3.1.5.14.7 Attributes Field Handling

This protocol associates a field called "Attributes" with a group object and a user membership for a group. This field is a bit field that uses values from the space specified in section 2.2.1.10.

For a group object, this field can be set via SamrSetInformationGroup and queried via SamrQueryInformationGroup and the SamrQueryDisplayInformation family of methods.

For a user membership, this field can be set via SamrAddMemberToGroup and SamrSetMemberAttributesOfGroup and queried via SamrGetGroupsForUser and SamrGetMembersInGroup.

This section specifies the message processing for this field for the aforementioned methods.

On a DC configuration:

• On query, the returned value MUST be a logical union of the following bits: SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, and SE_GROUP_ENABLED.

• On set, this field is ignored. The client SHOULD<80> set the value to the logical union of the following bits: SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, and SE_GROUP_ENABLED.

On a non-DC configuration:

• Any value set via SamrSetInformationGroup MUST be returned via a subsequent call to SamrQueryInformationGroup or the SamrQueryDisplayInformation family of methods at any time in the future (not just within the current session). If no such SamrSetInformationGroup call has been made, a default value of zero MUST be returned.

• Any value set via SamrAddMemberToGroup or SamrSetMemberAttributesOfGroup MUST be returned via a subsequent call to SamrGetGroupsForUser or SamrGetMembersInGroup at any time in the future (not just within the current session). If no such call to SamrAddMemberToGroup or SamrSetMemberAttributesOfGroup has been made, a default value of zero MUST be returned.