How can I get detailed information for a group using LDAP?

TRA_DEV
TRA_DEV used Ask the Experts™
on
I have a few pieces of code in my project that "work" but neither give me exactly what I want.  I need to pass in a Group and get  as much information as I can: username, full name, samaccountname, etc.
Right now all I get from this code is "CN=lastname,/ firstname "description of user" And I can't do anything with it.  Can someone modify this code or give me new code to get what I need?

  Dim strName As String
  Dim GroupSearcher As New DirectorySearcher
  Dim GroupSearchRoot As New DirectoryEntry("LDAP://" & Domain, Username, Password)

        With GroupSearcher
            .SearchRoot = GroupSearchRoot
            .Filter = "(&(ObjectClass=Group)(CN=TRAUser))"  
        End With
        '
           
        '
        Dim Members As Object = GroupSearcher.FindOne.GetDirectoryEntry.Invoke("Members", Nothing) '<<< Get members
        For Each Member As Object In CType(Members, IEnumerable)  
            Dim CurrentMember As New DirectoryEntry(Member)
            strName = (CurrentMember.Name) '.Remove(0, 3))              

        Next
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Do you want the output to the screen or a file?
What else do you want besides name and username?

Author

Commented:
I just want the information passed as strings so I can use them in another funtion.  I guess all I need is  full name (First Last), and the userid (the ID used to login).
Give this a try.  Let me know if you have any questions.
Option Explicit

'Define Constants
Const ADS_SCOPE_BASE = 0 'Search base object only
Const ADS_SCOPE_ONELEVEL = 1 'Search one level of immediate children
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels

'Declare Variables
Dim DQ
Dim objShell
Dim arrGroupMembers
Dim objRootDSE
Dim strADsPath
Dim objConnection
Dim objCommand
Dim objRecordSet
Dim strGroup
Dim objGroup
Dim strMember
Dim strName
Dim strGroupPath
Dim objMember

'Set Variables
DQ = Chr(34) 'Double Quote

'Create Objects
Set objShell = CreateObject("Wscript.Shell")
Set arrGroupMembers = CreateObject("System.Collections.ArrayList")

'Verifies script was run using Cscript, and if not relauches it using Cscript
If Not WScript.FullName = WScript.Path & "\cscript.exe" Then
	objShell.Popup "Relaunching script with Cscript in 5 seconds...", 5, _
	"Script Host Message", 48
	objShell.Run "cmd.exe /k " & WScript.Path & "\cscript.exe //NOLOGO " & _
	DQ & WScript.scriptFullName & DQ, 1, False
	WScript.Quit 0
End If

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Prompt for Group Name
Do
	strGroup = InputBox("Please enter the AD group name to search for:", _
	"Group Name Input", "GroupName")
	If strGroup = False Then
		WScript.Quit
	End If
Loop Until strGroup <> ""

'Search AD Domain for Group
objCommand.CommandText = "SELECT ADsPath FROM '" & strADsPath & "'" & _
" WHERE objectCategory='group' AND Name = '" & strGroup & "'"
Set objRecordSet = objCommand.Execute

'Verify Group was found
If objRecordSet.EOF Then
	WScript.echo "Group named " & strGroup & " not found, Exiting script."
	WScript.quit
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strGroupPath = objRecordSet.Fields("ADsPath").Value
		objRecordSet.MoveNext
	Loop
End If

'List Group Members
Set objGroup = GetObject(strGroupPath)
For Each strMember In objGroup.Member
	Set objMember = GetObject("LDAP://" & strMember)
	If objMember.Class = "user" Then
		WScript.Echo objMember.CN & VbTab & objMember.samaccountname
	End If
Next

Open in new window

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Sorry, I was looking for something along the same lines as what I have....I'm new to this and the less new code I have to digest the better.
Sorry the code is not as short as you are looking for.  It includes some error traping/correcting and it does what you requested.  I can explain any parts of it you do not understand.

How about just that?


