Just to add to what Marc said, if you want to find domain local groups in
the domain, you would want to use the LDAP provider and add a bitwise filter
on the groupType attribute. If you want to examine local groups on a
machine, then you must use the WinNT provider. I took your original
statement to mean the former, whereas I think Marc understood you to mean
With a bitwise filter on groupType, you can filter on DLG, global and
universal group types and filter on security vs. non-security as well.
Additionally, we wrote a whole book that basically explains how to do all
the stuff you are trying to do and more. You may find it very helpful if
you are planning to do much .NET DS programming.
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"