NetLocalGroupDel (netapi32)
Last changed: -131.107.71.94
.
Summary
removes one or more members from an existing local group

C# Signature:

    [DllImport("NetApi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    static extern Int32 NetLocalGroupDelMembers(
        string servername,
        string groupname,
        UInt32 level,
        ref LOCALGROUP_MEMBERS_INFO_3 buf,
        UInt32 totalentries
        );

VB Signature:

Declare Function NetLocalGroupDelMembers Lib "netapi32.dll" (TODO) As TODO

User-Defined Types:

None.

Alternative Managed API:

Do you know one? Please contribute it!

Notes:

None.

Tips & Tricks:

Please add some!

Sample Code:

        struct LOCALGROUP_MEMBERS_INFO_3
        {
            [MarshalAs(UnmanagedType.LPWStr)]
            public string Domain;
        }

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        static extern bool LookupAccountSid(
            string SystemName,
            [MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
            StringBuilder Name,
            ref uint NameCount,
            StringBuilder ReferencedDomainName,
            ref uint ReferencedDomainNameCount,
            out SID_NAME_USE SIDUse);

        [StructLayout(LayoutKind.Sequential)]
        private struct LOCALGROUP_MEMBERS_INFO_0
        {
            [MarshalAs(UnmanagedType.SysInt)]
            public IntPtr pSID;

        }

        internal static class Win32ErrorCodes
        {
            internal const int NERR_Success         = 0x000;
            // member isn't in the group
            internal const int MemberNotInAlias     = 0x561;
        }

        public static bool DelUserFromGroup(string UserName)
        {
            bool bOk = false;

            StringBuilder sbName = new StringBuilder();
            uint uiName = (uint)sbName.Capacity;
            StringBuilder sbReferencedDomainName = new StringBuilder();
            uint uiReferencedDomainNameCount = (uint)sbReferencedDomainName.Capacity;
            SID_NAME_USE eUse;
            // Sid for BUILTIN\Administrators
            byte[] baSid = new byte[] { 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2 };

            if (!LookupAccountSid(null, baSid, sbName, ref uiName, sbReferencedDomainName, ref uiReferencedDomainNameCount, out eUse))
                return bOk;

            // prepare user name
            LOCALGROUP_MEMBERS_INFO_3 info;
            info.Domain = UserName;

            int iRetVal = 0;
            if ((iRetVal = NetLocalGroupDelMembers(null, sbName.ToString(), 3, ref info, 1)) != 0)
                bOk = true;

            return bOk;
        }

        public static void RemoveFromLocalGroup(string groupName, SecurityIdentifier sid)
        {
            var sidBytes = new byte[sid.BinaryLength];
            sid.GetBinaryForm(sidBytes, 0);

            var info = new LOCALGROUP_MEMBERS_INFO_0
            {
                pSID = Marshal.AllocHGlobal(sidBytes.Length)
            };

            try
            {
                Marshal.Copy(sidBytes, 0, info.pSID, sidBytes.Length);

                var result = NetLocalGroupDelMembers(null, groupName, 0, ref info, 1);
                if (result == Win32ErrorCodes.NERR_Success || result == Win32ErrorCodes.MemberNotInAlias)
                {
                    return;
                }

                throw new Win32Exception(result);
            }
            finally
            {
                Marshal.FreeHGlobal(info.pSID);
            }
        }

Documentation
NetLocalGroupDelMembers on MSDN