Microsoft KB Archive/255942

= FIX: ADSI 2.5 Members Collection Enumerating Local Groups Fails After User Deleted =

PSS ID Number: 255942

Article Last Modified on 10/20/2003

-

The information in this article applies to:


 * Microsoft Active Directory Service Interfaces 2.5, when used with:
 * the operating system: Microsoft Windows NT 4.0

-



This article was previously published under Q255942



SYMPTOMS
When you enumerating a workstation local group on Windows NT 4 by using the Active Directory Service Interfaces (ADSI) members collection, you may obtain incomplete results.



CAUSE
If the workstation local group contains Windows NT domain members who have been removed from the domain, the enumeration process will stop at the first occurrence of a deleted Windows NT domain account. This leaves the members collection incomplete, but no error is generated.

Use of the IsMember function to verify group membership fails if the requested member is encountered in the enumeration after a previously deleted Windows NT domain member. The call returns as if the requested member is not a member of the workstation local group.

NOTE: In either case, going into User Manager and viewing the workstation local group resolves the problem by removing the deleted Windows NT account member from the group.



RESOLUTION
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows NT service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:   Date      Time    Version      Size      File name    Platform --- 04/04/2000 05:09p  4.0.1381.7052 235,280   Adsnt.dll     x86 04/04/2000 05:13p  4.0.1381.7046 425,232   Adsnt.dll     Alpha



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.



Steps to Reproduce Behavior
 Add three Windows NT domain accounts: Ann, Bob , and Cal . Add Ann, Bob, Cal to a workstation local group Test on NTBoxOne. To create a workstation local group:  Log on to a workstation account (not a Windows NT domain account!) on the Windows NT Server computer. Start User Manager and create a local group.</ol> </li> Enumerate workstation local group Test on NTBoxOne by using ADSI's members collection.

Ann, Bob, and Cal are enumerated as expected.</li> Remove the Windows NT domain account "Bob".</li> Enumerate workstation local group Test on NTBoxOne by using ADSI's members collection.

Notice that enumeration stops when it hits the deleted account, "Bob". Only "Ann" is returned in the members collection.</li> Start User Manager on NTBoxOne and view the workstation local group Test.</li> Enumerate workstation local group Test on NTBoxOne by using ADSI's members collection.</li> Ann and Cal are returned as expected in the members collection.</li></ol>

The following is a sample that you can use to enumerate a workstation local group by using ADSI's members collection: Dim objGroup As IADsGroup Dim Member As IADs Set objGroup = GetObject("WinNT://MyServer/test,group") objGroup.GetInfo For Each Member In objGroup.Members MsgBox Member.ADsPath, vbOKOnly Next Member objGroup = Nothing Member = Nothing

Work Around
The way to work around this problem is to use the WIN32 APIs to enumerate workstation local groups instead of ADSI 2.5, as demonstrated in the following code sample. There is no equivalent Win32 API call for the IsMember function: // THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF // ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO // THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A // PARTICULAR PURPOSE. // // Copyright Microsoft Corp. 1992 - 1998 // // FILE:         NUGetLGroups.c // DESCRIPTION:   List members of the local group // LIBRAY:       NETAPI32.LIB // PLATFORMS:    WINNT ONLY

// DATE:         5/9/98 //


 * 1) ifndef UNICODE
 * 2) define UNICODE
 * 3) endif


 * 1) include <stdio.h>
 * 2) include <assert.h>
 * 3) include <windows.h>
 * 4) include <lm.h>

int wmain(int argc, wchar_t *argv[]) {  LPLOCALGROUP_MEMBERS_INFO_2 pBuf = NULL; LPLOCALGROUP_MEMBERS_INFO_2 pTmpBuf; DWORD dwLevel = 2; DWORD dwFlags = LG_INCLUDE_INDIRECT ; DWORD dwPrefMaxLen = 0xFFFFFFFF; DWORD dwEntriesRead = 0; DWORD dwTotalEntries = 0; DWORD dwResumeHandle = 0; DWORD dwTotalCount = 0;

NET_API_STATUS nStatus;

if (argc != 3) {     fwprintf(stderr, L"Usage: %s \\\\ServerName GroupName\n", argv[0]); exit(1); } do  { nStatus = NetLocalGroupGetMembers( argv[1],                                          argv[2],                                           dwLevel,                                           (LPBYTE *)&pBuf,                                          dwPrefMaxLen,                                            &dwEntriesRead,                                          &dwTotalEntries,                                          &dwResumeHandle); //       if ((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA)) {          DWORD i;           pTmpBuf= pBuf; for (i = 0; i < dwEntriesRead; i++) {              wprintf(L"\t%s\n", pTmpBuf->lgrmi2_domainandname); dwTotalCount++; pTmpBuf++; }      }       else fprintf(stderr, "A system error has occurred: %d\n", nStatus);

if (pBuf != NULL) {          NetApiBufferFree(pBuf); pBuf = NULL; }

}  while( nStatus == ERROR_MORE_DATA); //   if( nStatus == NERR_Success )   printf("\nEntries enumerated: %d\n", dwTotalCount); else printf("A system error occured: %d\n",nStatus);

if (pBuf != NULL) NetApiBufferFree(pBuf);

return 0; }

Keywords: kbbug kbfix kbMsg kbQFE KB255942

Technology: kbADSI250 kbADSISearch kbAudDeveloper kbOSWinNT400 kbOSWinNTSearch kbOSWinSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.