|
I personally think the key API is LookupAccountSID ... after having personally written a utility that does something very similar here (we called the program "GroupIt" - lol - this was before v4.0) ... i think the process is:
1) Kixtart enumerates the security token of the user that is logging in.
2) For each Group SID in the token, it performs a LookupAccountSID on the domain, which can be time consuming. Plus, depending on how your domain is configured (talking NT 4 and trusted domains) this call can actually be broadcast across trusted domains.
3) The domain returns the string version of the group name, which is used to check the string in INGROUP(). This name is also cached for future reference.
4) Next time, instead of doing an account lookup, the cached version of the group name string is used. Until of course the cache is flushed and any potentially renamed group names are cached.
I know that I'm not adding any value-add to this thread, would be nice to get the developers comments on this though ...
-Shawn
| 
