A server processes a GetADGroupMember request using the Active Directory Web Services: Custom Action Protocol upon receiving a SOAP message that contains the GetADGroupMemberRequest_Headers header and that specifies the following URI as the SOAP action:
This operation is specified by the following WSDL.
<wsdl:operation name="GetADGroupMember"> <wsdl:input wsam:Action= "http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADGroupMember" name="GetADGroupMemberRequest" message="ca:GetADGroupMemberRequest" /> <wsdl:output wsam:Action= "http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions/AccountManagement/GetADGroupMemberResponse" name="GetADGroupMemberResponse" message="ca:GetADGroupMemberResponse" /> <wsdl:fault wsam:Action="http://schemas.microsoft.com/2008/1/ActiveDirectory/Data/fault" name="GetADGroupMemberFault" message= "ca:AccountManagement_GetADGroupMember_GetADGroupMemberFault_FaultMessage" /> </wsdl:operation>
The GetADGroupMember custom action retrieves the members of the group (Local/Global/Universal and Security/Distribution) that is specified by GetADGroupMemberRequest/GroupDN (section 220.127.116.11.2.3) in the NC specified in GetADGroupMemberRequest/PartitionDN (section 18.104.22.168.2.4).
Security principals identified by the group!member attribute of the group.
Security principals whose membership is determined via the primary group (the user!primaryGroupID attribute).
Foreign security principals (members with the value of user!objectSID, computer!objectSID, or group!objectSID equal to the value of foreignSecurityPrincipal!objectSID of the corresponding foreignSecurityPrincipal object), when the foreignSecurityPrincipal object is a member of a qualifying group. See [MS-SAMR] section 22.214.171.124.9.
If the group contains other members that are not security principals, they are ignored.
If the group contains other groups and element GetADGroupMemberRequest/Recursive (section 126.96.36.199.2.5) is set to TRUE, then GetADGroupMember retrieves members of the child groups as well (recursively). The child groups themselves are not included in the returned members.
For every member previously specified, GetADGroupMember constructs an ActiveDirectoryPrincipal element (section 188.8.131.52) with all the child elements populated and adds it to the GetADGroupMemberResponse/Members element (section 184.108.40.206.2.7). Upon success, the GetADGroupMemberResponse element is returned. If a group has no members, then the server returns a GetADGroupMemberResponse with an empty Members element.
Members are returned without respect to the context supplied in GetADGroupMemberRequest/PartitionDN. If no members were returned by the server, then the GetADGroupMemberResponse element SHOULD have an empty Members element.