Enumerating Groups on Member Servers and Windows 2000 Professional

On member servers and computers running Windows 2000 Professional, you can easily enumerate all the machine local groups.

Only machine local groups can be created on member servers and Windows 2000 Professional. However, those machine local groups can contain 1) Universal and Global groups from the forest containing the domain that the computer is a member of or 2) Domain local groups from that computer's domain 3) Users from any domain in the forest.

To enumerate the machine local groups on a member server or computer running Windows 2000 Professional

1. Bind to the computer using the following rules:
   1. Use an account that has sufficient rights to access that computer.
   2. Use the following binding string format using the WinNT provider, computer name, and an extra parameter to tell ADSI that it is binding to a computer:

      WinNT://sComputerName, computer

      where sComputerName is the name of the computer who groups you want to access.

      In the binding string, the ",computer" parameter tells ADSI that it is binding to a computer. ADSI makes this information available to the WinNT provider's parser so that it can skip some ambiguity-resolution queries to determine what type of object you are binding to.

   3. Bind to the IADsContainer interface.
2. Set a filter containing "groups" using the IADsContainer::put_Filter property method. This enables you to enumerate the container and retrieve only groups.
3. Enumerate the group objects, using the IADsContainer::get__NewEnum method.
4. For each the group object, using the IADsGroup methods to read the name and members of the group.