Binaryworld - How to Add/Remove NT group programatically ... [ VB -> Networking ]

This article will show you use of NetGroupAdd and NetGroupDel API to add/remove NT user group.

Windows NT and Windows 2000 exposes LanMan 32-bit Application Programming Interfaces (APIs) to provide network services. These APIs are called only from 32-bit programs running on a Windows NT or Windows 2000 and are used to control both the local and remote Windows NT (or Windows 2000) machines that you have permission to access.

Note: While Windows 2000 supports LanMan APIs for backwards compatibility, it is recommended that ADSI be used instead for most of the functions below. For more information about ADSI, search for Active Directory Services Interface or ADSI in the Microsoft Knowledge Base or MSDN.

This article contains code examples of using the following LanMan APIs:

NetGroupAdd        (using Level 1 structure)
NetLocalGroupAdd        (using Level 1 structure)
NetGroupDel
NetLocalGroupDel
NetAPIBufferFree
NetAPIBufferAllocate

Note: LAN Manager APIs use various level of structures. You can use any supported level depending on information required. For example in this article i have used NetUserAdd API with level-1 structure GROUP_INFO_1 but you can also use GROUP_INFO_0, GROUP_INFO_2 or GROUP_INFO_3 depending on information you want to specify when you add the user group.

Although, Visual Basic stores strings internally as UNICODE, it converts them to ANSI when it calls APIs. Normally this isn't a problem because most 32-bit APIs have both an ANSI and a UNICODE version. However, LanMan APIs only support UNICODE. The code snippet below demonstrates how to use Byte arrays to pass UNICODE parameters.

Instead of using strings, for example:

Click here to copy the following block

X = My_ANSI_API("Some String")

use Byte arrays, such the one below, because they aren't converted to ANSI:

Click here to copy the following block

Dim Temp() As Byte, Message As String
Message = "Some String"
Temp = Message & vbNullChar '
MyUnicodeAPI Temp(0)
Message = Temp ' modified me

Now lets check the actual code which will first add sample user TestUser1 on local machine and then it will delete that account.

Step-By-Step Example

- Create a standard exe project
- Add the following code in form1

Click here to copy the following block

Const NERR_BASE = 2100
Const ERROR_ACCESS_DENIED = 5&
Const NERR_GroupExists = (NERR_BASE + 123)
Const NERR_InvalidComputer = (NERR_BASE + 251)
Const NERR_NotPrimary = (NERR_BASE + 126)
Const NERR_PasswordTooShort = (NERR_BASE + 145)
Const NERR_UserExists = (NERR_BASE + 124)
Const NERR_UserNotFound = (NERR_BASE + 121)
Const NERR_SpeGroupOp = (NERR_BASE + 134)

Private Type GROUP_INFO_1
  ptrname As Long
  ptrcomment As Long
End Type

Private Declare Function NetAPIBufferFree Lib "NETAPI32.dll" Alias _
    "NetApiBufferFree" (ByVal Ptr As Long) As Long

Private Declare Function NetAPIBufferAllocate Lib "NETAPI32.dll" Alias _
    "NetApiBufferAllocate" (ByVal ByteCount As Long, Ptr As Long) As Long

Private Declare Function StrToPtr Lib "Kernel32" Alias "lstrcpyW" _
    (ByVal Ptr As Long, Source As Byte) As Long

' Add/remove using Level 1 group structure
'//global group
Private Declare Function NetGroupAdd1 Lib "NETAPI32.dll" Alias "NetGroupAdd" _
    (servername As Byte, ByVal level As Long, Buffer As GROUP_INFO_1, ParmError As Long) As Long

'//local group
Private Declare Function NetLocalGroupAdd1 Lib "NETAPI32.dll" Alias "NetLocalGroupAdd" _
    (servername As Byte, ByVal level As Long, Buffer As GROUP_INFO_1, ParmError As Long) As Long

Private Declare Function NetGroupDel Lib "NETAPI32.dll" _
    (servername As Byte, groupname As Byte) As Long