Dim strName As String
Dim GroupSearcher As New DirectorySearcher
Dim GroupSearchRoot As New DirectoryEntry("LDAP://" & Domain, Username, Password)

With GroupSearcher
   .SearchRoot = GroupSearchRoot
   .Filter = "(&(ObjectClass=Group)(CN=TRAUser))"  
End With
           
Dim Members As Object = GroupSearcher.FindOne.GetDirectoryEntry.Invoke("Members", Nothing)

For Each Member As Object In CType(Members, IEnumerable)  
       Dim CurrentMember As New DirectoryEntry(Member)

       Dim memberName, memberDescription as String
       Dim memberSamAccountName, memberMail as String

       memberName = CurrentMember.name
       memberDescription = CurrentMember.description
       memberSamAccountName = CurrentMember.sAMAccountName
       memberMail = CurrentMember.mail
Next

...and so on. For a detailed description what LDAP attribute names you can read fro a Active Directory user object, you can visit this website:
http://www.selfadsi.org/user-attributes-w2k3.htm

By the way...there is also a list of all the group attributes for the LDAP access on AD groups:
http://www.selfadsi.org/group-attributes-w2k3.htm

Philipp


Dim strName As String
  Dim GroupSearcher As New DirectorySearcher
  Dim GroupSearchRoot As New DirectoryEntry("LDAP://" & Domain, Username, Password)

        With GroupSearcher
            .SearchRoot = GroupSearchRoot
            .Filter = "(&(ObjectClass=Group)(CN=TRAUser))"  
        End With
        '
           
        '
        Dim Members As Object = GroupSearcher.FindOne.GetDirectoryEntry.Invoke("Members", Nothing) '<<< Get members
        For Each Member As Object In CType(Members, IEnumerable)  
            Dim CurrentMember As New DirectoryEntry(Member)

            Dim memberName, memberDescription as String
            Dim memberSamAccountName, memberMail as String

            memberName = CurrentMember.name
            memberDescription = CurrentMember.description
            memberSamAccountName = CurrentMember.sAMAccountName
            memberMail = CurrentMember.mail
        Next

Open in new window

Chris DentPowerShell Developer
Top Expert 2010

Commented:

If you want details of the members you might be better off with this.

The downside is the Distinguished Name (like CN=Group Name,OU=somewhere,DC=domain,DC=com) must be hard-coded or found to use with the filter, wildcards are not permitted.

I would suggest you avoid GetDirectoryEntry unless you need to write back to the directory, it's a lot of work and scales up very badly.

Chris
Dim strName As String
  Dim ADSearch As New DirectorySearcher
  Dim SearchRoot As New DirectoryEntry("LDAP://" & Domain, Username, Password)

  With ADSearcher
    .SearchRoot = SearchRoot
    .Filter = "(&(objectClass=user)(objectCategory=person)" & _
      "(memberOf=CN=TRAUser,OU=somewhere,DC=domain,DC=com))"
  End With
  '
           
  '
  Dim Members As SearchResultCollection = ADSearcher.FindAll()

  For Each Member As SearchResult In Members
    Dim Name As String = Member.Properties("name").Item(0)
    Dim SAMAccountName As String = Member.Properties("samaccountname").Item(0)
    Dim Mail As String = Member.Properties("mail").Item(0)
  Next

Open in new window

Author

Commented:
Thanks, I will try them all.

Pfoekeler..with yours I get the error  Mail, samaccountname, description is not a member of system.directoryservices.directoryentry
PowerShell Developer
Top Expert 2010
Commented:

For the DirectoryEntry version, this should fix it up:


            memberName = CurrentMember.Properties("name").Value
            memberDescription = CurrentMember.Properties("description").Value
            memberSamAccountName = CurrentMember.Properties("sAMAccountName").Value
            memberMail = CurrentMember.Properties("mail").Value


Chris

Author

Commented:
Chris on your code I get the group name for Name and SAM...and then mail throws an index out of range error.
Chris DentPowerShell Developer
Top Expert 2010

Commented:

Mail probably isn't filled in then, that corresponds to the mail field on the General tab in AD Users and Computers.

Whichever method you use you'll have to test for null / unset values. Name and sAMAccountName are safe because they must be set.

Chris

Author

Commented:
Chris,

Those changes you gave me for worked perfect....I got exactly what I needed
Chris is right, just try out this error handling:

Philipp

Dim attribute as String() = {"name", "sAMAccountName", "userPrincipalName", "description", "mail", "department", "title", "givenName", "sn"}

Dim value As String

For Each Member As SearchResult In Members

  For i as Integer = 0 to attributes.Length - 1
     if Member.Properties.Contains(attribute(i)) then
         value = Member.Properties(attribute(i))
            
         'now do something with the attirbute... :)
     end if
  Next

Next

Open in new window

ouch...
please use

value = Member.Properties(attribute(i)).Value

instead of

value = Member.Properties(attribute(i))

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial