locked
Retrieving all groups from AD RRS feed

  • Question

  • Hi,

    We have an application that tries to scan though AD to identify each user by group, but we have a new group that appears not to be selected. We've been unable to spot any differences between the setup of the groups which are selected and the new group which is not. Can anyone suggest what we might have missed ?

    Here's how we scan AD Using system.DirectoryServices -

            Dim strGroupNames() As String = {String.Empty}
            Try
                Dim objRoot As DirectoryEntry = New DirectoryEntry(m_sADConnection)
                Dim objSearcher As DirectorySearcher = New DirectorySearcher(objRoot)
                Dim objGroups As SearchResultCollection
                Dim objGroup As SearchResult
                Dim strGroupName As String = String.Empty
                Dim intLastChar As Integer = 0
                Dim intLength As Integer = 0
                Dim intCount As Integer = 0
                'define search so it only returns groups
                objSearcher.Filter = "(objectCategory=group)"
                'get results
                objGroups = objSearcher.FindAll
                For Each objGroup In objGroups

                    'get full group name inc ldap path
                    strGroupName = objGroup.Path
                    'strip out unwanted data
                    intLastChar = strGroupName.IndexOf(",OU")
                    If intLastChar > -1 Then
                        strGroupName = strGroupName.Substring(10, intLastChar - 10)
                        If strGroupName <> String.Empty Then
                            'Re-dimension array and add group
                            intCount += 1
                            ReDim Preserve strGroupNames(intCount)
                            strGroupNames(intCount - 1) = strGroupName
                        End If
                    End If
                Next
                Return strGroupNames

    The group that is not being selected is set up this:

    Distinguished name=  CN=Our Group Name,OU=Default Groups & User Accounts,DC=CompanyName,DC=com

    Group Type = ACCOUNT_GROUP|SECURITY_ENABLED

    Object category = CN=Group,CN=Schema,CN=Configuration,DC=CompanyName,DC=com

    objectClass= top; group

    sANAccountType = GROUP_OBJECT

    Any assistance would be greatly appreciated.

    Friday, March 22, 2019 12:46 PM

All replies

  • For troubleshooting, I would change the Filter to just retrieve the one problem group (perhaps filter on sAMAccountName), then run the code to output objGroup.Path, intLastChar, and then strGroupName.Substring(10, intLastChar - 10). This is to check that the Path gets parsed correctly. You rename the value of strGroupName, so that may confuse things. I assume the "10" is to strip off the provider part, "LDAP://CN=".

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, March 22, 2019 2:48 PM