Get a list of members of a WinNT group (C#)

Question

There are a couple of questions similar to this on stack overflow but not quite the same.

I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an exception.

So far I started using the DirectoryEntry object with the WinNT:// provider. This is going ok but I'm stuck on how to get a list of members of a group?

Anyone know how to do this? Or provide a better solution than using DirectoryEntry?

Answer 1

You should be able to find this information inside the "member" attribute on the DirectoryEntry that represents the group.

Answer 2

Microsoft .NET Framework provides a standard library for working with Active Directory: System.DirectoryServices namespace in the System.DirectoryServices.dll.

Microsoft recommends using two main classes from the System.DirectoryServices namespace: DirectoryEntry and DirectorySearcher. In most cases, it is enough to use DirectorySearcher class only.

UPDATE: I tested it on my machine - it works. But maybe I've misunderstood your question.

Here is an example from an excellent CodeProject article:

Get a list of users belonging to a particular AD group

using System.DirectoryServices;

ArrayList GetADGroupUsers(string groupName)
{    
   SearchResult result;
   DirectorySearcher search = new DirectorySearcher();
   search.Filter = String.Format("(cn={0})", groupName);
   search.PropertiesToLoad.Add("member");
   result = search.FindOne();

   ArrayList userNames = new ArrayList();
   if (result != null)
   {
       for (int counter = 0; counter < 
          result.Properties["member"].Count; counter++)
       {
           string user = (string)result.Properties["member"][counter];
               userNames.Add(user);
       }
   }
   return userNames;
}

Answer 3

I did see the member attribute but I can't figure out how to access it from the DirectoryEntry?

Answer 4

Okay, it's taken a while, messing around with different solutions but the one that fits best with my original question is given below. I can't get the DirectoryEntry object to access the members of a local group using the 'standard' methods, the only way I could get it to enumerate the members was by using the Invoke method to call the native objects Members method.

using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
    foreach(object member in (IEnumerable) groupEntry.Invoke("Members"))
    {
        using(DirectoryEntry memberEntry = new DirectoryEntry(member))
        {
            Console.WriteLine(memberEntry.Path);
        }
    }
}

I also used a similar technique to add and remove members from the local group.

Hopefully this helps someone else as well. Keith.

Answer 5

If I have a list of computers and I would like to know the people in the Administrators group.

how do I do that with the above script?