locked
Syntax question enumerating Active Directory Group Properties RRS feed

  • Question

  • User866270152 posted

    Hi there,

    This is less an Active Directory thing and more a C# Syntax thing (I think!).

    In a nutshell, I have a mostly-functional app that does a few things including searching the entire Active Directory for Groups and putting the values of the CN, Description, and Info fields into a database.  The issue that I am experiencing is that when the foreach loop hits a group with a null value in the description or info fields (the value should be "") the app carry's the previous value over until it hits a group that actually has a value.  Then that value becomes "The Value" that all the next value-less groups have displayed.

    Perhaps some code will make this clearer:

    <code>

    using System;
    using System.Data;
    using System.DirectoryServices;
    using System.Configuration;
    using System.Collections;
    using System.IO;
    using System.Management;
    using System.Data.SqlClient;
    using System.DirectoryServices.ActiveDirectory;
    using System.Text.RegularExpressions;
    using System.Text;

    namespace ADGroupEnum
    {
        class ADGroupEnum
        {

            static void Main(string[] args)
            {
                string strName = "";
                string strInfo = "";
                string strComment = "";
                DirectoryEntry strLDAP = new DirectoryEntry(@"LDAP://SERVER:389/OU=ROOT,DC=COMPANY,DC=com");
                DirectorySearcher mySearcher = new DirectorySearcher(strLDAP);
                mySearcher.Filter = ("(objectClass=group)");
                foreach (SearchResult resEnt in mySearcher.FindAll())
                {
                    string strGroupName = resEnt.GetDirectoryEntry().Name.ToString();
                    Match dl = Regex.Match(strGroupName, "(DL)");
                    Match USBOU1 = Regex.Match(strGroupName, "(USBOU1)");
                    /* All of our distribution lists begin with DL */
                    if (dl.Success)
                    { }
                    else
                    {
                        /* All of our groups begin with USBOU1 */
                        if (USBOU1.Success)
                        {
                            foreach (string key in resEnt.GetDirectoryEntry().Properties.PropertyNames)
                            {
                                /* I only want "cn", "description", and "info" fields.  I have verified that these fields all are valid and have a VBSCRIPT that can properly collect this information */

                                foreach (object o in resEnt.GetDirectoryEntry().Properties[key])
                                {
                                    if (key == "cn")
                                    {
                                        if (o.ToString() == "")
                                        {
                                            strName = "";
                                        }
                                        else
                                        {
                                            strName = o.ToString();
                                        }
                                    }
                                    else if (key == "description")
                                    {
                                        if (o.ToString() == "")
                                        {
                                            strComment = "";
                                        }
                                        else
                                        {
                                            strComment = o.ToString();
                                        }
                                    }
                                    else if (key == "info")
                                    {
                                        if (o.ToString() == "")
                                        {
                                            strInfo = "";
                                        }
                                        else
                                        {
                                            strInfo = o.ToString();
                                        }
                                    }
                                }
                            }Writem(strName, strComment, strInfo);
                            }
                        }
                    }
                }
            public static void Writem(string name, string comment, string info)
            {
                Console.WriteLine(name + "\n" + comment + "\n" + info + "\n" + "============================================\n");
               
            }

        }
    }

    </code>

    What am I doing wrong here?  I thought that the if (o.ToString() == "") bit would get it to do what I wanted, but it doesn't seem to make any difference.

    Can anyone help?

    Thanks!

    Tuesday, January 10, 2006 12:50 PM

All replies

  • User1354132231 posted
    Attributes either exist or do not exist in AD, there is no concept of null.  This is only an interesting disconnect that is required for a programming model like C# to sit on top of LDAP.  In your case, unless someone has actually created an attribute and set the value to empty string, it will not exist.

    I think you should use the filtering built into LDAP to do what you are doing.  It would be much more efficient and manageable.  If you only want to include security groups, just specify it.

    For instance, using a filter of "(&(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))" would only return security enabled groups (no dl's).  If you were to add "(cn=USBOU1*)" as well into that, it would only return groups that started with this.

    Next, if you check the first post in this LDAP forum called "Common S.DS Patterns", it will show you how to search for multiple objects.  Using the filter specified above and adding your attributes you are looking for, it should easily be able to find and return all the values for this.

    Tuesday, January 10, 2006 6:02 PM
  • User866270152 posted

    That helps a lot, although the issue was that some of the groups in my orginazation have no values in the "description" and "info" fields.  How I managed to get this to work is thus: I picked the easy out and set the value of the variables to "" after sending them to the stored procedure.

    On the whole though, your suggestions should speed up the execution of the search and I appreciate your help.

    Thanks!

    Adam

    Wednesday, January 11, 2006 8:57 AM