Active Directory Group Members Issue

Question

Hi friends,

I am using the below code to get the members from a group.

private static List<string> GetGroupMembers(string groupName)
{
    Tracer.LogEntrace(groupName);

    List<string> retVal = new List<string>();

    GroupPrincipal groupPrincipal = GroupPrincipal.FindByIdentity
            (new PrincipalContext(ContextType.Domain), IdentityType.SamAccountName,
            groupName);

    PrincipalSearchResult<Principal> principleSearchResult = groupPrincipal.GetMembers(true);

    if (principleSearchResult != null)
    {
       try
       {
          foreach (Principal item in principleSearchResult)
          {
             retVal.Add(item.DistinguishedName);
          }
       }
       catch (Exception ex)
       {
          Tracer.Log(ex.Message);
       }
    }
    else
    {
      //Do Nothing
    }
    Tracer.LogExit(retVal.Count);
    return retVal;
 }

It works well for all groups but when its come to Users group i am getting the below error

"An error (87) occurred while enumerating the groups. The group's SID could not be resolved."

Can any one help regarding this one.

Answer 1

Users in Active Directory is not a group - it's a container. That's why you can't enumerate it like a group - you'll have to enumerate it like an OU (Organizational Unit).

Something like:

// bind to the "Users" container
DirectoryEntry deUsers = new DirectoryEntry("LDAP://CN=Users,DC=yourcompany,DC=com");

// enumerate over its child entries
foreach(DirectoryEntry deChild in deUsers.Children)
{
   // do whatever you need to do to those entries
}