locked
List Members of An Active Directory Group RRS feed

  • General discussion

  • I am having trouble listing members of an ad group does any one have resources or an example for this?

    Monday, March 16, 2009 7:14 PM

All replies

  • You have to tell us a lot more. Like what the design is and what you are searching by?

    -Renee
    Monday, March 16, 2009 7:26 PM
  •  I am using system.directoryservice namespace.

    I am building an application to help with cleaning up my folder security. What I need to do is select a folder and return a list groups attached to that folder and the file rights. I have that part. Now what I need to do is pass the groups into a directoryservices query to display the members. The part I am having trouble with. I can query the users and pick them put passed on the users group membership, but this is not the way I want to do it. Seems like more work for the system!

    This is what I was working with but couldn't quite get it not exactly sure where I left off with.

    ' Bind to the users container.

    Dim path As String = "LDAP://OU=Groups, DC=Domain"

    Dim entry As New DirectoryEntry(path)

    ' Create a DirectorySearcher object.

    Dim mySearcher As New DirectorySearcher(entry)

    mySearcher.Filter = "cn=" & Replace(lstGroup.SelectedItem.ToString, "ABC\", "")

    ' Create a SearchResultCollection object to hold a collection of SearchResults

    ' returned by the FindAll method.

    Dim result As SearchResultCollection = mySearcher.FindAll()

    ' Create an object to hold a single result from the result collection.

    Dim resEnt1 As SearchResult

    ' Get search results. For more information, see Getting Search Results.

    For Each resEnt1 In result

    Dim propertyKey As Object

    For Each propertyKey In resEnt1.Properties.Values

    Dim valuecollection As ResultPropertyValueCollection = resEnt1.Properties(propertyKey)

    Dim propertyvalue As Object

    For Each propertyvalue In valuecollection

    lstMembers.Items.Add(propertyKey.ToString)

    Next

    Next

    Next

    Monday, March 16, 2009 9:27 PM
  • Hi Codeitup,

    Read the following articles about querying with Active Directory:

    1. Howto: (Almost) Everything In Active Directory via C#. It shows a collection of the most common Active Directory Tasks. 

    2. Working with Active Directory in VB.NET. This article explains how to perform tasks within the Active Directory in a Windows 2000+ network.

    If you have any further issues about Active Directory, you can post it to Active Directory and LDAP for better help.

    Riquel

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Thursday, March 19, 2009 7:05 AM
    Moderator
  • Just what I was looking for thank!!!
    Thursday, March 19, 2009 11:28 AM
  • Below is an example that should retrieve the members of an Active Directory group. If all you need is the distinguished name you don't have to get the member object and then retrieve the samAccountName.

        Public Sub ListADGroupMembers()  
     
            Dim DirectoryRoot As New DirectoryEntry("LDAP://RootDSE")  
            Dim DNC = DirectoryRoot.Properties("DefaultNamingContext")(0).ToString()  
            Dim GroupName As String = "Group Name" 
            Dim GroupMembers As System.Collections.Specialized.StringCollection = GetGroupMembers(DNC, GroupName)  
     
            For Each Member As String In GroupMembers  
                Console.WriteLine(Member)  
            Next Member  
     
        End Sub 
     
        Public Function GetGroupMembers(ByVal strDomain As StringByVal strGroup As StringAs System.Collections.Specialized.StringCollection  
     
            Dim GroupMembers As New System.Collections.Specialized.StringCollection()  
     
            Try 
                Dim DirectoryRoot As New DirectoryEntry("LDAP://" & strDomain)  
                Dim DirectorySearch As New DirectorySearcher(DirectoryRoot, "(CN=" & strGroup & ")")  
                Dim DirectorySearchCollection As SearchResultCollection = DirectorySearch.FindAll()  
                For Each DirectorySearchResult As SearchResult In DirectorySearchCollection  
                    Dim ResultPropertyCollection As ResultPropertyCollection = DirectorySearchResult.Properties  
                    Dim GroupMemberDN As String 
                    For Each GroupMemberDN In ResultPropertyCollection("member")  
                        Dim DirectoryMember As New DirectoryEntry("LDAP://" & GroupMemberDN)  
                        Dim DirectoryMemberProperties As System.DirectoryServices.PropertyCollection = DirectoryMember.Properties  
                        Dim DirectoryItem As Object = DirectoryMemberProperties("sAMAccountName").Value  
                        If Nothing IsNot DirectoryItem Then 
                            GroupMembers.Add(DirectoryItem.ToString())  
                        End If 
                    Next GroupMemberDN  
                Next DirectorySearchResult  
            Catch ex As Exception  
                Trace.Write(ex.Message)  
            End Try 
     
