domain group and local group API needed

Luke Kenneth Casson Leighton lkcl at
Fri Oct 30 18:39:34 GMT 1998

nt stores in the SAM, on a per-user basis:

- a list of domain group rids in a USER_INFO_3 structure.  this is handed
out when a NetSamLogon query is made, and also when a QueryUserGroups call
is made (samr op 0x28).

- a list of local group rids (aliases).  this includes well-known and
admin-created aliases.

you have to manually split these two out, as a call is made in a samr op
0x10 call (don't have a name for it yet. QueryUserAliases?)  this is on a
per-SID basis, and valid SIDs include:

S-1-5-20 where this is the SID for the well-known stuff.
S-1-5-21-xxx-yyy-zzz where this is the SID for the SAM.

actually, the 0x10 call doesn't pass in the SID itself, it passes a policy
handle on which the SID was opened, and USRMGR.EXE opens two SID policy
handles, both mentioned above.

More information about the samba-technical mailing list