Results 1 to 21 of 21

Thread: Get all members of an Active Directory group or local group

  1. #1

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Get all members of an Active Directory group or local group

    You can use this to find a list of all of the members of any group in AD. You will need to add a reference to System.DirectoryServices first though.
    vb.net Code:
    1. 'Change the OU path and group name to suit your environment
    2. Dim GroupDE As New DirectoryEntry("LDAP://CN=YourGroupName,OU=YourGroupsOU,DC=yourdomainname,DC=com")
    3.  
    4. Dim Members As Object = GroupDE.Invoke("Members", Nothing) '<<< Get members
    5. For Each Member As Object In CType(Members, IEnumerable)  '<<< loop through members
    6.   Dim CurrentMember As New DirectoryEntry(Member) '<<< Get directoryentry for user
    7.   MessageBox.Show(CurrentMember.Name.Remove(0, 3))  '<<< Show each user's name in a messagebox
    8. Next
    9.  
    10. 'NOTE: You should also dispose of each DirectoryEntry that you use, either by using the Dispose method or by using a "Using" statement. I haven't included this in my example above just to keep it short and to the point.

    As you can see in my example, I am just displaying all of the members names in a messagebox but if you want to get different attributes instead of just the name then remove that line and use the DirectoryEntry object for each member to get whatever attributes you want

    Note that you can also get group members by using the "members" attribute of a group (e.g cast GroupDE.Properties("members").Value to an array of strings and each string will be the full LDAP path to each member so you can then bind a new DirectoryEntry to that path) but I believe there are some slight differences in the way that this works when compared to just invoking the Members method (like I do in the code example above).

    Hope it helps someone out

    Chris
    Last edited by chris128; Dec 30th, 2013 at 02:20 PM. Reason: Improved code example and explanation
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  2. #2

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group

    Just to add to this, you can use a similar technique for getting group members from a local computer. Just use the WinNT provider instead of the LDAP provider.

    Here is an example that gets the users of the local Administrators group from a specified computer:

    vb.net Code:
    1. Dim MachineName As String = "Some_PC_Name" '<<< Put the PC name or IP here that you want to connect to
    2. Dim Admins As New DirectoryEntry("WinNT://" & MachineName & "/Administrators") 'Connect to machine
    3.                
    4. Dim Members As Object = Admins.Invoke("Members", Nothing) 'Get members
    5. For Each Member As Object In CType(Members, IEnumerable)  'loop through members
    6.           Dim CurrentMember As New DirectoryEntry(Member) 'Get directoryentry for user
    7.           MessageBox.Show(CurrentMember.Name) 'Show the user's name in a messagebox
    8. Next
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  3. #3
    New Member
    Join Date
    Jun 2010
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Excellent post. What if I wanted to enumerate all users on a local computer, and not just ones from a specific group?

  4. #4
    New Member
    Join Date
    Jun 2010
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Quote Originally Posted by BertMan View Post
    Excellent post. What if I wanted to enumerate all users on a local computer, and not just ones from a specific group?
    Sorry, meant to specify using the WinNT provider....

  5. #5

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group or local group

    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  6. #6
    New Member
    Join Date
    Jun 2010
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Thanks!!

    Can you explain to me or point me to some documentation that explains where the WinNT provider is pulling this info? Also, I am going to need to do a lot of queries to local accounts, and if there is something out there that can list all the different properties and methods that would be great. For example, the next thing I need to do is find out if a local account is disabled, and disable it if need be. Where do I find out what properties are availible to the user object?

  7. #7
    New Member
    Join Date
    Jun 2010
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Sorry, just realized that I am in the code bank section. Mods, feel free to delete my posts and I will post in the correct location.

  8. #8

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group or local group

    Quote Originally Posted by BertMan View Post
    Thanks!!

    Can you explain to me or point me to some documentation that explains where the WinNT provider is pulling this info? Also, I am going to need to do a lot of queries to local accounts, and if there is something out there that can list all the different properties and methods that would be great. For example, the next thing I need to do is find out if a local account is disabled, and disable it if need be. Where do I find out what properties are availible to the user object?
    I've no idea how exactly the WinNT provider gets the information I'm afraid but here is a reference of all the properties that you should be able to get from a user account you retrieved with it: http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx and there is also this article that mentions some properties which are not available when using the WinNT provider: http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  9. #9
    New Member
    Join Date
    Sep 2010
    Posts
    2

    Re: Get all members of an Active Directory group or local group

    Hi Chris,
    very great code for the group members in the active directory, but I habe a little problem:

    I must use the result of the Listbox to query another database.
    If I select a item in the List box i can´t use it for the other query.
    I tested to show me the selected item in a textbox.text, but it doesn´t work.

