Local Group Functions
A local group can contain user accounts or global group accounts from one or more domains. (Global groups can contain users from only one domain.) A local group shares common privileges and rights only within its own domain.
The network management local group functions control members of local groups in a way that the functions can only be called locally on the system on which the local group is defined. On a workstation, or on a server that is not a domain controller, you can use only a local group defined on that system.
In Active Directory, domains that are in native mode, local groups are called domain local groups. Domain local groups are available on all domain controllers, member servers, and workstations joined to the domain. Active Directory mixed-mode domains are defined on the primary domain controller and replicated to all other domain controllers in the domain. Therefore, a local group is available on all domain controllers within the domain in which it was created..
The local group functions create or delete local groups, and review or adjust the memberships of local groups. These functions are listed following.
| Function | Description |
|---|---|
| NetLocalGroupAdd | Creates a local group. |
| NetLocalGroupAddMembers | Adds one or more users or global groups to an existing local group. |
| NetLocalGroupDel | Deletes a local group, removing all existing members from the group. |
| NetLocalGroupDelMembers | Removes one or more members from an existing local group. |
| NetLocalGroupEnum | Returns information about each local group account on a server. |
| NetLocalGroupGetInfo | Returns information about a particular local group account on a server. |
| NetLocalGroupGetMembers | Lists all members of a specified local group. |
| NetLocalGroupSetInfo | Sets general information about a local group. |
| NetLocalGroupSetMembers | Assigns members to a local group. |
You can add a member to a local group by specifying the security identifier (SID) of the member. To translate a member account name to a SID, call the LookupAccountName function.
When you create a local group by calling the NetLocalGroupAdd function, you must supply a local group name. Initially, the local group has no members.
Local group account information is available at the following levels:
Local group membership information is available at the following information levels:
- LOCALGROUP_MEMBERS_INFO_0
- LOCALGROUP_MEMBERS_INFO_1
- LOCALGROUP_MEMBERS_INFO_2
- LOCALGROUP_MEMBERS_INFO_3
You can retrieve the names of the local groups to which a user belongs by calling the NetUserGetLocalGroups function, specifying the following information level:
For more information, see the network management Group Functions.
If you are programming for Active Directory, you may be able to call certain Active Directory Service Interface (ADSI) methods to achieve the same functionality you can achieve by calling the network management local group functions. For more information, see IADsGroup.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for