No navigation frame on the left? Click here. NetUserSetGroups |
|
NetUserSetGroups() offers a trap for the unwary. Besides only working for global groups (that is, domain groups) and then only if the domain controller is named as the server to run the call on, it also likes to return error 2234:
On NT, every user has a "primary" group membership -- have a look at User Manager, some user's properties, "Groups" button, check the bottom of the dialog. You cannot remove this group membership; if you want to, you must first make another group the user's primary group membership. By now, you know what the trap is: if the user's primary group membership is a domain group, then the list of groups submitted to NetUserSetGroups() must contain this group. nusg.cpp, 2 KB |