220.127.116.11.1 SamrGetGroupsForUser (Opnum 39)
The SamrGetGroupsForUser method obtains a listing of groups that a user is a member of.
long SamrGetGroupsForUser( [in] SAMPR_HANDLE UserHandle, [out] PSAMPR_GET_GROUPS_BUFFER* Groups );
Groups: An array of RIDs of the groups that the user referenced by UserHandle is a member of.
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
Upon receiving this message, the server MUST process the data from the message subject to the following constraints:
The server MUST return an error if UserHandle.HandleType is not equal to "User".
UserHandle.GrantedAccess MUST have the required access specified in section 18.104.22.168. Otherwise, the server MUST return STATUS_ACCESS_DENIED.
The server MUST determine the union of all database objects with class group and groupType GROUP_TYPE_SECURITY_ACCOUNT or GROUP_TYPE_SECURITY_UNIVERSAL whose member value contains the SID of the user referenced by UserHandle.Object.
The returned Groups.MembershipCount MUST be set to the cardinality that the union determined from step 3.
For each group in the union determined from step 3, the server MUST set a corresponding element in Groups.Groups as follows:
RelativeId MUST contain the RID of the SID of the dsname member value.
Set the Attributes field according to the message processing rules in section 22.214.171.124.7.