[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to retrieve each members in an AD Security Group?

Posted on 2014-12-17
6
Medium Priority
?
327 Views
Last Modified: 2014-12-18
Hi, I'm using VS2012, C# and asp.net.
Hi, I need to retrieve all members of a Security group.  Basically all windows account in a users group.  I then list about 6 attribute information from each account on a row in a Gridview control and allow for certain update.  After some struggle, I am now able to get pass authentication.  need help with syntax on binding to the Security group and then how to retrieve each member's information.   This is what I have below.  Got exception error when it executes the code "object members = deAccounts.Invoke("members", null);".
Got error message "{"A referral was returned from the server.\r\n"}"
Q: Is my binding correctly for binding to a security group in AD?
Also why it crash and how to fix it?  Thank you.



                DirectoryEntry deAccounts = new DirectoryEntry("LDAP://my.domain.com/CN=admin_id,DC=my,DC=domain,DC=com", @"admin_id@my.domain.com", "MyPassword");

                if (deAccounts != null)
                {
                 

                   
                    object members = deAccounts.Invoke("members", null);

                    foreach (object groupMember in (IEnumerable<object>)members)
                    {
                        DirectoryEntry member = new DirectoryEntry(groupMember);
                        genericAccounts.Add(member);

                        Console.WriteLine(member.Name);
                    }

                    gridAccounts.DataSource = genericAccounts;
                    gridAccounts.DataBind();

                }
0
Comment
Question by:lapucca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 

Author Comment

by:lapucca
ID: 40505859
Well, I just saw that I still have error after binding to both root and a security group, here is the error below.  I get this error when I expanded both the root bind and the direct bind to the Security group.  


            HResult      -2147467262      int
+            InnerException      null      System.Exception
            Message      "Unable to cast COM object of type 'System.__ComObject' to interface type 'IAdsContainer'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{001677D0-FD16-11CE-ABC4-02608C9E7553}' failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE))."      string
            Source      "System.DirectoryServices"      string
            StackTrace      "   at System.DirectoryServices.DirectoryEntry.get_ContainerObject()"      string
+            TargetSite      {IAdsContainer get_ContainerObject()}      System.Reflection.MethodBase {System.Reflection.RuntimeMethodInfo}
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40506706
You could search for them instead. That'll leave you with a SearchResultCollection you can easily loop through without worrying about the COMObject at all.

e.g.
DirectorySearcher searcher = new DirectorySearcher("(memberOf=CN=admin_id,DC=my,DC=domain,DC=com)");
searcher.PageSize = 1000;
SearchResultCollection results = searcher.FindAll();

Open in new window

Alternatively you can cast the COMObject returned by the member method to a DirectoryEntry (note that the member method does not return an exact copy of the member attribute).

e.g.
DirectoryEntry entry = (DirectoryEntry)member;

Open in new window

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 40506707
Sorry, missed a note.

If you've doing this for large groups and don't need to write back to the directory the first method (DirectorySearcher) is, by far, the most efficient. For the second method you have to re-bind to the directory for every member to get the properties.

Chris
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:lapucca
ID: 40507343
Chris,
Yes, I would allso user to make changes to the 6 members properties, including enabling and disabling the account.  That change will need to be updated back to AD.

I need to bind about 6 attribute, property , for each member in that group.  Right now we expect only abut 30 members the most.  Please advise what is the best way to do this.  The code I posted is taken from MS site, http://msdn.microsoft.com/en-us/library/ms180906%28v=vs.80%29.aspx
The code gets an exception when it uses the Invoke method.  With error saying that "{"A referral was returned from the server.\r\n"}".  Why am I getting this message?  It couldn't find it or is the service account not having the permission?

The COM object error is after the DE is created and I expand in the debug window to examine its properties.  Would like to know why I'm getting that error as well or do I just ignore that?  Am I bind to AD even with this code?
Thank you.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 40507354
Referral means the object, or partition, is hosted elsewhere in the forest. You can chase referrals, but I'll need to pull some samples from my library to show you that.

Let me try and have a look at the link in the morning. Home time but my net connection is down at home for a few days.

Chris
0
 

Author Comment

by:lapucca
ID: 40508081
There were a couple of issues that attributed the problem.  The major one is permission weren't set properly for that service account.  I've gotten over those errors.  Now I'm having problem getting member of that Security Group and binding that to the gridview control.  I'll post that in another question.  Thank you much for your help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question