Private Declare Function NetLocalGroupDel Lib "NETAPI32.dll" _
    (servername As Byte, groupname As Byte) As Long

Function DelGroup(ByVal servername As String, ByVal groupname As String, Optional IsLocalGroup As Boolean = True) As Long
  Dim GNArray() As Byte, SNArray() As Byte
  GNArray = groupname & vbNullChar
  SNArray = servername & vbNullChar
  If IsLocalGroup = True Then
    DelGroup = NetLocalGroupDel(SNArray(0), GNArray(0))
  Else
    DelGroup = NetGroupDel(SNArray(0), GNArray(0))
  End If
End Function

Function AddGroup(ByVal servername As String, ByVal groupname As String, _
  ByVal GroupComment As String, Optional IsLocalGroup As Boolean = True) As Long

  Dim result As Long, GNPtr As Long, GCPtr As Long, ParmError As Long
  Dim SNArray() As Byte, GNArray() As Byte, GCArray() As Byte
  Dim GroupStruct As GROUP_INFO_1
  '
  ' Move to byte arrays
  '
  SNArray = servername & vbNullChar
  GNArray = groupname & vbNullChar
  GCArray = GroupComment & vbNullChar

  '
  ' Allocate buffer space
  '
  result = NetAPIBufferAllocate(UBound(GNArray) + 1, GNPtr)
  result = NetAPIBufferAllocate(UBound(GCArray) + 1, GCPtr)
  '
  ' Copy arrays to the buffer
  '
  result = StrToPtr(GNPtr, GNArray(0))
  result = StrToPtr(GCPtr, GCArray(0))

  '
  ' Fill the structure
  '
  With GroupStruct
    .ptrname = GNPtr
    .ptrcomment = GCPtr
  End With
  '
  ' Add the Group
  '
  If IsLocalGroup = False Then
    result = NetGroupAdd1(SNArray(0), 1, GroupStruct, ParmError)
  Else
    result = NetLocalGroupAdd1(SNArray(0), 1, GroupStruct, ParmError)
  End If

  AddGroup = result
  If result <> 0 Then
    Debug.Print "Error " & result & " in parameter " & ParmError _
        & " when adding group " & groupname
  End If
  '
  ' Release buffers from memory
  '
  result = NetAPIBufferFree(GNPtr)
  result = NetAPIBufferFree(GCPtr)
End Function

Function GetError(errCode As Long) As String
  Select Case errCode
    Case NERR_InvalidComputer
      GetError = "The computer name is invalid."
    Case NERR_NotPrimary
      GetError = "The operation is allowed only on the primary domain controller of the domain."
    Case NERR_PasswordTooShort
      GetError = "The password is shorter than required according to policy."
    Case NERR_UserExists
      GetError = "The user name already exists."
    Case NERR_GroupExists
      GetError = "The group name already exists."
    Case NERR_UserNotFound
      GetError = "The user name could not be found."
    Case NERR_SpeGroupOp
      GetError = "The operation is not allowed on certain " & _
          "special groups. These groups include user groups, " & _
          "admin groups, local groups, and guest groups."
    Case ERROR_ACCESS_DENIED
      GetError = "Access is denied"
    Case Else
      GetError = "Error#" & Err.LastDllError
  End Select
End Function

Private Sub Form_Load()
  Dim ret As Long

  '//Note: If server is remote machine then you must specify name starting with "\\"
  '//You can leave servername blank or put "." if its local machine
  ret = AddGroup(".", "TestGroup1", "This is jsut testing group", True)

  If ret = 0 Then
    MsgBox "Group added", vbInformation
  Else
    MsgBox GetError(ret)
    Exit Sub
  End If

  ret = MsgBox("Do you want to delete the Group which you just added?", vbQuestion + vbYesNo)
  If ret = vbYes Then
    ret = DelGroup(".", "TestGroup1")
    If ret = 0 Then
      MsgBox "Group Deleted", vbInformation
    Else
      MsgBox GetError(ret)
      Exit Sub
    End If
  End If
End Sub