Menu
I'm trying to get a list of users and some properties about the user from within an active directory group.
Update:
Here are the two methods I currently have:
Dim adGroup As New DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com")
Dim adMembers As Object
Dim objUser As ActiveDirectoryUser
Dim objUserList As New List(Of ActiveDirectoryUser)
Dim directoryEntry As DirectoryEntry
adMembers = adGroup.Invoke("Members", Nothing)
For Each adMember As Object In CType(adMembers, IEnumerable)
directoryEntry = New DirectoryEntry(adMember)
objUser = New ActiveDirectoryUser
objUser.UserId = directoryEntry.Properties.Item("sAMAccountName").Value.ToString()
objUser.Contract = directoryEntry.Properties.Item("ou").Value.ToString()
objUser.LastName = directoryEntry.Properties.Item("sn").Value.ToString()
objUser.FirstName = directoryEntry.Properties.Item("givenName").Value.ToString()
objUser.Email = directoryEntry.Properties.Item("mail").Value.ToString()
objUserList.Add(objUser)
Next
The first piece works, though it seems quite inefficient. My memory usage climbs and climbs as it's executing and I was getting this error, though it looks like that can be fixed. The second method:
Dim results As SearchResultCollection
Dim directoryEntry2 As New DirectoryEntry("LDAP://DC=domain,DC=com")
Dim directorySearcher As New DirectorySearcher(directoryEntry2)
directorySearcher.PageSize = 1000
directorySearcher.Filter = "(&(objectCategory=person)" & _
"(objectClass=user)" & _
"(memberOf=CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com))"
directorySearcher.PropertiesToLoad.Add("ou")
directorySearcher.PropertiesToLoad.Add("sn")
directorySearcher.PropertiesToLoad.Add("givenName")
directorySearcher.PropertiesToLoad.Add("sAMAccountName")
directorySearcher.PropertiesToLoad.Add("mail")
results = directorySearcher.FindAll
The result count seems to vary from each execution of the application which I find odd. I'm not sure if this is a reliable way of getting the users back or if I need to modify something on my search?
954
Use the Get-DistributionGroupMember cmdlet to view the members of distribution groups and mail-enabled security groups.
In Office 365 Admin Center, go to the Exchange option. In the Recipients category, go to Groups and select Distribution list. In the Distribution list, choose the list you want to export externally. When you click on the Export option, it shows two options – Exports groups in this list or Export all groups.
IF you can, do upgrade to .NET 3.5 and use the new much improved System.DirectoryServices.AccountManagement namespace. Great intro for those new classes is found in Managing Directory Security Principals in the .NET Framework 3.5.
With this, your job becomes trivial:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "MyGroup");
PrincipalSearchResult<Principal> members = group.GetMembers();
Does that work for you?
If you cannot use .NET 3.5, you should inspect the member property of the group. The group members are not stored as children logically underneath the group in hierarchy, so you cannot find them by using a DirectorySearcher.
DirectoryEntry group = new DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com");
foreach(object groupMemberDN in group.Properties["member"])
{
// grab the group member's DN
}
See the Quick List of C# Code Examples for Active Directory (or the same for Visual Basic .NET) in the MSDN library for this snippet and more.
Update: if you need the users belonging to a particular group (since you want to update their properties or something), you could reverse the approach: search for all the users who have a memberOf property equivalent to the group's DN:
DirectoryEntry root = new DirectoryEntry("LDAP://dc=domain,dc=com");
DirectorySearcher searcher = new DirectorySearcher(root);
searcher.Filter = "(&(objectCategory=user)(memberOf=CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com))";
// set other properties on the searcher
foreach(object result in searcher.FindAll())
{
// do whatever you need to do with the entry
}
Scope your search wider, wherever the members may be:
Dim directoryEntry As New DirectoryEntry("LDAP://OU=All,DC=Domain,DC=com")
Filter based on group membership:
directorySearcher.Filter = "(&(objectCategory=person)" & _
"(objectClass=user)" & _
"(memberOf=CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com))"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
