Windows 2000 Pro Windows XP Pro Windows 2000 Adv Server
Windows .NET Ent Server (Build 3604)
This article discusses the implementation of an ASP COM component that can be
used to get the list of Groups a user is member of on a local machine or a
domain server. Microsoft provides ADSI to do most of the administrative tasks.
But sometime it is more efficient to make use of direct Network API calls
ADSI. Especially if you are dealing with only one
server or local machine, all the ADSI calls are routed through Network APIs.
Therefore it makes more sense to use the Net API calls.
We have made an attemt to implement one such component that can be used to get
the list groups a given user is member of. There is no rocket sciene involved
in this operation. The key is just knowing the APIs that can be used to
accomplish these tasks.
There are two APIs that can be used to get the groups information,
NetUserGetLocalGroups. Depending on the nature of your
requirement, you can use one of these APIs. As per the name of the later API,
GetUserGetLocalGroups, can be used to list of local groups to which
the user has membership. And the second API,
can be used to get the list of global groups to which the user has membership.
For purpose of this component, we have used only the local version of the API.
But in the next version of the component, support will be added for both the
This component has been implemented as an ATL/COM ASP component. The compoennt
exposes a dual Interface,
ITrusteeUtil, to encapsulate the
calls to Win32 Network APIs. You can call GetGroupNamesOfUser method on this
interface to get the list. The list is returned as a
nStatus = NetUserGetLocalGroups((strServer.length() == 0) ? NULL : wchServer,
(bIncludeIndirect) ? dwFlags : 0,
(LPBYTE *) &pBuf,
If the call fails, the API returns Win32 error code. You can check that error
to see the actual reason of failure. The error codes are pretty informative.
m_bstrErrors += L"\nThe user does not have access to the requested information.";
m_bstrErrors += L"\nMore entries are available. Specify a large enough buffer to receive all entries.";
m_bstrErrors += L"\nThe computer name is invalid.";
m_bstrErrors += L"The user name could not be found.";
m_bstrErrors += L"\nGeneric Win32 Error.";
an ASP page.
obNet = Server.CreateObject('Pardesi.TrusteeUtil');
arrItems= new VBArray(obNet.GetGroupNamesOfUser(strUser, '', true));
And the following
is used to display on the sample page contained in the attached project files.
var lBound = arrItems.lbound();
var uBound = arrItems.ubound();
for (var i = lBound; i <= uBound; i++)