Groups on Member Servers and Windows 2000 Professional

On member servers and Windows® 2000 Professional, there is a local security database. That local security database can contain its own local user and machine local groups whose scope is only the particular computer where they are created. When managing these types of users and groups on member servers and computers running Windows NT® Workstation/Windows 2000 Professional, you use the WinNT provider.

When a member server or a computer running Windows 2000 Professional or Windows 2000 Professional is a member of a Windows 2000 domain, the groups or users in the domain can be used in the local security database to grant rights to that group on that particular computer.

When managing groups on a Windows 2000 domain using ADSI, you use the LDAP provider. When managing groups on member servers and computers running Windows NT Workstation/Windows 2000 Professional, you use the WinNT provider.

This means you need to bind at least once to each provider: 1) Bind to the LDAP provider to retrieve the ADsPath to the group or user you want to add to a group in the local database and 2) Bind to the WinNT provider to add that user or group to a machine local group.