False)
+    gidnumber = validators.Int(not_empty=False)
     #  validators.PhoneNumber may be a bit too picky, requiring an area code
     # telephonenumber = validators.PlainText(not_empty=False)
 
diff --git a/ipa-server/ipa-gui/ipagui/templates/groupnew.kid b/ipa-server/ipa-gui/ipagui/templates/groupnew.kid
new file mode 100644
index 000000000..6efb7028b
--- /dev/null
+++ b/ipa-server/ipa-gui/ipagui/templates/groupnew.kid
@@ -0,0 +1,13 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"
+    py:extends="'userlayout.kid'">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type" py:replace="''"/>
+    <title>Add Group</title>
+</head>
+<body>
+    <h2>Add Group</h2>
+
+    ${form.display(action="groupcreate")}
+</body>
+</html>
diff --git a/ipa-server/ipa-gui/ipagui/templates/groupnewform.kid b/ipa-server/ipa-gui/ipagui/templates/groupnewform.kid
new file mode 100644
index 000000000..66b7c43bb
--- /dev/null
+++ b/ipa-server/ipa-gui/ipagui/templates/groupnewform.kid
@@ -0,0 +1,55 @@
+<div xmlns:py="http://purl.org/kid/ns#"
+  class="simpleroster">
+  <form action="${action}" name="${name}" method="${method}" class="tableform">
+
+    <div class="formsection">Group Details</div>
+    <table class="formtable" cellpadding="2" cellspacing="0" border="0">
+      <tr>
+        <th>
+          <label class="fieldlabel" for="${group.cn.field_id}"
+            py:content="group.cn.label" />:
+        </th>
+        <td>
+          <span py:replace="group.cn.display(value_for(group.cn))" />
+          <span py:if="tg.errors.get('cn')" class="fielderror"
+              py:content="tg.errors.get('cn')" />
+
+        </td>
+      </tr>
+
+      <tr>
+        <th>
+          <label class="fieldlabel" for="${group.description.field_id}"
+            py:content="group.description.label" />:
+        </th>
+        <td>
+          <span py:replace="group.description.display(value_for(group.description))" />
+          <span py:if="tg.errors.get('description')" class="fielderror"
+              py:content="tg.errors.get('description')" />
+
+        </td>
+      </tr>
+
+      <tr>
+        <th>
+          <label class="fieldlabel" for="${group.gidnumber.field_id}"
+            py:content="group.gidnumber.label" />:
+        </th>
+        <td>
+          Generated by server
+        </td>
+      </tr>
+    </table>
+
+    <table class="formtable" cellpadding="2" cellspacing="0" border="0">
+      <tr>
+        <th></th>
+        <td>
+          <br />
+          <input type="submit" class="submitbutton" name="submit" value="Add Group"/>
+        </td>
+      </tr>
+    </table>
+
+  </form>
+</div>
diff --git a/ipa-server/ipa-gui/ipagui/templates/master.kid b/ipa-server/ipa-gui/ipagui/templates/master.kid
index 2d3a35f22..b1e5ad84a 100644
--- a/ipa-server/ipa-gui/ipagui/templates/master.kid
+++ b/ipa-server/ipa-gui/ipagui/templates/master.kid
@@ -69,7 +69,7 @@
         <a href="${tg.url('/userlist')}">Find People</a><br/>
         </p>
         <p>
-        <a href="${tg.url('/groupindex')}">Add Group</a><br/>
+        <a href="${tg.url('/groupnew')}">Add Group</a><br/>
         <a href="${tg.url('/groupindex')}">Find Groups</a><br/>
         </p>
         <p>