HELP: getting group information from win2k domain controller
Yuquan Jiang
jiangy at cs.unc.edu
Thu Aug 8 13:37:01 GMT 2002
I looked into the MSDN library and did not find a proper function to retrieve
nested group name.
I wrote a windows program using NetUserGetGroups and NetUserGetLocalGroups, and
neither of them
give me what I want. Since I am using 2 win2k machine, according to the trace,
underlying they are using
MS/DCE for these two functions. So I guess maybe I haven't found the right MS
API for this purpose.
Simply switching to DCE/RPC won't solve the problem.
I looked into all the Net* APIs and none of them looks good.
Does anyone happen to know the right way to retrieve the nested group list ? Or
if there is any function that
can check the parent group of a group ? That way we can do recursive search to
enumerate the whole list.
Thanks.
Yuquan
Jim McDonough wrote:
> Yuquan Jiang wrote:
> >I am trying to use NetUserGetGroups RAP function to retrieve group
> >information for a user from win2k domain controller. But look like I got
> >the following problems:
> Hmmm, RAP is an older protocol, so I'd not try to write code using it
> unless you really need to (e.g. connecting to a system that doesn't support
> RPC).
>
> >1. I can only retrieve global security group info, no distribution
> >group, local domain group information can be retrieved
> >2. it doesn't report nested group name. Say if group11 is within group1,
> >and user1 is a member of group11, then it only gives me group11, not
> >group1.
> Either MS doesn't return this info, or we haven't figured out the right way
> to make it...I suspect they just don't implement it, because at this point
> RAP isn't the method of choice.
>
> >Does anyone know what the reason could be ? Should I use a RPC different
> >function for this purpose ? Or is the win2k server set up problem, or it
> >is expected that win2k server will not release some of its group
> >information ? Or I should use DEC/RPC function for this purpose and RAP
> >just don't have this ability ?
> I'd suggest doing RPC's...
>
> >Thanks a lot.
> >
> >Yuquan
>
> ----------------------------
> Jim McDonough
> IBM Linux Technology Center
> Samba Team
> 6 Minuteman Drive
> Scarborough, ME 04074
> USA
>
> jmcd at us.ibm.com
> jmcd at samba.org
>
> Phone: (207) 885-5565
> IBM tie-line: 776-9984
More information about the samba-technical
mailing list