| Platform SDK: Network Management |
A local group can contain user accounts or global group accounts from one or more domains. (Global groups can contain users from only one domain.) A local group shares common privileges and rights only within its own domain.
The network management local group functions control members of local groups in a way that the functions can only be called locally on the system on which the local group is defined. On a Windows NT/Windows 2000 workstation, or on a server that is not a domain controller, you can use only a local group defined on that system. A local group defined on the primary domain controller is replicated to all other domain controllers in the domain. Therefore, a local group is available on all domain controllers within the domain in which it was created.
The local group functions create or delete local groups, and review or adjust the memberships of local groups. These functions are listed following.
| Function | Description |
|---|---|
| NetLocalGroupAdd | Creates a local group. |
| NetLocalGroupAddMembers | Adds one or more users or global groups to an existing local group. |
| NetLocalGroupDel | Deletes a local group, removing all existing members from the group. |
| NetLocalGroupDelMembers | Removes one or more members from an existing local group. |
| NetLocalGroupEnum | Returns information about each local group account on a server. |
| NetLocalGroupGetInfo | Returns information about a particular local group account on a server. |
| NetLocalGroupGetMembers | Lists all members of a specified local group. |
| NetLocalGroupSetInfo | Sets general information about a local group. |
| NetLocalGroupSetMembers | Assigns members to a local group. |
You can add a member to a local group by specifying the security identifier (SID) of the member. To translate a member account name to a SID, call the LookupAccountName function.
When you create a local group by calling the NetLocalGroupAdd function, you must supply a local group name. Initially, the local group has no members.
Local group account information is available at the following levels:
LOCALGROUP_INFO_0
LOCALGROUP_INFO_1
LOCALGROUP_INFO_1002
Local group membership information is available at the following information levels:
LOCALGROUP_MEMBERS_INFO_0
LOCALGROUP_MEMBERS_INFO_1
LOCALGROUP_MEMBERS_INFO_2
LOCALGROUP_MEMBERS_INFO_3
You can retrieve the names of the local groups to which a user belongs by calling the NetUserGetLocalGroups function, specifying the following information level:
For more information, see the network management Group Functions.
If you are programming for Active Directory™, you may be able to call certain Active Directory Service Interface (ADSI) methods to achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.