When a member server or a computer running on Windows NT® Workstation or Windows® 2000 Professional is a member of a Windows 2000 domain, the users and groups that belong to the domain can be added to groups on the local computer to grant rights to the domain user or group on that particular computer.
When managing groups on a Windows 2000 domain using ADSI, the LDAP provider is normally used. When managing groups on member servers and a computer running Windows NT Workstation/Windows 2000 Professional, however, the WinNT provider must be used.
Only local groups can be created on member servers and Windows 2000 Professional. However, the local groups can contain any of the following:
To add a domain user or group object to a machine local group, perform the following steps
<computer name>is the name of the computer group to add a member to. The
,computerparameter instructs ADSI that it is binding to a computer. ADSI exposes this data to the WinNT provider's parser so that it can skip some ambiguity-resolution queries to determine what type of object you are binding to. This can save the user a 5-20 second wait for the ambiguity to be resolved.
groupas the class and the group name as the name of the object to bind to the group.
<domain>is the name of the domain that contains the object to add and
<name>is the name of the object to add.
For more information and a code example that shows how to add a domain user or group object to a local group, see Example Code for Adding a Domain Object to a Matching Local Group.