Hopefully someone can point me in the right direction, the documentation is good in general but not very clear on this point...

Okay so I am using the WinNT provider with a .Net Framework DirectoryEntry class to enumerate the members of a local group, through the Members property.

If the member is a local account, the DirectoryEntry will also be read from the SAM on the local machine presumably.

If the member is a Domain Account however, will the provider perform a query to Active Directory when I access the properties of the DirectoryEntry object?

Is there a way to differentiate the two scenarios? For example check a property on the DirectoryEntry to see if it is going to get the properties from the local machine SAM, or by querying a domain controller to read Active Directory?

Is there a way to get the name (or even just the SID) of the member without querying Active Directory?

I'm basically trying to enumerate the local groups on a large number of servers and don't want to be hammering the domain controller, if they contain many domain user accounts. If there is a way to get like the names or Sids of the members of a local group (including domain accounts) without doing any network requests that would be sweet?