Foreign Security Principals

Summary

In this chapter, we focused on the specific issues of managing group objects in Active Directory and ADAM. We started by demonstrating how to apply our basic object creation knowledge to creating new group objects, including a discussion on group types.

We then discussed the various ways to manipulate group membership. There are several possible approaches, including direct modifications to the member attribute and invocation of the ADSI group manipulation methods.

Next, we focused on techniques for enumerating group memberships. Groups may contain many members, so we must often use special techniques to retrieve all of them. We demonstrated how to accomplish this in both .NET 2.0 and .NET 1.x.

We then discussed the other type of group membership in Active Directory: primary group membership. Primary groups work completely differently than normal groups and require a different set of techniques as a result.

We concluded with a discussion of foreign security principals, and how they relate to group membership, including a sample of how to create and read them.