18.104.22.168.2 SamrRemoveMemberFromGroup (Opnum 24)
The SamrRemoveMemberFromGroup method removes a member from a group.
long SamrRemoveMemberFromGroup( [in] SAMPR_HANDLE GroupHandle, [in] unsigned long MemberId );
This protocol asks the RPC runtime, via the strict_context_handle attribute, to reject the use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 3.
Upon receiving this message, the server MUST process the data from the message subject to the following constraints:
The server MUST return an error if GroupHandle.HandleType is not equal to "Group".
GroupHandle.GrantedAccess MUST have the required access specified in section 22.214.171.124. Otherwise, the server MUST return STATUS_ACCESS_DENIED.
All database operations MUST occur in a single transaction.
Let G be the group referenced by the GroupHandle.Object.
If G's member attribute does not have a dsname value that references the object whose objectSid is TargetSid, the server MUST return an error.
G's member attribute MUST be updated to remove a dsname value that references the object with the objectSid value TargetSid.