            Return GroupMembers  
     
        End Function 



     


    Paul ~~~~ Microsoft MVP (Visual Basic)
    Thursday, March 19, 2009 2:48 PM
  • I can do one group fine and list the members but I am unable to bring in a collection of groups from my listbox... 


    lstMembers.Items.Clear()

    'Sets up the LDAP Path://

    Dim adsRoot As New DirectoryServices.DirectoryEntry("LDAP://OU=Site,DC=Domain")

    'Performs the search against the LDAP Path://

    Dim adsSearch As New System.DirectoryServices.DirectorySearcher(adsRoot)

    'Assigning strGroup variable from the txtGroup.text textbox

    txtGroup.Text = lstGroups.SelectedItem

    'Setting up our 'SQL' Select Type Statement.

    adsSearch.PropertiesToLoad.Add("samAccountName")

    adsSearch.PropertiesToLoad.Add("cn")

    adsSearch.PropertiesToLoad.Add("Member")

    'Filter for Current User

    adsSearch.Filter = "samAccountName=" & txtGroup.Text

    'Result Variables

    Dim adsResult As SearchResult

    Dim adsArray As New Hashtable

    Dim adsGrpcn As String

    Dim strStart As Integer

    Dim strEnd As Integer

    Dim strDiff As Integer

    'Gets Result of the Group

    adsResult = adsSearch.FindOne

    'Run trhough the array

    For Each adsGrpcn In adsResult.GetDirectoryEntry().Properties("member").Value

    strStart = InStr(adsGrpcn, "CN=") + 3

    strEnd = InStr(adsGrpcn, ",OU")

    strDiff = strEnd - strStart

    lstMembers.Items.Add(Mid(adsGrpcn, strStart, strDiff).ToString)

    Next

    Saturday, March 21, 2009 1:46 AM
  • Please clarify your scenario with detailed information so that we know what is  your question currently. Give detailed description about what you want to implement. 
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Monday, March 23, 2009 4:39 AM
    Moderator
  • Yeah, I'm not sure where you're stuck. Is it iterating through all of the AD groups in your ListBox where you are having a problem?
    Paul ~~~~ Microsoft MVP (Visual Basic)
    Monday, March 23, 2009 1:37 PM
  • We are changing the issue type to “General Discussion” because you have not followed up. If you have more time to look at the issue and provide more information, please feel free to change the issue type back to “Question” by opening the Options list at the top of the post  window, and changing the type. If the issue is resolved, we will appreciate it if you can share the solution so that the answer can be found and used by other community members having similar questions. Thank you!


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Wednesday, March 25, 2009 1:42 AM
    Moderator
  • Hi paul. In your nested loop, you're creating  a new DirectoryMember, aren't you? How expensive is this scenario if you have 5000 employees in any group? Do DirectoryEntry creates a new connection in the Active Directory?
    michaelfallas@gmail.com Michael Hidalgo Fallas
    Tuesday, August 24, 2010 4:35 PM
  • It requires a look-up in Active Directory for each member if that is what you are asking. As I mentioned, you have each group member's distinguished name so whether you need additional information about the user entry is up to you. I would speculate that it would take a little bit of time to perform look-ups for 5,000 members.

    Paul ~~~~ Microsoft MVP (Visual Basic)
    Tuesday, August 24, 2010 5:13 PM
  • There is other way that I can bring user information without using this nested loop? I mean, can I perform a filter expression that could bring Groups and members information just one time?




    michaelfallas@gmail.com Michael Hidalgo Fallas
    Tuesday, August 24, 2010 7:28 PM