-
Aug 8th, 2008, 01:50 PM
#1
Get all members of an Active Directory group or local group
You can use this to find a list of all of the members of any group in AD. You will need to add a reference to System.DirectoryServices first though.
vb.net Code:
'Change the OU path and group name to suit your environment Dim GroupDE As New DirectoryEntry("LDAP://CN=YourGroupName,OU=YourGroupsOU,DC=yourdomainname,DC=com") Dim Members As Object = GroupDE.Invoke("Members", Nothing) '<<< Get members For Each Member As Object In CType(Members, IEnumerable) '<<< loop through members Dim CurrentMember As New DirectoryEntry(Member) '<<< Get directoryentry for user MessageBox.Show(CurrentMember.Name.Remove(0, 3)) '<<< Show each user's name in a messagebox Next 'NOTE: You should also dispose of each DirectoryEntry that you use, either by using the Dispose method or by using a "Using" statement. I haven't included this in my example above just to keep it short and to the point.
As you can see in my example, I am just displaying all of the members names in a messagebox but if you want to get different attributes instead of just the name then remove that line and use the DirectoryEntry object for each member to get whatever attributes you want
Note that you can also get group members by using the "members" attribute of a group (e.g cast GroupDE.Properties("members").Value to an array of strings and each string will be the full LDAP path to each member so you can then bind a new DirectoryEntry to that path) but I believe there are some slight differences in the way that this works when compared to just invoking the Members method (like I do in the code example above).
Hope it helps someone out
Chris
Last edited by chris128; Dec 30th, 2013 at 02:20 PM.
Reason: Improved code example and explanation
-
Nov 3rd, 2009, 07:29 AM
#2
Re: Get all members of an Active Directory group
Just to add to this, you can use a similar technique for getting group members from a local computer. Just use the WinNT provider instead of the LDAP provider.
Here is an example that gets the users of the local Administrators group from a specified computer:
vb.net Code:
Dim MachineName As String = "Some_PC_Name" '<<< Put the PC name or IP here that you want to connect to
Dim Admins As New DirectoryEntry("WinNT://" & MachineName & "/Administrators") 'Connect to machine
Dim Members As Object = Admins.Invoke("Members", Nothing) 'Get members
For Each Member As Object In CType(Members, IEnumerable) 'loop through members
Dim CurrentMember As New DirectoryEntry(Member) 'Get directoryentry for user
MessageBox.Show(CurrentMember.Name) 'Show the user's name in a messagebox
Next
-
Jun 22nd, 2010, 02:13 PM
#3
New Member
Re: Get all members of an Active Directory group or local group
Excellent post. What if I wanted to enumerate all users on a local computer, and not just ones from a specific group?
-
Jun 22nd, 2010, 02:14 PM
#4
New Member
Re: Get all members of an Active Directory group or local group
Originally Posted by BertMan
Excellent post. What if I wanted to enumerate all users on a local computer, and not just ones from a specific group?
Sorry, meant to specify using the WinNT provider....
-
Jun 22nd, 2010, 04:19 PM
#5
Re: Get all members of an Active Directory group or local group
-
Jun 23rd, 2010, 12:57 PM
#6
New Member
Re: Get all members of an Active Directory group or local group
Thanks!!
Can you explain to me or point me to some documentation that explains where the WinNT provider is pulling this info? Also, I am going to need to do a lot of queries to local accounts, and if there is something out there that can list all the different properties and methods that would be great. For example, the next thing I need to do is find out if a local account is disabled, and disable it if need be. Where do I find out what properties are availible to the user object?
-
Jun 23rd, 2010, 12:59 PM
#7
New Member
Re: Get all members of an Active Directory group or local group
Sorry, just realized that I am in the code bank section. Mods, feel free to delete my posts and I will post in the correct location.
-
Jun 24th, 2010, 03:56 AM
#8
Re: Get all members of an Active Directory group or local group
Originally Posted by BertMan
Thanks!!
Can you explain to me or point me to some documentation that explains where the WinNT provider is pulling this info? Also, I am going to need to do a lot of queries to local accounts, and if there is something out there that can list all the different properties and methods that would be great. For example, the next thing I need to do is find out if a local account is disabled, and disable it if need be. Where do I find out what properties are availible to the user object?
