We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Enumerate Local Admin Group

Medium Priority
Last Modified: 2012-05-05
I'm new to Directory Services. I am trying to convert this vbscript to C#. Can anyone give me an example of how to enumerate the Local Administrators group on a WIN2K machine w/ Directory Services. I beleive I need a Searcher, but I can not figure out how to use it...We do not have Active Directory installed on our Domain Controllers but we do have ADSI 2.5 installed on our WIN2K boxes. The vbscript below successfully gives me every domain account assigned to the Local Admin group. If anyone can just help me enumerate the local admin group I would be extremely pleased. I would even be open to using System.Management and WMI...

strComputer = "."
Set colGroups = GetObject("WinNT://" & strComputer & "/" & "Administrators")
For Each objUser in colGroups.Members
If objUser.Class = "User" Then

     On Error Resume Next
     'try to connect to user object to see if account is a local user  
     Set oUser = GetObject("WinNT://" & strComputer & "/" & objUser.Name & ",user")

     If Err.Number <> 0 Then
      'user is not local therefore output to screen
       Wscript.Echo objUser.Name
     End If

End If
//What I have so far

string sNode = System.Environment.UserDomainName;
string sGroupName = "Administrators";
string strEntry = "WinNT://" + sNode + "/" + sGroupName;
DirectoryEntry myEntry = new DirectoryEntry(strEntry);
Watch Question

It can be done using .NET S.DS API with the WinNT provider. Like so,

using System.DirectoryServices;

string adsPath = "WinNT://theComputerName/Users, Group";
using ( DirectoryEntry group = new DirectoryEntry(adsPath) )
      foreach (object o in (IEnumerable) group.Invoke("members") )
            using ( DirectoryEntry user = new DirectoryEntry(o) )
                  Console.WriteLine( "Name: {0}", user.Name );
                  Console.WriteLine( "Full name: {0}", user.Properties["fullName"].Value );
                  Console.WriteLine( "Path: {0}", user.Path );
                  Console.WriteLine( "------------------" );




This looks great, however I am only getting the local accounts for the machine returned. Do I need to modify the syntax in order to get domain level accounts which are members of the local admin group for that machine. I am just now gettting into Active Directory so Im sure its something in the /Users, Group"; area of the syntax that I need to modify

When you're running the code, did you logon with local account or domain account?


Domain Account
Like this?
string adsPath = "WinNT://theComputerName/Administrators, Group";

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Great, that works ihenry. I did some string manipulation to get rid of the local accounts which where in the Local Admin Group. Now I am left only with Domain accounts, do you have any good Active Directory resources on the web. I think I can handle System.DirectoryServices, but I need to have a foundation in AD first.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.