NetLocalGroupDelMembers function (lmaccess.h)
The NetLocalGroupDelMembers function removes one or more members from an existing local group. Local group members can be users or global groups.
NET_API_STATUS NET_API_FUNCTION NetLocalGroupDelMembers(
[in] LPCWSTR servername,
[in] LPCWSTR groupname,
[in] DWORD level,
[in] LPBYTE buf,
[in] DWORD totalentries
);
[in] servername
Pointer to a constant string that specifies the DNS or NetBIOS name of the remote server on which the function is to execute. If this parameter is NULL, the local computer is used.
[in] groupname
Pointer to a constant string that specifies the name of the local group from which the specified users or global groups will be removed. For more information, see the following Remarks section.
[in] level
Specifies the information level of the data. This parameter can be one of the following values.
Value | Meaning |
---|---|
|
Specifies the security identifier (SID) of a local group member to remove. The buf parameter points to an array of LOCALGROUP_MEMBERS_INFO_0 structures. |
|
Specifies the domain and name of a local group member to remove. The buf parameter points to an array of LOCALGROUP_MEMBERS_INFO_3 structures. |
[in] buf
Pointer to a buffer that specifies the members to be removed. The format of this data depends on the value of the level parameter. For more information, see Network Management Function Buffers.
[in] totalentries
Specifies the number of entries in the array pointed to by the buf parameter.
If the function succeeds, the return value is NERR_Success.
If the function fails, the return value can be one of the following error codes.
Return code | Description |
---|---|
|
The user does not have access to the requested information. |
|
The local group specified by the groupname parameter does not exist. |
|
One or more of the specified members do not exist. No members were deleted. |
|
One or more of the members specified were not members of the local group. No members were deleted. |
If you call this function on a domain controller that is running Active Directory, access is allowed or denied based on the access control list (ACL) for the securable object. The default ACL permits only Domain Admins and Account Operators to call this function. On a member server or workstation, only Administrators and Power Users can call this function. For more information, see Security Requirements for the Network Management Functions. For more information on ACLs, ACEs, and access tokens, see Access Control Model.
The security descriptor of the LocalGroup object is used to perform the access check for this function.
User account names are limited to 20 characters and group names are limited to 256 characters. In addition, account names cannot be terminated by a period and they cannot include commas or any of the following printable characters: ", /, , [, ], :, |, <, >, +, =, ;, ?, *. Names also cannot include characters in the range 1-31, which are nonprintable.
If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
Requirement | Value |
---|---|
Minimum supported client | Windows 2000 Professional [desktop apps only] |
Minimum supported server | Windows 2000 Server [desktop apps only] |
Target Platform | Windows |
Header | lmaccess.h (include Lm.h) |
Library | Netapi32.lib |
DLL | Netapi32.dll |