• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2061
  • Last Modified:

Enumerate Local Admin Group

I'm new to Directory Services. I am trying to convert this vbscript to C#. Can anyone give me an example of how to enumerate the Local Administrators group on a WIN2K machine w/ Directory Services. I beleive I need a Searcher, but I can not figure out how to use it...We do not have Active Directory installed on our Domain Controllers but we do have ADSI 2.5 installed on our WIN2K boxes. The vbscript below successfully gives me every domain account assigned to the Local Admin group. If anyone can just help me enumerate the local admin group I would be extremely pleased. I would even be open to using System.Management and WMI...

-------------------------------------------------------------------------------------------------
strComputer = "."
Set colGroups = GetObject("WinNT://" & strComputer & "/" & "Administrators")
For Each objUser in colGroups.Members
       
If objUser.Class = "User" Then

     On Error Resume Next
     'try to connect to user object to see if account is a local user  
     Set oUser = GetObject("WinNT://" & strComputer & "/" & objUser.Name & ",user")

     If Err.Number <> 0 Then
      'user is not local therefore output to screen
       Wscript.Echo objUser.Name
     End If

End If
Next
-------------------------------------------------------------------------------------------------
//What I have so far

string sNode = System.Environment.UserDomainName;
string sGroupName = "Administrators";
string strEntry = "WinNT://" + sNode + "/" + sGroupName;
DirectoryEntry myEntry = new DirectoryEntry(strEntry);
0
acousticsatelite
Asked:
acousticsatelite
  • 4
  • 3
1 Solution
 
ihenryCommented:
It can be done using .NET S.DS API with the WinNT provider. Like so,

using System.DirectoryServices;

string adsPath = "WinNT://theComputerName/Users, Group";
using ( DirectoryEntry group = new DirectoryEntry(adsPath) )
{
      foreach (object o in (IEnumerable) group.Invoke("members") )
      {
            using ( DirectoryEntry user = new DirectoryEntry(o) )
            {
                  Console.WriteLine( "Name: {0}", user.Name );
                  Console.WriteLine( "Full name: {0}", user.Properties["fullName"].Value );
                  Console.WriteLine( "Path: {0}", user.Path );
                  Console.WriteLine( "------------------" );
            }
      }
}

Henry
0
 
acousticsateliteAuthor Commented:
ihenry,

This looks great, however I am only getting the local accounts for the machine returned. Do I need to modify the syntax in order to get domain level accounts which are members of the local admin group for that machine. I am just now gettting into Active Directory so Im sure its something in the /Users, Group"; area of the syntax that I need to modify
0
 
ihenryCommented:
When you're running the code, did you logon with local account or domain account?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
acousticsateliteAuthor Commented:
Domain Account
0
 
ihenryCommented:
Like this?
string adsPath = "WinNT://theComputerName/Administrators, Group";
0
 
acousticsateliteAuthor Commented:
Great, that works ihenry. I did some string manipulation to get rid of the local accounts which where in the Local Admin Group. Now I am left only with Domain accounts, do you have any good Active Directory resources on the web. I think I can handle System.DirectoryServices, but I need to have a foundation in AD first.
0
 
ihenryCommented:
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now