Local Users and Active Directory RRS feed

  • Question

  • I am designing a tool to help users and administrators visually evaluate access control policies of their machines. At the moment, my goal is to only deal with the local computer on which this program will run, although in the future I may want to try to expand the application to work over the network. 

    I need to be able to obtain a list of the users and groups on the local system, and to determine which groups any given user belongs to, so that I can compute such a user's privileges on various files and directories. I am able to list the users and groups by using the WinNT provider to obtain a DirectoryEntry representing what I understand to be the root of the local machine's user directory. 

    DirectoryEntry AD = new
                               DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");

    The functionality of the WinNT provider seems somewhat limitted, however, and I am very unclear about what it is actually accessing here. I've been reading about Active Directory and LDAP, and I had previously assumed that I could accomplish my task using the LDAP provider, but I haven't found any way to do so. So my questions:

    1. Does my personal computer (windows xp pro) use Active Directory to store users and groups?
    2. If so, how do I access this directory with the LDAP provider, and is this also what the WinNT provider is accessing?
    3. If not, then what is the WinNT provider looking at?

    I have scoured the net for days trying to understand all of this, but I haven't come across any really good explinations, so any help would be greatly appreciated. 
    Wednesday, February 4, 2009 5:57 AM


All replies

  • 1. No. It uses it's own WinXP database. Active Directory belongs to servers, Win XP Pro is a workstation.

    2.  I don't believe that makes a difference, if you use the correct query pointed at the local machine, Windows will allow data to be queried and retrieved. If you are querying a non-local server, be aware that there are limitations on what a WinXP Pro machine is allowed to do with AD.

    3. See 2. You may need to install the admin pack to allow access, see this link: http://www.microsoft.com/downloads/details.aspx?familyid=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en

    Here is a good link to get you started


    • Marked as answer by Zhi-Xin Ye Monday, February 9, 2009 8:57 AM
    Sunday, February 8, 2009 12:52 AM
  • Thanks for the response and the links. This helped me to understand Active Directory better.

    What is this "WinXP database?" If not AD, what is the code fragment in my first post actually accessing? Is it SAM? 

    Wednesday, February 11, 2009 9:34 PM
  • I'm not sure how XP stores these items internally.
    Wednesday, February 11, 2009 11:46 PM