Solved

ASP.NET Get Members from Active Directory Group

Posted on 2008-06-13
11
2,949 Views
Last Modified: 2010-04-21
I am trying to query an active directory group and return the members of that group. I have tried several different ways with no luck.  Attached is my last failed attempt.  Any help is greatly appreciated.
Imports System.DirectoryServices

Imports System.Security.Principal
 

Partial Class TestResults

    Inherits System.Web.UI.Page
 

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

        Response.Write(GetADGroupUsers("Health Department"))

    End Sub
 

    Public Function GetADGroupUsers(ByVal groupName As String) As ArrayList

        Dim result As SearchResult

        Dim search As New DirectorySearcher

        search.Filter = String.Format("(cn={0})", groupName)

        search.PropertiesToLoad.Add("member")

        result = search.FindOne()

        Dim i As Integer = 0
 

        Dim userNames As New ArrayList
 

        For i = 0 To result.Properties("members").Count

            userNames.Add(result.Properties("members")(i).ToString)

        Next

        GetADGroupUsers = userNames

    End Function

End Class

Open in new window

0
Comment
Question by:jayh99
  • 7
  • 3
11 Comments
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 21784840
could this sample code help:
http://msdn.microsoft.com/en-us/library/ms180885(VS.80).aspx

in short:
* you don't tell the directorysearch where to search from
* you asked findOne instead of findall

error:
        For i = 0 To result.Properties("members").Count
must be:

        For i = 0 To result.Properties("members").Count -1

0
 
LVL 1

Author Comment

by:jayh99
ID: 21785527
Thanks for the comment.  I will give it a try when I get in to work on Monday.
0
 
LVL 14

Expert Comment

by:Dustin Hopkins
ID: 21785729
the main problem other than not running the search. Is the property needs to be changed to "member" as members is not a property. Also you can use findone is you wish, so long as you don't have similiar group names. here is a quick example.

Note: the member property doesn't contain SAMAccounName(s) like (domain\username), but instead contains the user account's distinguished name (cn=username,dc=domain,dc=com) ect

Dim de As New DirectoryServices.DirectoryEntry("LDAP://domain.youcompany.com")'<---make sure to change to your ad connstring

        de.Username = SvcAcct '<--- domain accountname

        de.Password = SvcPass '<--- domain account password

        de.AuthenticationType = DirectoryServices.AuthenticationTypes.Secure

        Dim deSearch As New DirectoryServices.DirectorySearcher(de)

        Dim groupname As String = "Health Department" '<---group you wish to load

        deSearch.Filter = "(&(objectClass=group) (cn=" + groupname + "))"

        Dim results As DirectoryServices.SearchResultCollection = deSearch.FindAll()

        Dim result As DirectoryServices.SearchResult

        If (results.Count > 0) Then

            Dim userNames As New ArrayList

            For Each result In results

                For Each member As String In result.Properties("member")

                    userNames.add(member)

                Next

            Next

        End If

    End Sub

Open in new window

0
 
LVL 1

Author Comment

by:jayh99
ID: 21792981
   Private Sub GetADGroups()
        Dim de As New DirectoryServices.DirectoryEntry("LDAP://civicnet.com")        
        de.Username = "MyServiceAccount"
        de.Password = "MyServicePassword"
        de.AuthenticationType = DirectoryServices.AuthenticationTypes.Secure
        Dim deSearch As New DirectoryServices.DirectorySearcher(de)
        Dim groupname As String = "Health Department" '<---group you wish to load
        deSearch.Filter = "(&(objectClass=group) (cn=" + groupname + "))"
        Dim results As DirectoryServices.SearchResultCollection = deSearch.FindAll()
        Dim result As DirectoryServices.SearchResult
        If (results.Count > 0) Then
            Dim userNames As New ArrayList
            For Each result In results
                For Each member As String In result.Properties("member")
                    Response.Write(member)
                    userNames.Add(member)
                Next
            Next
        End If
    End Sub

I think it is getting close, but there are no items displayed when I call this.  I have double checked the groupname, and have even tried other groups with no luck.  Any ideas?
0
 
LVL 1

Author Comment

by:jayh99
ID: 21793239
It looks like it is the filter that is causing the problems.  If I comment out that line of code, I can display all members in the AD.  And if I add an if/then looking for member.Contains("Health Department") it displays all the members of that group.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Author Comment

by:jayh99
ID: 21793276
I also just noticed that Health Department is an organizational unit, not a common name, so that is probably part of the reason the filter is not working correctly.
0
 
LVL 14

Expert Comment

by:Dustin Hopkins
ID: 21793344
I'm getting confused as to what you are trying to accomplish. Aren't you trying to get all members of that group? Also is health department just an ou or is it also a group?
0
 
LVL 1

Author Comment

by:jayh99
ID: 21793387
I am wanting all members of health department. I think I worded my question wrong above because I didn't realize until this morning that it is an ou rather than a group.  

CN=D-Internet_FTP,OU=Users,OU=Health Department,DC=MYDOMAIN,DC=com
0
 
LVL 1

Author Comment

by:jayh99
ID: 21793406
And is it possible to get only the cn for each member of the ou?
0
 
LVL 14

Accepted Solution

by:
Dustin Hopkins earned 50 total points
ID: 21793470
You should just be able to plug that (OU=Health Department,DC=MYDOMAIN,DC=com), or something similiar, in as  as your diretory entry
Dim de As New DirectoryServices.DirectoryEntry("LDAP://OU=Health Department,DC=MYDOMAIN,DC=com")

0
 
LVL 1

Author Closing Comment

by:jayh99
ID: 31467089
Thanks for your help.  I have got it working now.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
In an ASP.NET application, I faced some technical problems. In this article, I list them out and show the solutions that I found.  I hope it will be useful. Problem: After closing a pop-up window, the parent page should be refreshed automaticall…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now