Get all members of an Active Directory group or local group

**chris128** · Aug 8th, 2008, 01:50 PM

Sorry if anyone else has already posted something similar but I did search and didnt see anything

I helped someone out with this in a thread today/yesterday and thought I'd post it here for others to use in the future if they want to do a similar thing.

You can use this to find a list of all of the members of any group in AD. You will need to add a reference to System.DirectoryServices first though.

vb.net Code:

Dim GroupSearcher As New DirectorySearcher
'Change the OU path, domain and domain admin details
Dim GroupSearchRoot As New DirectoryEntry("LDAP://OU=YourGroupsOU,DC=yourdomainname,DC=com", "Your_Domain_Admin", "Admin_Password")
 
With GroupSearcher   
       .SearchRoot = GroupSearchRoot     
       .Filter = "(&(ObjectClass=Group)(CN=YourGroupName))"  '<<< Change the Group name here
End With
 
Dim Members As Object = GroupSearcher.FindOne.GetDirectoryEntry.Invoke("Members", Nothing) '<<< Get members
For Each Member As Object In CType(Members, IEnumerable)  '<<< loop through members
  Dim CurrentMember As New DirectoryEntry(Member) '<<< Get directoryentry for user
  ListBox1.Items.Add(CurrentMember.Name.Remove(0, 3))  '<<< Add user's CN(common name) to listbox
Next

As you can see in my example, I am using a listbox named Listbox1 to display all of the user's names. If you dont want to do that then just remove that line and use the directoryentry object for each user to get whatever attributes you want etc

Hope it helps someone out

Chris

**chris128** · Nov 3rd, 2009, 06:29 AM

Just to add to this, you can use a similar technique for getting group members from a local computer. Just use the WinNT provider instead of the LDAP provider.

Here is an example that gets the users of the local Administrators group from a specified computer:

vb.net Code:

Dim MachineName As String = "Some_PC_Name" '<<< Put the PC name or IP here that you want to connect to
Dim Admins As New DirectoryEntry("WinNT://" & MachineName & "/Administrators") 'Connect to machine
                
Dim Members As Object = Admins.Invoke("Members", Nothing) 'Get members
For Each Member As Object In CType(Members, IEnumerable)  'loop through members
          Dim CurrentMember As New DirectoryEntry(Member) 'Get directoryentry for user
          MessageBox.Show(CurrentMember.Name) 'Show the user's name in a messagebox
Next

**BertMan** · Jun 22nd, 2010, 02:13 PM

Excellent post. What if I wanted to enumerate all users on a local computer, and not just ones from a specific group?

**BertMan** · Jun 22nd, 2010, 02:14 PM

Originally Posted by BertMan

Excellent post. What if I wanted to enumerate all users on a local computer, and not just ones from a specific group?

Sorry, meant to specify using the WinNT provider....

**chris128** · Jun 22nd, 2010, 04:19 PM

Already thought of that

http://www.vbforums.com/showthread.php?t=590129

**BertMan** · Jun 23rd, 2010, 12:57 PM

Thanks!!

Can you explain to me or point me to some documentation that explains where the WinNT provider is pulling this info? Also, I am going to need to do a lot of queries to local accounts, and if there is something out there that can list all the different properties and methods that would be great. For example, the next thing I need to do is find out if a local account is disabled, and disable it if need be. Where do I find out what properties are availible to the user object?

**BertMan** · Jun 23rd, 2010, 12:59 PM

Sorry, just realized that I am in the code bank section. Mods, feel free to delete my posts and I will post in the correct location.

**chris128** · Jun 24th, 2010, 03:56 AM

Originally Posted by BertMan

Thanks!!

Can you explain to me or point me to some documentation that explains where the WinNT provider is pulling this info? Also, I am going to need to do a lot of queries to local accounts, and if there is something out there that can list all the different properties and methods that would be great. For example, the next thing I need to do is find out if a local account is disabled, and disable it if need be. Where do I find out what properties are availible to the user object?

I've no idea how exactly the WinNT provider gets the information I'm afraid but here is a reference of all the properties that you should be able to get from a user account you retrieved with it: http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx and there is also this article that mentions some properties which are not available when using the WinNT provider: http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx

**DanLen** · Sep 12th, 2010, 04:52 AM

Hi Chris,
very great code for the group members in the active directory, but I habe a little problem:

I must use the result of the Listbox to query another database.
If I select a item in the List box i can´t use it for the other query.
I tested to show me the selected item in a textbox.text, but it doesn´t work.

I don´t find the bug in the code.

Can you help me, please?

best regards
Daniel

**chris128** · Sep 12th, 2010, 07:27 AM

Originally Posted by DanLen

Hi Chris,
very great code for the group members in the active directory, but I habe a little problem:

I must use the result of the Listbox to query another database.
If I select a item in the List box i can´t use it for the other query.
I tested to show me the selected item in a textbox.text, but it doesn´t work.

I don´t find the bug in the code.

Can you help me, please?

best regards
Daniel

That sounds like nothing to do with this code, just general coding advice, so post it in the VB.NET forum

**tonyflora6** · Sep 19th, 2010, 01:42 PM

Hi Chris

Great post!

I have 2 questions.

1. Is it possible to list the domains of the users?....Domain\useraccount
MachineName\Administrator.
2. Is it possible to connect to the WinNT provider with administrative credentials?

Thanks

**tonyflora63** · Sep 20th, 2010, 04:46 PM

Originally Posted by chris128

Just to add to this, you can use a similar technique for getting group members from a local computer. Just use the WinNT provider instead of the LDAP provider.

Here is an example that gets the users of the local Administrators group from a specified computer:

vb.net Code:

Dim MachineName As String = "Some_PC_Name" '<<< Put the PC name or IP here that you want to connect to
Dim Admins As New DirectoryEntry("WinNT://" & MachineName & "/Administrators") 'Connect to machine
                
Dim Members As Object = Admins.Invoke("Members", Nothing) 'Get members
For Each Member As Object In CType(Members, IEnumerable)  'loop through members
          Dim CurrentMember As New DirectoryEntry(Member) 'Get directoryentry for user
          MessageBox.Show(CurrentMember.Name) 'Show the user's name in a messagebox
Next

Hi Chris excellent post.

How can you authenticate with an admin account when using the winNT provider to get the local admin group members?

Thanks

Thread: Get all members of an Active Directory group or local group

Thread Tools

Display

Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group or local group

Re: Get all members of an Active Directory group

Posting Permissions