    I don´t find the bug in the code.

    Can you help me, please?

    best regards
    Daniel

  10. #10

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group or local group

    Quote Originally Posted by DanLen View Post
    Hi Chris,
    very great code for the group members in the active directory, but I habe a little problem:

    I must use the result of the Listbox to query another database.
    If I select a item in the List box i can´t use it for the other query.
    I tested to show me the selected item in a textbox.text, but it doesn´t work.

    I don´t find the bug in the code.

    Can you help me, please?

    best regards
    Daniel
    That sounds like nothing to do with this code, just general coding advice, so post it in the VB.NET forum
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  11. #11
    New Member
    Join Date
    Sep 2010
    Posts
    1

    Re: Get all members of an Active Directory group or local group

    Hi Chris

    Great post!

    I have 2 questions.

    1. Is it possible to list the domains of the users?....Domain\useraccount
    MachineName\Administrator.
    2. Is it possible to connect to the WinNT provider with administrative credentials?

    Thanks

  12. #12
    New Member
    Join Date
    Sep 2010
    Posts
    0

    Re: Get all members of an Active Directory group

    Quote Originally Posted by chris128 View Post
    Just to add to this, you can use a similar technique for getting group members from a local computer. Just use the WinNT provider instead of the LDAP provider.

    Here is an example that gets the users of the local Administrators group from a specified computer:

    vb.net Code:
    1. Dim MachineName As String = "Some_PC_Name" '<<< Put the PC name or IP here that you want to connect to
    2. Dim Admins As New DirectoryEntry("WinNT://" & MachineName & "/Administrators") 'Connect to machine
    3.                
    4. Dim Members As Object = Admins.Invoke("Members", Nothing) 'Get members
    5. For Each Member As Object In CType(Members, IEnumerable)  'loop through members
    6.           Dim CurrentMember As New DirectoryEntry(Member) 'Get directoryentry for user
    7.           MessageBox.Show(CurrentMember.Name) 'Show the user's name in a messagebox
    8. Next
    Hi Chris excellent post.

    How can you authenticate with an admin account when using the winNT provider to get the local admin group members?

    Thanks

  13. #13
    New Member
    Join Date
    Dec 2013
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Hi from Bavaria,

    sorry for reviving this thread...

    How should this code be modified to get displayed the "display name" oder "description" or sth else instead of the Username ?
    Writing a little application for an normal looser user to query ldap to check who of his co-workers are in certain AD groups.
    Usernames are not descritptiv in our environment

    thanks !

  14. #14

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group or local group

    Quote Originally Posted by hellvis View Post
    Hi from Bavaria,

    sorry for reviving this thread...

    How should this code be modified to get displayed the "display name" oder "description" or sth else instead of the Username ?
    Writing a little application for an normal looser user to query ldap to check who of his co-workers are in certain AD groups.
    Usernames are not descritptiv in our environment

    thanks !
    Instead of getting the Name property of the DirectoryEntry, just use the Properties collection and specify the LDAP name of the attribute you want to get. So in your case that would be "displayName" or "description". So for example:

    Code:
    For Each Member As Object In CType(Members, IEnumerable)  '<<< loop through members
    
    Dim CurrentMember As New DirectoryEntry(Member) '<<< Get directoryentry for user
    
    ListBox1.Items.Add(CurrentMember.Properties("displayName").Value)  '<<< Add user's display name to listbox
    
    Next
    Something like that
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  15. #15
    New Member
    Join Date
    Dec 2013
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Hmpf so easy, thanks a lot !

    Ha, just recognized you are THIS Chris, world is so small!
    I am still using your tool NTFS Permissions Reporter and the free version of AD Photo Edit.
    Greets, Simon

  16. #16

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group or local group

    Quote Originally Posted by hellvis View Post
    Hmpf so easy, thanks a lot !

