Directory Services |
When a member server or a computer running on Windows NT® Workstation or Windows® 2000 Professional is a member of a Windows 2000 domain, the users and groups that belong to the domain can be added to groups on the local computer to grant rights to the domain user or group on that particular computer.
When managing groups on a Windows 2000 domain using ADSI, the LDAP provider is normally used. When managing groups on member servers and a computer running Windows NT Workstation/Windows 2000 Professional, however, the WinNT provider must be used.
Only local groups can be created on member servers and Windows 2000 Professional. However, the local groups can contain any of the following:
To add a domain user or group object to a machine local group, perform the following steps
WinNT://<computer name>,computer
where
<computer name>
is the name of the computer
group to add a member to. The ,computer
parameter
instructs ADSI that it is binding to a computer. ADSI exposes this
data to the WinNT provider's parser so that it can skip some
ambiguity-resolution queries to determine what type of object you
are binding to. This can save the user a 5-20 second wait for the
ambiguity to be resolved.group
as the class and the group name as
the name of the object to bind to the group.WinNT://<domain>/<name>
, where
<domain>
is the name of the domain that contains
the object to add and <name>
is the name of the
object to add.For more information and a code example that shows how to add a domain user or group object to a local group, see Example Code for Adding a Domain Object to a Matching Local Group.