Share via

NetGroupGetUsers returns error when group have members from other domain

Arthur Ferrari Sofiatti 1 Reputation point
2023-01-10T18:38:07.22+00:00

I am using NetGroupGetUsers to get the members of Active Directory groups. I have two domains and some groups have user members from both domains. When I try to list the members of this groups with mixed users, NetGroupGetUsers returns the error code 2147 (NERR_CfgParamNotFound).

Ex.:

"DOMAIN1" has "Group1" and "user1"
"DOMAIN2" has "user2"
"user1" and "user2" are both members of "Group1"
when I try to use NetGroupGetUsers to get "Group1" members it returns NERR_CfgParamNotFound
if I remove "user2" from "Group1", NetGroupGetUsers returns Success.

This case I described is not supported or there is a way to access this data using MFC Network Management?

Exemple of how I am using NetGroupGetUsers:

HRESULT MySampleFunction(CString strGroupName)
{
  TCHAR tcGroup[CREDUI_MAX_USERNAME_LENGTH + 1] = { 0 };
  TCHAR tcDomain[CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1] = { 0 };
  DWORD dwError = ::CredUIParseUserName(strGroupName, tcGroup, SizeOfArray(tcGroup), tcDomain, SizeOfArray(tcDomain));

  if (dwError != NO_ERROR)
    return MAKE_HRESULT(1, FACILITY_WIN32, dwError);

  GROUP_USERS_INFO_0* pGroupUsersInfo = NULL;
  DWORD dwEntriesRead = 0;
  DWORD dwTotalEntries = 0;

  NET_API_STATUS apiStatus = NetGroupGetUsers(tcDomain, tcGroup, 0, (LPBYTE*)&pGroupUsersInfo, MAX_PREFERRED_LENGTH, &dwEntriesRead, &dwTotalEntries, NULL);

  if (apiStatus != NERR_Success)
    return MAKE_HRESULT(1, FACILITY_WIN32, apiStatus);

  if (pGroupUsersInfo != NULL)
    NetApiBufferFree(pGroupUsersInfo);

  return S_OK;
}
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.