jayh99
asked on
ASP.NET Get Members from Active Directory Group
I am trying to query an active directory group and return the members of that group. I have tried several different ways with no luck. Attached is my last failed attempt. Any help is greatly appreciated.
Imports System.DirectoryServices
Imports System.Security.Principal
Partial Class TestResults
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
Response.Write(GetADGroupUsers("Health Department"))
End Sub
Public Function GetADGroupUsers(ByVal groupName As String) As ArrayList
Dim result As SearchResult
Dim search As New DirectorySearcher
search.Filter = String.Format("(cn={0})", groupName)
search.PropertiesToLoad.Add("member")
result = search.FindOne()
Dim i As Integer = 0
Dim userNames As New ArrayList
For i = 0 To result.Properties("members").Count
userNames.Add(result.Properties("members")(i).ToString)
Next
GetADGroupUsers = userNames
End Function
End Class
ASKER
Thanks for the comment. I will give it a try when I get in to work on Monday.
the main problem other than not running the search. Is the property needs to be changed to "member" as members is not a property. Also you can use findone is you wish, so long as you don't have similiar group names. here is a quick example.
Note: the member property doesn't contain SAMAccounName(s) like (domain\username), but instead contains the user account's distinguished name (cn=username,dc=domain,dc= com) ect
Note: the member property doesn't contain SAMAccounName(s) like (domain\username), but instead contains the user account's distinguished name (cn=username,dc=domain,dc=
Dim de As New DirectoryServices.DirectoryEntry("LDAP://domain.youcompany.com")'<---make sure to change to your ad connstring
de.Username = SvcAcct '<--- domain accountname
de.Password = SvcPass '<--- domain account password
de.AuthenticationType = DirectoryServices.AuthenticationTypes.Secure
Dim deSearch As New DirectoryServices.DirectorySearcher(de)
Dim groupname As String = "Health Department" '<---group you wish to load
deSearch.Filter = "(&(objectClass=group) (cn=" + groupname + "))"
Dim results As DirectoryServices.SearchResultCollection = deSearch.FindAll()
Dim result As DirectoryServices.SearchResult
If (results.Count > 0) Then
Dim userNames As New ArrayList
For Each result In results
For Each member As String In result.Properties("member")
userNames.add(member)
Next
Next
End If
End Sub
ASKER
Private Sub GetADGroups()
Dim de As New DirectoryServices.Director yEntry("LD AP://civic net.com")
de.Username = "MyServiceAccount"
de.Password = "MyServicePassword"
de.AuthenticationType = DirectoryServices.Authenti cationType s.Secure
Dim deSearch As New DirectoryServices.Director ySearcher( de)
Dim groupname As String = "Health Department" '<---group you wish to load
deSearch.Filter = "(&(objectClass=group) (cn=" + groupname + "))"
Dim results As DirectoryServices.SearchRe sultCollec tion = deSearch.FindAll()
Dim result As DirectoryServices.SearchRe sult
If (results.Count > 0) Then
Dim userNames As New ArrayList
For Each result In results
For Each member As String In result.Properties("member" )
Response.Write(member)
userNames.Add(member)
Next
Next
End If
End Sub
I think it is getting close, but there are no items displayed when I call this. I have double checked the groupname, and have even tried other groups with no luck. Any ideas?
Dim de As New DirectoryServices.Director
de.Username = "MyServiceAccount"
de.Password = "MyServicePassword"
de.AuthenticationType = DirectoryServices.Authenti
Dim deSearch As New DirectoryServices.Director
Dim groupname As String = "Health Department" '<---group you wish to load
deSearch.Filter = "(&(objectClass=group) (cn=" + groupname + "))"
Dim results As DirectoryServices.SearchRe
Dim result As DirectoryServices.SearchRe
If (results.Count > 0) Then
Dim userNames As New ArrayList
For Each result In results
For Each member As String In result.Properties("member"
Response.Write(member)
userNames.Add(member)
Next
Next
End If
End Sub
I think it is getting close, but there are no items displayed when I call this. I have double checked the groupname, and have even tried other groups with no luck. Any ideas?
ASKER
It looks like it is the filter that is causing the problems. If I comment out that line of code, I can display all members in the AD. And if I add an if/then looking for member.Contains("Health Department") it displays all the members of that group.
ASKER
I also just noticed that Health Department is an organizational unit, not a common name, so that is probably part of the reason the filter is not working correctly.
I'm getting confused as to what you are trying to accomplish. Aren't you trying to get all members of that group? Also is health department just an ou or is it also a group?
ASKER
I am wanting all members of health department. I think I worded my question wrong above because I didn't realize until this morning that it is an ou rather than a group.
CN=D-Internet_FTP,OU=Users ,OU=Health Department,DC=MYDOMAIN,DC= com
CN=D-Internet_FTP,OU=Users
ASKER
And is it possible to get only the cn for each member of the ou?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Thanks for your help. I have got it working now.
http://msdn.microsoft.com/en-us/library/ms180885(VS.80).aspx
in short:
* you don't tell the directorysearch where to search from
* you asked findOne instead of findall
error:
For i = 0 To result.Properties("members
must be:
For i = 0 To result.Properties("members