uses JwaWindows; // Jedi Apilib with New Include model

var
  AdsPath: WideString;
  ADGroup: IADSGroup;
  GroupMember: IADS;
  GroupType: OleVariant;
  hr: HResult;
  Enum: IEnumVariant;
  Fetched: Cardinal;
  ResultItem: OleVariant;
begin
  // an Adspath always starts with LDAP:// or optionally LDAP://SERVERNAME
  AdsPath := 'LDAP://CN=Domain Admins,CN=Users,DC=rmi,DC=local';
  ADGroup := nil;

  // Bind to the object
  hr := ADsGetObject(PWideChar(AdsPath), IID_IADSGROUP, Pointer(ADGroup));
  Memo1.Lines.Add(Format('hr=%d (%s) ', [hr, SysErrorMessage(GetLastError)]));
  // Check for errors!
  if failed(hr) then
  begin
    // raise exception...
    Exit
  end;

  // Enumerate the members
  Enum := ADGroup.Members._NewEnum as IEnumVariant;
  Enum.Reset;
  Enum.Next(1, ResultItem, Fetched);

  while Fetched = 1 do
  begin
    GroupMember := IDispatch(ResultItem) as IADS;

    // is the member a user?
    if GroupMember.Class_ = 'user' then
    begin
      with (GroupMember as IADSUser) do
      begin
        Memo1.Lines.Add(Format('user: %s', [Get('displayName')]));
      end;
    end
    // is the member a group?
    else if GroupMember.Class_ = 'group' then
    begin
      with (GroupMember as IADSGroup) do
      begin
        // you should really wrap retreiving AD properties in try..except
        Memo1.Lines.Add(Format('user: %s', [Get('displayName')]));
        GroupType := Get('groupType');

        if GroupType = ADS_GROUP_TYPE_GLOBAL_GROUP or
          ADS_GROUP_TYPE_SECURITY_ENABLED then
        begin
         // Do something based on group type
        end;
      end;
    end;

    // Next
    Enum.Next(1, ResultItem, Fetched);

  end;
end;