SamrGetMembersInGroup (Opnum 25)

The SamrGetMembersInGroup method reads the members of a group.

 long SamrGetMembersInGroup(
   [in] SAMPR_HANDLE GroupHandle,

GroupHandle: An RPC context handle, as specified in section, representing a group object.

Members: A structure containing an array of RIDs, as well as an array of attribute values.

This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.

Upon receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. The server MUST return an error if GroupHandle.HandleType is not equal to "Group".

  2. GroupHandle.GrantedAccess MUST have the required access specified in section Otherwise, the server MUST return STATUS_ACCESS_DENIED.

  3. Let G be the group object referenced by GroupHandle.Object.

  4. Let M be the set of values of G's member attribute such that the groupType of the object referenced by each value is GROUP_TYPE_SECURITY_ACCOUNT or GROUP_TYPE_SECURITY_UNIVERSAL. Objects with groupType GROUP_TYPE_SECURITY_RESOURCE are ignored.

  5. If the domain prefix of the objectSid attribute of any object in set M is different from the domain prefix of G's objectSid, the server SHOULD<58> return STATUS_DS_GLOBAL_CANT_HAVE_CROSSDOMAIN_MEMBER.

  6. On output:

    1. Members.MemberCount MUST be equal to the number of values in M.

    2. The Members.Members array MUST contain the RelativeIds of the objectSid attribute values for all objects in set M.

    3. For each element in the Members.Members array, see section for a message processing specification of each element in the Members.Attributes array.