locked
Active Directory groups RRS feed

  • Question

  • User-39953368 posted

    I am trying to get a list of security groups in AD but I am not having much luck. When I check Active Directory Users and Computers MMC, I see:

    blah.blah.com (top)

    Group1

        Group1_1

            Group1_1_1

            Group1_1_2

        Group1_2

    Group2

    and so on. What I need is all security groups in Group1_1_2. I tried using DirectoryEntry and DirectorySearcher using "(&(objectClass=group))" as search filter but I get things I can't even find in Active Directory Users and Computers MMC.

    Thanks.

    Friday, May 24, 2013 1:53 PM

Answers

  • User1508394307 posted

    I don't think that objSearchADAM.Filter = "(&(objectCategory=group)(OU=Group1_2)(OU=Grpup1_2_1))"; is correct.  It should be 

    objSearchADAM.Filter = "(&(objectCategory=group)(OU=Grpup1_2_1))";

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, May 28, 2013 10:36 AM

All replies

  • User1508394307 posted

    Use LDAP tools, e.g. LDAP Browser where you can test "(&(objectClass=group))"

    To get nested groups for Group1_1_2 your search request should include uid= or cn= and must be something like 

    (&(cn=Group1_1_2)(objectClass=group))

    but again you can see it exactly in LDAP Browser.

    Friday, May 24, 2013 6:34 PM
  • User-39953368 posted

    Thank you for the reply smirnov. I downloaded the tool and chcekd the AD structure. What I see is soething like this:

    Local Server
        <controller name>
            CN=Configuration
            ....
            DC = <domain name>
                OU=Group1_2
                    OU = Group1_2_1
    

    In the code I have:

     string strPath = "LDAP://<domain Name>.ABC.DEF.COM";
    
                // Binding object. 
                DirectoryEntry objADAM = default(DirectoryEntry);
                // Group Results. 
                DirectoryEntry objGroupEntry = default(DirectoryEntry);
                // Search object. 
                DirectorySearcher objSearchADAM = default(DirectorySearcher);
                // Results collection. 
                SearchResultCollection objSearchResults = default(SearchResultCollection);
                // Construct the binding string. 
                List<string> result = new List<string>();            
    
                // Get the AD LDS object. 
                try
                {
                    objADAM = new DirectoryEntry(strPath);
                    objADAM.RefreshCache();
                }
                catch (Exception e)
                {
                    throw e;
                }
    
                // Get search object, specify filter and scope, 
                // perform search. 
                try
                {
                    objSearchADAM = new DirectorySearcher(objADAM);
                    //objSearchADAM.Filter = "(memberOf:1.2.840.113556.1.4.1941:=OU=Group1_2_1)";
                    objSearchADAM.Filter = "(&(objectCategory=group)(OU=Group1_2)(OU=Grpup1_2_1))";
                    objSearchADAM.SearchScope = SearchScope.Subtree;
                    objSearchResults = objSearchADAM.FindAll();
                }
    
    
    

    objSearchResults alwyas has a count of 0.

    Tuesday, May 28, 2013 9:34 AM
  • User1508394307 posted

    I don't think that objSearchADAM.Filter = "(&(objectCategory=group)(OU=Group1_2)(OU=Grpup1_2_1))"; is correct.  It should be 

    objSearchADAM.Filter = "(&(objectCategory=group)(OU=Grpup1_2_1))";

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, May 28, 2013 10:36 AM
  • User-39953368 posted

    I had tried that as well but it did not return anythinh. I had to use

    LDAP://<domain_name>.ABC.DCE.COM/OU=Group1_1,OU=Group1_1_2,DC=<domain_name>,DC=ABC,DC=DEF,DC=COM

    as the path string for DirectoryEntry and then just use (objectcategory=group) as search filter.

    Tuesday, May 28, 2013 12:09 PM