| Platform SDK: Active Directory, ADSI, and Directory Services |
You can add users, groups, or contacts to groups. The member property of the group object contains all direct members of the group.
The simplest way to control group membership is to use the IADsGroup::Add and IADsGroup::Remove methods on the IADsGroup object representing the group you want to add or remove members from.
The following properties of the group object control group membership:
After creating the group object, use the IADsGroup::Add method to add members to the group. Note that IADsGroup::Add uses the ADsPath instead of the distinguished name. To get the ADsPath, use the IADs::get_ADsPath method on the object representing the user, group, or contact you want to add.
Active Directory™ maintains this property. When this group's distinguished name is added to the member property of another group, that other group's distinguished name is automatically added to this group's memberOf property.
The IADsGroup methods are simplest for adding and removing members. However, you can also use IDirectoryObject methods to add and remove members. The IDirectoryObject methods may be more efficient if you are adding multiple members at creation time where you can specify the members in the pAttributeEntries parameter of the IDirectoryObject::CreateDSObject method. If you use the IDirectoryObject methods to add members, you must specify distinguished names for the users, groups, or contacts to add.
When using IDirectoryObject, be careful when adding members. The member property is also multi-valued. Therefore, if members already exist in the member property, you must retrieve the array of members using IDirectoryObject::GetObjectAttributes, add the new members to the array, and write the updated array to the member property again using IDirectoryObject::SetObjectAttributes.