Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
On member servers and computers running on Windows 2000 Professional, you can enumerate all local groups.
Only local groups can be created on member servers and Windows 2000 Professional. However, those local groups can contain:
- Universal and Global groups from the forest that contains the domain to which the computer is a member.
- Domain local groups from that computer's domain.
- Users from any domain in the forest.
To enumerate the local groups on a member server or computer running Windows 2000 Professional
Bind to the computer using the following rules:
Use an account with sufficient rights to access that computer.
Use the following binding string format using the WinNT provider, computer name, and an extra parameter to instruct ADSI that it is binding to a computer: "WinNT://<computer name>,<computer>".
"The <computer name>" parameter is the name of the computer group to access. This parameter instruct ADSI that it is binding to a computer and allows the WinNT provider's parser to skip some ambiguity-resolution queries to determine what type of object you are binding to.
Bind to the IADsContainer interface.
Set a filter that contains "groups" using the IADsContainer.Filter property. This enables you to enumerate the container and retrieve only groups.
Enumerate the group objects, using the IADsContainer::get__NewEnum method.
For each the group object, use the IADsGroup interface to read the name and members of the group.