    Ha, just recognized you are THIS Chris, world is so small!
    I am still using your tool NTFS Permissions Reporter and the free version of AD Photo Edit.
    Greets, Simon
    haha yes it is a small world Glad you're finding my tools useful and hope the .NET code helps you out as well

    Also, I've just updated the original post in this thread to clean up the code example and add some additional notes and explanations.
    Last edited by chris128; Dec 30th, 2013 at 02:21 PM.
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  17. #17
    New Member
    Join Date
    Dec 2013
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    One more question...general coding but relating to this topic. Read through hundreds of threads but still to stupid.

    I list all members of a given AD group in a CheckedListBox.

    Checked items shall be added to another AD Group "GroupA" , my code is like this :
    Refering to M$ http://msdn.microsoft.com/en-us/libr...=vs.80%29.aspx

    Code:
    Private Sub Button8_Click_1(sender As System.Object, e As System.EventArgs) Handles Button8.Click
           
            Dim group As New DirectoryEntry("LDAP://CN=GroupA,OU=Groups,DC=XXX,DC=de")
      
            group.Properties("member").Add(CheckedListBox1.CheckedItems)
          
            group.CommitChanges()
        End Sub

    In some thread i read to replace

    group.Properties("member").Add(CheckedListBox1.CheckedItems)
    by
    group.Invoke("Add", New Object() {CheckedListBox1.Items})


    Well, both no working.
    VS is linking me to M$ http://msdn.microsoft.com/query/dev1...ng-VB)&rd=true


    I am sure you'll be laughing, but you can help me :-)

    Thx, Simon

  18. #18

    Thread Starter
    Pro Grammar chris128's Avatar
    Join Date
    Jun 2007
    Location
    England
    Posts
    7,604

    Re: Get all members of an Active Directory group or local group

    Well it depends what you've got in your listbox items. If I remember rightly the string you need to pass in to the Add method is the distinguished name (aka LDAP path) of the member you want to add (e.g CN=User1,OU=blah,DC=domain,DC=de). I don't think you can pass in multiple members at once either, so that might be why your code is failing (because you're passing in the CheckedItems property or Items property, and that is a list/array of items rather than a single item). So you would need to do a loop through the checked items like so:

    Code:
    For Each MemberPath As String In CheckedListBox1.CheckedItems
       group.Invoke("Add", New Object() {MemberPath})
    Next
    group.commitchanges
    Sorry if that doesn't work exactly, it is just off the top of my head. Hopefully points you in the right direction though
    My free .NET Windows API library (Version 2.2 Released 12/06/2011)

    Blog: cjwdev.wordpress.com
    Web: www.cjwdev.co.uk


  19. #19
    New Member
    Join Date
    Dec 2013
    Posts
    4

    Re: Get all members of an Active Directory group or local group

    Hi Chris,

    Yes, thanks for pointing me!
    Solved it like this:

    Code:
      Dim group As New DirectoryEntry("LDAP://CN=Groupname,OU=XXX-Groups,DC=XXX,DC=de")
    
                For Each MemberPath As DirectoryEntry In CheckedListBox1.CheckedItems
    
                    Dim User As String
    
                    User = MemberPath.Name
                    
                    group.Properties("member").Add(User & ",OU=XXX-Users,DC=XXX,DC=de")
    
                Next
    
                group.CommitChanges()


    Thanks ! Simon
    Last edited by hellvis; Jan 15th, 2014 at 10:03 AM.

  20. #20
    New Member
    Join Date
    Sep 2015
    Posts
    1

    Re: Get all members of an Active Directory group or local group

    Sorry to revive this one again, but I am using your code to get the membership of the admins group on a server. There are AD and local groups nested in the group membership. Is there a way to determine if a group is local vs an AD group?

  21. #21
    New Member
    Join Date
    Feb 2017
    Posts
    1

    Re: Get all members of an Active Directory group or local group

    Quote Originally Posted by ngage View Post
    Sorry to revive this one again, but I am using your code to get the membership of the admins group on a server. There are AD and local groups nested in the group membership. Is there a way to determine if a group is local vs an AD group?
    Parse the ADsPath to identify local vs AD group (ref: https://blogs.technet.microsoft.com/...-domain-users/)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width