The returned principal collection does not contain group objects when the recursive flag is set to true; only leaf nodes are returned. For example, when a group that contains a computer object and a group object (with only user principals) is searched recursively, the returned collection contains the computer object and the user principal objects in the nested group. Since the group object is not a leaf, even when it is empty, it is not returned in the recursive search. When the recursive flag is set to false, the returned collection may contain group objects.
Members are returned without respect to the context. For example, if an AD DS context based at “CN=SpecialUsers,DC=Fabrikam,DC=com”, the PrincipalFindResult set will include group members that are located under “CN=NormalUsers,DC=Fabrikam,DC=com” also, even though they fall under a scope that is not part of the context that is searched. The returned principal collection may also contain members that are located in a different store than the group.