C# PrincipalSearcher, returning AD groups for specific OU

Question

I'm having a bit of difficultly with this code, specifically with PrincipalSearcher. I'm trying to get a list of all the Groups associated with a specific OU.

I'm trying to just return "Security" groups under all Group Scopes, excluding distribution groups.

The issue I'm having is, it's returning these built-in groups in addition to the one's I'm intending to return.

HelpServicesGroup TelnetClients Administrators Users Guests Print Operators Backup Operators Replicator Remote Desktop Users Network Configuration Operators Performance Monitor Users Performance Log Users Distributed COM Users Domain Computers Domain Controllers Schema Admins Enterprise Admins Cert Publishers Domain Admins Domain Users Domain Guests Group Policy Creator Owners RAS and IAS Servers Server Operators Account Operators Pre-Windows 2000 Compatible Access Incoming Forest Trust Builders Windows Authorization Access Group Terminal Server License Servers DnsAdmins DnsUpdateProxy IIS_WPG

I'm not sure if perhaps the scope is incorrect or maybe I'm missing some sort of filtering.

The relevant code segment:

    public static ArrayList GetAllGroups()
    {
        var myItems = new ArrayList();

        var ctx = new PrincipalContext(ContextType.Domain,"MyOU");

        // define a "query-by-example" principal - here, we search for a GroupPrincipal 
        var qbeGroup = new GroupPrincipal(ctx);

        // create your principal searcher passing in the QBE principal    
        var srch = new PrincipalSearcher(qbeGroup);

        // find all matches
        foreach (Principal found in srch.FindAll())
        {
            var foundGroup = found as GroupPrincipal;

            if (foundGroup != null)
            {
                myItems.Add(foundGroup.Name);
            }
        }
        return myItems;
    }

How do I get this to exclude the built-in groups?

Any assistance with this will be greatly appreciated.

Thank you!

Answer 1

Two things:

1. there are no groups associated with an OU - an OU is a container which contains users, computers, groups etc. (like a directory that contains files). Is that what you mean? You want to enumerate the group contained inside a given OU??

2. if so: you're not calling the constructor for the PrincipalContext properly. If you check the MSDN documentation on PrincipalContext constructors, you'll see that the one you're using is the one with a ContextType and a name which stands for the domain name of the context you want to bind to:

   var ctx = new PrincipalContext(ContextType.Domain,"MyOU");
   

   This binds to the MyOU domain - and it binds right at the root of that domain tree.

What you're probably looking for is the constructor with three parameters - a ContextType and two strings - the first one being the domain name as above, and the second one being the start location of your search. So change your PrincipalContext construction to:

var ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=MyOU");

and then search again - now you should get only groups that are contained inside the OU=MyOU container.