Adding domain group to local group

Question

I have this simple code:

String containerPath = String.Format("WinNT://{0}/{1},group", Environment.MachineName, localGroupName);
using (System.DirectoryServices.DirectoryEntry theContainerGroup= new System.DirectoryServices.DirectoryEntry(containerPath ))
{
   String path =  String.Format("WinNT://{0}/{1},group", theGroupToAdd_Domain, theGroupToAdd_Name);
   theContainerGroup.Invoke("Add", new object[] { path});
   theContainerGroup.CommitChanges();
}

and it seems to work okay for Global and Universal groups. However when I try to add a group that has type DomainLocal|Builtin, it gives me a "cannot find object" exception.

Is that not a supported scenario? Or do I need to alter my path for that type of group?

Answer 1

Is there a reason why you're using the WinNT provider ("WintNT://") rather than the LDAP provider ("LDAP://")? The WinNT provider is very restricted compared to the LDAP provider, although marginally easier to get started with.

In case there is a good reason, I vaguelly recall something about using "WinNT://NT AUTHORITY/groupName" but that might've been for local accounts so don't spend too long on it.