ADSI uses collection objects to represent any arbitrary set of items in a directory service that can be represented using the same data type. Collection objects are defined as a set of VARIANT values, representing any of the valid Automation data types. Collection objects can represent both persistent information such as access control lists and volatile information such as print jobs in a print queue.
The standard COM convention for listing the contents of a collection (or container) object is to create a enumerator object that supports IEnumVARIANT, which has methods to step through the list of collection objects. The interfaces in ADSI that supply the get__NewEnum method (note the two underscores) are IADsContainer, IADsMembers and IADsCollection. ADSI also supplies the helper functions ADsBuildEnumerator and ADsEnumerateNext to be used in C and C++ programs to simplify enumeration. Automation clients use enumeration implicitly when they call Next in a For loop.
Groups are simply collections of objects supporting the IADsMembers interface.
For examples, see the following:
· Automation - Enumerating Users in a Group
· COM Vtable Examples- Enumerating Users in a Group
· Enumerating the ACLs on an ADSI Object — An Automation Example