2.2.1.4.10 GROUP_MEMBERSHIP
The GROUP_MEMBERSHIP structure identifies the group to which an account belongs.
-
typedef struct _GROUP_MEMBERSHIP { ULONG RelativeId; ULONG Attributes; } GROUP_MEMBERSHIP, *PGROUP_MEMBERSHIP;
RelativeId: The relative identifier (RID) for a particular group.
Attributes: A set of values that describe the group membership attributes set for the RID specified in RelativeId. The value is constructed from one or more bit flags from the following table.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
C
B
A
-
Where the bits are defined as:
-
Value
Description
A
The SID cannot have the SE_GROUP_ENABLED attribute removed. Corresponds to the SID attribute SE_GROUP_MANDATORY. This attribute prevents the user from disabling the group. Disabling a group causes the group to be ignored by access validation routines.
B
The SID is enabled by default (as opposed to being enabled by an application). Corresponds to the SID attribute SE_GROUP_ENABLED_BY_DEFAULT.
C
The SID is enabled for access checks. Corresponds to the SID attribute SE_GROUP_ENABLED. The SE_GROUP_ENABLED attribute enables the group.
-
All other bits MUST be zero and MUST be ignored on receipt. For more information, see [MSDOCS-TokenGrp].
These values are opaque to the Netlogon protocol. They are not used or processed directly. All fields of this structure have the same meaning as the identically named fields in the GROUP_MEMBERSHIP structure as specified in [MS-PAC] section 2.2.2.