[RESOLVED] Querying Active Directory Groups using VB2010

Good evening

I really hope that someone out there in the forumsphere can help me with something that's been driving me crazy all day.

My company (a contact centre) runs a piece of web-based software which we can script so that our end users can capture information obtained from callers to our many helplines. The whole thing is back-ended onto SQL, with access to it being controlled by a single SQL 2005 database. Until now, if I want to grant users access to a particular campaign database I need to go in and manually create them a user record (if they don't have one already) and then assign them the permissions to access a particular campaign. This has been fine up to now, but the requests to add new users to the system, or grant new permissions to existing users, have become more and more frequent, as has the number of users that I'm having to create/modify.

What I would like to be able to do is write a small VB application which could query the names of users in a pre-determined set of Security Groups on Active Directory. That information could then be passed to a series of SQL Stored Procedures which would create new users (if necessary) and assign the database access permissions. However, I'm stumped as to how to go about doing it. Years ago I had VB.NET 2002 code which could interrogate a user's Active Directory record to find out if s/he had membership of a particular group, but I'm now looking to do it the other way round.

At this stage, I should let you know that although I have some knowledge of VB.NET, I'm by no means an expert in the field so I'd be grateful if any suggestions could be mindful of my lack of knowledge in this matter.

Many thanks in advance.


Ian Henderson

These 2 functions should get you what you need.

The parameter ldapPath is the ldap path string for your company domain. For example, if your company domain is "example.net" and the domain controller is 192.168.0.254 then ldapPath = "LDAP://192.168.0.254/DC=example,DC=net".

adminAccount is the domain userID that has domain administrator privilege, i.e. "example\Administrator". adminPwd is the password for adminAccount.


Don't forget to add a reference to System.DirectoryServices to your project.

vb.net Code:

Imports System.DirectoryServices
'This function returns a list of all security groups in the domain directory
Public Function GetSecurityGroupList(ByVal ldapPath As String, adminAccount As String, ByVal adminPwd As String) As List(Of String)
        Dim grpLst As New List(Of String)
        Using rootEntry As New DirectoryEntry(ldapPath, adminAccount, adminPwd)
            Using searcher As New DirectorySearcher(_rootEntry)
                searcher.Filter = "(&(ObjectClass=Group))"
                Using results As SearchResultCollection = searcher.FindAll
                    For Each grp As SearchResult In results
                        grpLst.Add(grp.GetDirectoryEntry.Name.Substring(3))
                    Next
                    grpLst.Sort()
                End Using
            End Using
        End Using
        Return grpLst
    End Function
 
'This function returns a datatable containing all users that are members of a given security group.
    Public Function GetGroupMembers(ByVal groupName As String, ByVal ldapPath As String, adminAccount As String, ByVal adminPwd As String) As DataTable
        Dim dt As New DataTable(groupName)
        With dt.Columns
            .Add("AccountID", GetType(String))
            .Add("FirstName", GetType(String))
            .Add("LastName", GetType(String))
            .Add("DisplayName", GetType(String))
            .Add("AccountDisabled", GetType(Boolean))
        End With
 
        Using rootEntry As New DirectoryEntry(ldapPath, adminAccount, adminPwd)
            Using searcher As New DirectorySearcher(rootEntry)
                If groupName.ToUpper = "DOMAIN USERS" Then
                    searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
                    Using results As SearchResultCollection = searcher.FindAll
                        Dim user As DirectoryEntry = Nothing
                        For Each result As SearchResult In results
                            user = result.GetDirectoryEntry
                            Dim props As PropertyCollection = user.Properties
                            dt.Rows.Add(props("sAMAccountName").Value, props("givenName").Value, props("sn").Value, props("displayName").Value, CBool(user.InvokeGet("AccountDisabled")))
                        Next
                    End Using
                Else
                    searcher.Filter = String.Format("(&(ObjectClass=Group)(CN={0}))", groupName)
                    Dim result As SearchResult = searcher.FindOne
                    Dim members As Object = result.GetDirectoryEntry.Invoke("Members", Nothing) '<<< Get members
                    For Each member As Object In CType(members, IEnumerable)  '<<< loop through members
                        Dim currentMember As New DirectoryEntry(member) '<<< Get directoryentry for user
                        If currentMember.SchemaClassName.ToLower = "user" Then
                            Dim props As PropertyCollection = currentMember.Properties
                            dt.Rows.Add(props("sAMAccountName").Value, props("givenName").Value, props("sn").Value, props("displayName").Value, CBool(currentMember.InvokeGet("AccountDisabled")))
                        End If
                    Next
                End If
            End Using
        End Using
        Return dt
    End Function

Stanav

You're a legend. I've now taken the second function (GetGroupMembers) and have been able to scan through a specified group and extract the appropriate information using it. My next trick is to write the code that will then inject that information into my SQL database, creating the user if necessary and updating where needed.

Many thanks

On the back of the information provided by stanav, can anyone tell me where I can find a full list of the properties that could be retrieved by the code that's been provided?

Thanks

When searching for these kind of information, MSDN is usually my first place to go to. Of course I do use Google :) Try this:
http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx