HELP: getting group information from win2k domain controller

Jim McDonough jmcd at
Thu Jul 25 06:45:02 GMT 2002

Yuquan Jiang wrote:
>I am trying to use NetUserGetGroups RAP function to retrieve group
>information for a user from win2k domain controller. But look like I got
>the following problems:
Hmmm, RAP is an older protocol, so I'd not try to write code using it
unless you really need to (e.g. connecting to a system that doesn't support

>1. I can only retrieve global security group info, no distribution
>group, local domain group information can be retrieved
>2. it doesn't report nested group name. Say if group11 is within group1,
>and user1 is a member of group11, then it only gives me group11, not
Either MS doesn't return this info, or we haven't figured out the right way
to make it...I suspect they just don't implement it, because at this point
RAP isn't the method of choice.

>Does anyone know what the reason could be ? Should I use a RPC different
>function for this purpose ? Or is the win2k server set up problem, or it
>is expected that win2k server will not release some of its group
>information ? Or I should use DEC/RPC function for this purpose and RAP
>just don't have this ability ?
I'd suggest doing RPC's...

>Thanks a lot.

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list