LDAP Gettling a list of logon names

Question

I have the need in my program to get the list of user logon names in a group.

This is what I have so far but it only returns all the users...which I need cut down to those in a group, of which i have the name of.

Option Explicit On
Imports System.DirectoryServices
Imports System.DirectoryServices.ActiveDirectory

Module Module1
    Sub Main()
        Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://OU=Users,OU=Irvine,OU=KNS,DC=corp,DC=kns,DC=com")
        Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)

        Dim oResults As DirectoryServices.SearchResultCollection
        Dim oResult As DirectoryServices.SearchResult

        '  THIS DOESNT WORK
        '  objSearch.Filter = "department = engineering"

        oResults = objSearch.FindAll

        For Each oResult In oResults
            Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value)
        Next
    End Sub
End Module

Answer 1

Try changing the filer to

objSearch.Filter = "(&(objectCategory=user)(memberOf=CN=Employees,OU=Security Groups,DC=yourdomain,DC=com))"

The group is Employees.

Source : How to write a LDAP search filter

Note: I couldn't test this. Let me know if it works or not.

Answer 2

I tried this and it didnt work

Sub Main()

    Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://OU=Groups,OU=Irvine,OU=KNS,DC=corp,DC=kns,DC=com")
    Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)

    Dim oResults As DirectoryServices.SearchResultCollection
    Dim oResult As DirectoryServices.SearchResult
    objSearch.Filter = "(&(objectCategory=user)(memberOf=CN=IRV_Engineering_Group,OU=Groups,OU=KNS,DC=kns,DC=com))"



   oResults = objSearch.FindAll


    For Each oResult In oResults

        Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value)

    Next

End Sub

Answer 3

If you want all members of a group, try this:

1) bind to the group:

DirectoryEntry theGroup = 
   new DirectoryEntry("LDAP://cn=YourGroupname,ou=SomeOU,dc=YourCompany,dc=com");

2) Then, enumerate its members - it's the "member" property of the group's DirectoryEntry:

foreach(object dn in theGroup.Properties["member"])
{
   Console.WriteLine(dn);
}

Each entry in the group's "member" property should be the full DN (distinguished name) of its members - users or other groups.

Your question says you're trying to enumerate the members of a group - yet your code looks more like you're trying to enumerate everything inside an OU (organizational unit) - those two tasks are quite different! Which do you really need?

You can find a Quick List for Visual Basic.NET Code Samples on the MSDN library, or you can learn more about How to do almost everything in Active Directory on CodeProject (with C# samples).

Marc

Answer 4

    Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://ou=users,ou=irvine,ou=kns,dc=corp,dc=kns,dc=com")
    Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)

    Dim oResults As DirectoryServices.SearchResultCollection
    Dim oResult As DirectoryServices.SearchResult

    objSearch.Filter = "(&(objectCategory=person)(objectClass=user)(department=Engineering)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
    oResults = objSearch.FindAll

    For Each oResult In oResults
        Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value)
    Next

this worked!!

Answer 5

A number of years ago I built a AD component that we use often just for this task. Try this.

Public Function GetUsersInGroup(ByVal GroupName As String) As String()
        If GroupName = String.Empty Then Return Nothing
        Dim Users() As String = Nothing
        Dim S As String = "LDAP://DC=YourCompany,DC=com"
        Dim Parent As New DirectoryServices.DirectoryEntry(S)
        Dim Search As New DirectoryServices.DirectorySearcher(Parent)

        Search.SearchScope = DirectoryServices.SearchScope.Subtree
        Search.Filter = "(CN=" & GroupName & ")"
        Search.PropertiesToLoad.Add("member")

        Dim Result As DirectoryServices.SearchResult = Search.FindOne
        Dim prop_value As String, i As Integer = 0
        If Result IsNot Nothing Then
            If Result.Properties("member").Count > 0 Then
                ReDim Users(Result.Properties("member").Count - 1)
                For Each prop_value In Result.Properties("member")
                    Dim S2 As New DirectoryServices.DirectorySearcher(Parent)
                    S2.SearchScope = DirectoryServices.SearchScope.Subtree
                    S2.Filter = "(" & prop_value.Substring(0, prop_value.IndexOf(","c)) & ")"
                    S2.PropertiesToLoad.Add("SAMAccountName")
                    Dim R2 As DirectoryServices.SearchResult = S2.FindOne
                    For Each Prop As String In R2.Properties("SAMAccountName")
                        Users(i) = Prop.ToUpper
                        i = i + 1
                    Next
                Next
                Exit For
            End If
        End If
End Function

Lots of information can be pulled from AD if you know where to look for it.