I've no idea how exactly the WinNT provider gets the information I'm afraid but here is a reference of all the properties that you should be able to get from a user account you retrieved with it: http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx and there is also this article that mentions some properties which are not available when using the WinNT provider: http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx
-
Sep 12th, 2010, 04:52 AM
#9
New Member
Re: Get all members of an Active Directory group or local group
Hi Chris,
very great code for the group members in the active directory, but I habe a little problem:
I must use the result of the Listbox to query another database.
If I select a item in the List box i can´t use it for the other query.
I tested to show me the selected item in a textbox.text, but it doesn´t work.
I don´t find the bug in the code.
Can you help me, please?
best regards
Daniel
-
Sep 12th, 2010, 07:27 AM
#10
Re: Get all members of an Active Directory group or local group
Originally Posted by DanLen
Hi Chris,
very great code for the group members in the active directory, but I habe a little problem:
I must use the result of the Listbox to query another database.
If I select a item in the List box i can´t use it for the other query.
I tested to show me the selected item in a textbox.text, but it doesn´t work.
I don´t find the bug in the code.
Can you help me, please?
best regards
Daniel
That sounds like nothing to do with this code, just general coding advice, so post it in the VB.NET forum
-
Sep 19th, 2010, 01:42 PM
#11
New Member
Re: Get all members of an Active Directory group or local group
Hi Chris
Great post!
I have 2 questions.
1. Is it possible to list the domains of the users?....Domain\useraccount
MachineName\Administrator.
2. Is it possible to connect to the WinNT provider with administrative credentials?
Thanks
-
Sep 20th, 2010, 04:46 PM
#12
New Member
Re: Get all members of an Active Directory group
Originally Posted by chris128
Just to add to this, you can use a similar technique for getting group members from a local computer. Just use the WinNT provider instead of the LDAP provider.
Here is an example that gets the users of the local Administrators group from a specified computer:
vb.net Code:
Dim MachineName As String = "Some_PC_Name" '<<< Put the PC name or IP here that you want to connect to
Dim Admins As New DirectoryEntry("WinNT://" & MachineName & "/Administrators") 'Connect to machine
Dim Members As Object = Admins.Invoke("Members", Nothing) 'Get members
For Each Member As Object In CType(Members, IEnumerable) 'loop through members
Dim CurrentMember As New DirectoryEntry(Member) 'Get directoryentry for user
MessageBox.Show(CurrentMember.Name) 'Show the user's name in a messagebox
Next
Hi Chris excellent post.
How can you authenticate with an admin account when using the winNT provider to get the local admin group members?
Thanks
-
Dec 17th, 2013, 04:44 AM
#13
New Member
Re: Get all members of an Active Directory group or local group
Hi from Bavaria,
sorry for reviving this thread...
How should this code be modified to get displayed the "display name" oder "description" or sth else instead of the Username ?
Writing a little application for an normal looser user to query ldap to check who of his co-workers are in certain AD groups.
Usernames are not descritptiv in our environment
thanks !
-
Dec 17th, 2013, 10:22 PM
#14
Re: Get all members of an Active Directory group or local group
Originally Posted by hellvis
Hi from Bavaria,
sorry for reviving this thread...
How should this code be modified to get displayed the "display name" oder "description" or sth else instead of the Username ?
Writing a little application for an normal looser user to query ldap to check who of his co-workers are in certain AD groups.
Usernames are not descritptiv in our environment
thanks !
Instead of getting the Name property of the DirectoryEntry, just use the Properties collection and specify the LDAP name of the attribute you want to get. So in your case that would be "displayName" or "description". So for example:
Code:
For Each Member As Object In CType(Members, IEnumerable) '<<< loop through members
Dim CurrentMember As New DirectoryEntry(Member) '<<< Get directoryentry for user
ListBox1.Items.Add(CurrentMember.Properties("displayName").Value) '<<< Add user's display name to listbox
Next
Something like that
-
Dec 27th, 2013, 05:03 AM
#15
New Member
Re: Get all members of an Active Directory group or local group
Hmpf so easy, thanks a lot !
Ha, just recognized you are THIS Chris, world is so small!
I am still using your tool NTFS Permissions Reporter and the free version of AD Photo Edit.
Greets, Simon
-
Dec 30th, 2013, 02:08 PM
#16
Re: Get all members of an Active Directory group or local group
Originally Posted by hellvis
Hmpf so easy, thanks a lot !
Ha, just recognized you are THIS Chris, world is so small!
I am still using your tool NTFS Permissions Reporter and the free version of AD Photo Edit.
Greets, Simon
haha yes it is a small world Glad you're finding my tools useful and hope the .NET code helps you out as well
Also, I've just updated the original post in this thread to clean up the code example and add some additional notes and explanations.
Last edited by chris128; Dec 30th, 2013 at 02:21 PM.
-
Jan 2nd, 2014, 08:36 AM
#17
New Member
Re: Get all members of an Active Directory group or local group
One more question...general coding but relating to this topic. Read through hundreds of threads but still to stupid.
I list all members of a given AD group in a CheckedListBox.
Checked items shall be added to another AD Group "GroupA" , my code is like this :
Refering to M$ http://msdn.microsoft.com/en-us/libr...=vs.80%29.aspx
Code:
Private Sub Button8_Click_1(sender As System.Object, e As System.EventArgs) Handles Button8.Click
Dim group As New DirectoryEntry("LDAP://CN=GroupA,OU=Groups,DC=XXX,DC=de")
group.Properties("member").Add(CheckedListBox1.CheckedItems)
group.CommitChanges()
End Sub
In some thread i read to replace
group.Properties("member").Add(CheckedListBox1.CheckedItems)
by
group.Invoke("Add", New Object() {CheckedListBox1.Items})
Well, both no working.
VS is linking me to M$ http://msdn.microsoft.com/query/dev1...ng-VB)&rd=true
I am sure you'll be laughing, but you can help me :-)
Thx, Simon
-
Jan 2nd, 2014, 10:00 AM
#18
Re: Get all members of an Active Directory group or local group
Well it depends what you've got in your listbox items. If I remember rightly the string you need to pass in to the Add method is the distinguished name (aka LDAP path) of the member you want to add (e.g CN=User1,OU=blah,DC=domain,DC=de). I don't think you can pass in multiple members at once either, so that might be why your code is failing (because you're passing in the CheckedItems property or Items property, and that is a list/array of items rather than a single item). So you would need to do a loop through the checked items like so:
Code:
For Each MemberPath As String In CheckedListBox1.CheckedItems
group.Invoke("Add", New Object() {MemberPath})
Next
group.commitchanges
Sorry if that doesn't work exactly, it is just off the top of my head. Hopefully points you in the right direction though
-
Jan 8th, 2014, 04:28 AM
#19
New Member
Re: Get all members of an Active Directory group or local group
Hi Chris,
Yes, thanks for pointing me!
Solved it like this:
Code:
Dim group As New DirectoryEntry("LDAP://CN=Groupname,OU=XXX-Groups,DC=XXX,DC=de")
For Each MemberPath As DirectoryEntry In CheckedListBox1.CheckedItems
Dim User As String
User = MemberPath.Name
group.Properties("member").Add(User & ",OU=XXX-Users,DC=XXX,DC=de")
Next
group.CommitChanges()
Thanks ! Simon
Last edited by hellvis; Jan 15th, 2014 at 10:03 AM.
-
Sep 17th, 2015, 08:22 AM
#20
New Member
Re: Get all members of an Active Directory group or local group
Sorry to revive this one again, but I am using your code to get the membership of the admins group on a server. There are AD and local groups nested in the group membership. Is there a way to determine if a group is local vs an AD group?
-
Feb 24th, 2017, 08:58 PM
#21
New Member
Re: Get all members of an Active Directory group or local group
Originally Posted by ngage
Sorry to revive this one again, but I am using your code to get the membership of the admins group on a server. There are AD and local groups nested in the group membership. Is there a way to determine if a group is local vs an AD group?
Parse the ADsPath to identify local vs AD group (ref: https://blogs.technet.microsoft.com/...-domain-users/)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|