List Members of An Active Directory Group

Question

I am having trouble listing members of an ad group does any one have resources or an example for this?

Answer 1

You have to tell us a lot more. Like what the design is and what you are searching by?

-Renee

Answer 2

 I am using system.directoryservice namespace.

I am building an application to help with cleaning up my folder security. What I need to do is select a folder and return a list groups attached to that folder and the file rights. I have that part. Now what I need to do is pass the groups into a directoryservices query to display the members. The part I am having trouble with. I can query the users and pick them put passed on the users group membership, but this is not the way I want to do it. Seems like more work for the system!

This is what I was working with but couldn't quite get it not exactly sure where I left off with.

' Bind to the users container.

Dim path As String = "LDAP://OU=Groups, DC=Domain"

Dim entry As New DirectoryEntry(path)

' Create a DirectorySearcher object.

Dim mySearcher As New DirectorySearcher(entry)

mySearcher.Filter = "cn=" & Replace(lstGroup.SelectedItem.ToString, "ABC\", "")

' Create a SearchResultCollection object to hold a collection of SearchResults

' returned by the FindAll method.

Dim result As SearchResultCollection = mySearcher.FindAll()

' Create an object to hold a single result from the result collection.

Dim resEnt1 As SearchResult

' Get search results. For more information, see Getting Search Results.

For Each resEnt1 In result

Dim propertyKey As Object

For Each propertyKey In resEnt1.Properties.Values

Dim valuecollection As ResultPropertyValueCollection = resEnt1.Properties(propertyKey)

Dim propertyvalue As Object

For Each propertyvalue In valuecollection

lstMembers.Items.Add(propertyKey.ToString)

Next

Next

Next

Answer 3

Hi Codeitup,

Read the following articles about querying with Active Directory:

1. Howto: (Almost) Everything In Active Directory via C#. It shows a collection of the most common Active Directory Tasks. 

2. Working with Active Directory in VB.NET. This article explains how to perform tasks within the Active Directory in a Windows 2000+ network.

If you have any further issues about Active Directory, you can post it to Active Directory and LDAP for better help.

Riquel

---

Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.

Answer 4

Just what I was looking for thank!!!

Answer 5

Below is an example that should retrieve the members of an Active Directory group. If all you need is the distinguished name you don't have to get the member object and then retrieve the samAccountName.

Public Sub ListADGroupMembers()

Dim DirectoryRoot As New DirectoryEntry("LDAP://RootDSE")

Dim DNC = DirectoryRoot.Properties("DefaultNamingContext")(0).ToString()

Dim GroupName As String = "Group Name"

Dim GroupMembers As System.Collections.Specialized.StringCollection = GetGroupMembers(DNC, GroupName)

For Each Member As String In GroupMembers

Console.WriteLine(Member)

Next Member

End Sub

Public Function GetGroupMembers(ByVal strDomain As String, ByVal strGroup As String) As System.Collections.Specialized.StringCollection

Dim GroupMembers As New System.Collections.Specialized.StringCollection()

Try

Dim DirectoryRoot As New DirectoryEntry("LDAP://" & strDomain)

Dim DirectorySearch As New DirectorySearcher(DirectoryRoot, "(CN=" & strGroup & ")")

Dim DirectorySearchCollection As SearchResultCollection = DirectorySearch.FindAll()

For Each DirectorySearchResult As SearchResult In DirectorySearchCollection

Dim ResultPropertyCollection As ResultPropertyCollection = DirectorySearchResult.Properties

Dim GroupMemberDN As String

For Each GroupMemberDN In ResultPropertyCollection("member")

Dim DirectoryMember As New DirectoryEntry("LDAP://" & GroupMemberDN)

Dim DirectoryMemberProperties As System.DirectoryServices.PropertyCollection = DirectoryMember.Properties

Dim DirectoryItem As Object = DirectoryMemberProperties("sAMAccountName").Value

If Nothing IsNot DirectoryItem Then

GroupMembers.Add(DirectoryItem.ToString())

End If

Next GroupMemberDN

Next DirectorySearchResult

Catch ex As Exception

Trace.Write(ex.Message)

End Try

Return GroupMembers

End Function

 

---

Paul ~~~~ Microsoft MVP (Visual Basic)

Answer 6

I can do one group fine and list the members but I am unable to bring in a collection of groups from my listbox... 


lstMembers.Items.Clear()

'Sets up the LDAP Path://

Dim adsRoot As New DirectoryServices.DirectoryEntry("LDAP://OU=Site,DC=Domain")

'Performs the search against the LDAP Path://

Dim adsSearch As New System.DirectoryServices.DirectorySearcher(adsRoot)

'Assigning strGroup variable from the txtGroup.text textbox

txtGroup.Text = lstGroups.SelectedItem

'Setting up our 'SQL' Select Type Statement.

adsSearch.PropertiesToLoad.Add("samAccountName")

adsSearch.PropertiesToLoad.Add("cn")

adsSearch.PropertiesToLoad.Add("Member")

'Filter for Current User

adsSearch.Filter = "samAccountName=" & txtGroup.Text

'Result Variables

Dim adsResult As SearchResult

Dim adsArray As New Hashtable

Dim adsGrpcn As String

Dim strStart As Integer

Dim strEnd As Integer

Dim strDiff As Integer

'Gets Result of the Group

adsResult = adsSearch.FindOne

'Run trhough the array

For Each adsGrpcn In adsResult.GetDirectoryEntry().Properties("member").Value

strStart = InStr(adsGrpcn, "CN=") + 3

strEnd = InStr(adsGrpcn, ",OU")

strDiff = strEnd - strStart

lstMembers.Items.Add(Mid(adsGrpcn, strStart, strDiff).ToString)

Next

Answer 7

Please clarify your scenario with detailed information so that we know what is  your question currently. Give detailed description about what you want to implement. 

---

Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.

Answer 8

Yeah, I'm not sure where you're stuck. Is it iterating through all of the AD groups in your ListBox where you are having a problem?

---

Paul ~~~~ Microsoft MVP (Visual Basic)

Answer 9

We are changing the issue type to “General Discussion” because you have not followed up. If you have more time to look at the issue and provide more information, please feel free to change the issue type back to “Question” by opening the Options list at the top of the post  window, and changing the type. If the issue is resolved, we will appreciate it if you can share the solution so that the answer can be found and used by other community members having similar questions. Thank you!

---

Please remember to mark the replies as answers if they help and unmark them if they provide no help.
Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.

Answer 10

Hi paul. In your nested loop, you're creating  a new DirectoryMember, aren't you? How expensive is this scenario if you have 5000 employees in any group? Do DirectoryEntry creates a new connection in the Active Directory?

---

michaelfallas@gmail.com Michael Hidalgo Fallas

Answer 11

It requires a look-up in Active Directory for each member if that is what you are asking. As I mentioned, you have each group member's distinguished name so whether you need additional information about the user entry is up to you. I would speculate that it would take a little bit of time to perform look-ups for 5,000 members.

---

Paul ~~~~ Microsoft MVP (Visual Basic)

Answer 12

There is other way that I can bring user information without using this nested loop? I mean, can I perform a filter expression that could bring Groups and members information just one time?

---

michaelfallas@gmail.com Michael Hidalgo Fallas