views:

8378

answers:

5

There are a couple of questions similar to this on stack overflow but not quite the same.

I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an exception.

So far I started using the DirectoryEntry object with the WinNT:// provider. This is going ok but I'm stuck on how to get a list of members of a group?

Anyone know how to do this? Or provide a better solution than using DirectoryEntry?

+1  A: 

You should be able to find this information inside the "member" attribute on the DirectoryEntry that represents the group.

Tim Robinson
+6  A: 

Microsoft .NET Framework provides a standard library for working with Active Directory: System.DirectoryServices namespace in the System.DirectoryServices.dll.

Microsoft recommends using two main classes from the System.DirectoryServices namespace: DirectoryEntry and DirectorySearcher. In most cases, it is enough to use DirectorySearcher class only.

UPDATE: I tested it on my machine - it works. But maybe I've misunderstood your question.

Here is an example from an excellent CodeProject article:

Get a list of users belonging to a particular AD group

using System.DirectoryServices;

ArrayList GetADGroupUsers(string groupName)
{    
   SearchResult result;
   DirectorySearcher search = new DirectorySearcher();
   search.Filter = String.Format("(cn={0})", groupName);
   search.PropertiesToLoad.Add("member");
   result = search.FindOne();

   ArrayList userNames = new ArrayList();
   if (result != null)
   {
       for (int counter = 0; counter < 
          result.Properties["member"].Count; counter++)
       {
           string user = (string)result.Properties["member"][counter];
               userNames.Add(user);
       }
   }
   return userNames;
}
splattne
I think your code only works for active directory groups. I need to get the members of a 'local' group. Like the local Adminstrators group that is setup on all Windows installations, maybe not Vista.
Keith Moore
A: 

I did see the member attribute but I can't figure out how to access it from the DirectoryEntry?

Keith Moore
Can't you access it using the SearchResult.Properties["member"]? See my downvoted example ;-)
splattne
+6  A: 

Okay, it's taken a while, messing around with different solutions but the one that fits best with my original question is given below. I can't get the DirectoryEntry object to access the members of a local group using the 'standard' methods, the only way I could get it to enumerate the members was by using the Invoke method to call the native objects Members method.

using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
    foreach(object member in (IEnumerable) groupEntry.Invoke("Members"))
    {
        using(DirectoryEntry memberEntry = new DirectoryEntry(member))
        {
            Console.WriteLine(memberEntry.Path);
        }
    }
}

I also used a similar technique to add and remove members from the local group.

Hopefully this helps someone else as well. Keith.

Keith Moore
A: 

If I have a list of computers and I would like to know the people in the Administrators group.

how do I do that with the above script?

PK
Perhaps you should start a new thread/question?
Keith Moore