22.214.171.124.1 SamrDeleteGroup (Opnum 23)
The SamrDeleteGroup method removes a group object.
long SamrDeleteGroup( [in, out] SAMPR_HANDLE* GroupHandle );
GroupHandle: An RPC context handle, as specified in section 126.96.36.199, representing a group object.
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
Upon receiving this message, the server MUST process the data from the message subject to the following constraints:
The server MUST return an error if GroupHandle.HandleType is not equal to "Group".
GroupHandle.GrantedAccess MUST have the required access specified in section 188.8.131.52. Otherwise, the server MUST return STATUS_ACCESS_DENIED.
All database operations MUST occur in a single transaction.
Let G be the group referenced by the GroupHandle.Object.
If the RID of G's objectSid attribute is less than 1000, an error MUST be returned.
In the non-DC configuration, if G has any values in the member attribute, an error MUST be returned.
If any user in the same domain as G has, as its primaryGroupId attribute, the RID of G's objectSid attribute, an error MUST be returned.
In the DC configuration, if G is a parent to another object, an error MUST be returned.<55>
G MUST be removed from the database.
The server MUST delete the SamContextHandle ADM element (section 184.108.40.206) represented by GroupHandle, and then MUST return 0 for the value of GroupHandle and a return code of STATUS_SUCCESS.