3.1.5.8.1 SamrAddMemberToGroup (Opnum 22)
The SamrAddMemberToGroup method adds a member to a group.
-
long SamrAddMemberToGroup( [in] SAMPR_HANDLE GroupHandle, [in] unsigned long MemberId, [in] unsigned long Attributes );
GroupHandle: An RPC context handle, as specified in section 2.2.7.2, representing a group object.
MemberId: A RID representing an account to add to the group's membership list.
Attributes: The characteristics of the membership relationship. See section 2.2.1.10 for legal values and semantics.
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
Upon receiving this message, the server MUST process the data from the message subject to the following constraints:
The server MUST return an error if GroupHandle.HandleType is not equal to "Group".
GroupHandle.GrantedAccess MUST have the required access specified in section 3.1.2.2. Otherwise, the server MUST return STATUS_ACCESS_DENIED.
All database operations MUST occur in a single transaction.
Let G be the group referenced by GroupHandle.Object.
Let TargetSid be the SID composed by making the MemberId a suffix to the domain prefix of G's objectSid.
If there is no object whose objectSid attribute is TargetSid, the server MUST return STATUS_NO_SUCH_USER.
If G's member attribute already has as a dsname value that references the object whose objectSid is TargetSid, the server MUST return an error.
G's member attribute MUST be updated to add a dsname value that references the object with the objectSid value TargetSid.
The message processing specified in section 3.1.5.14.7 for the Attributes parameter MUST be adhered to.