List all users of an AD group in Delphi

Question

How can I list all users of an AD group in Delphi 7?

One of the options, as I know, is to use a string LDAP. I got a LDAP string, but how to use it?

I tried to use WinAPI, example from internet that i search

function TSequrity.DomainUsers: String;
var
   EntiesRead: DWORD;
   TotalEntries: DWORD;
   UserInfo: lpUSER_INFO_1;
   lpBuffer: Pointer;
   ResumeHandle: DWORD;
   Counter: Integer;
   NetApiStatus: LongWord;
   w:WideString;
begin
    ResumeHandle := 0;
    w:=Domain;
    NetApiStatus := NetUserEnum(@w[1], 1, 0, lpBuffer, 0, EntiesRead, TotalEntries, ResumeHandle);
    NetApiBufferFree(lpBuffer);
    NetApiStatus := NetUserEnum(@w[1], 1, 0, lpBuffer, TotalEntries*TotalEntries, EntiesRead, TotalEntries, ResumeHandle);
     UserInfo     := lpBuffer;

     for Counter := 0 to EntiesRead - 1 do
     begin
       Result:=Result+WideCharToString(UserInfo^.usri1_name)+#13#10;
       Inc(UserInfo);
     end;
     NetApiBufferFree(lpBuffer);
end;

It find local users. But im need to find users of domain group.

Answer 1

Here's an example using "NetGroupGetUsers". Please be aware that this does not work with nested groups (groups containing other groups).

{$WARN SYMBOL_PLATFORM OFF}

program DomainGroupGetUsersTest;

{$APPTYPE CONSOLE}

uses
  SysUtils, Windows, Classes;

const
    netapi32lib = 'netapi32.dll';

type
    PGroupUsersInfo0 = ^TGroupUsersInfo0;
    _GROUP_USERS_INFO_0 = record
      grui0_name: LPWSTR;
    end;
    TGroupUsersInfo0 = _GROUP_USERS_INFO_0;
    GROUP_USERS_INFO_0 = _GROUP_USERS_INFO_0;

    NET_API_STATUS = DWORD;
    LPBYTE = ^BYTE;

function NetApiBufferFree (Buffer: Pointer): NET_API_STATUS; stdcall;
                                                           external netapi32lib;
function NetGroupGetUsers (servername: LPCWSTR; groupname: LPCWSTR; 
    level: DWORD; var bufptr: LPBYTE; prefmaxlen: DWORD; var entriesread: DWORD;
    var totalentries: DWORD; ResumeHandle: PDWORD): NET_API_STATUS; stdcall;
                                                           external netapi32lib;

function DomainGroupGetUsers (const sGroup: WideString;
                              const UserList: TStrings;
                              const sLogonServer: WideString) : Boolean;
{ "sLogonServer" must be prefixed with "\\".
  "sGroup" must contain the group name only. }

type
    TaUserGroup = array of TGroupUsersInfo0;

const
    PREF_LEN = 1024;

var
    pBuffer : LPBYTE;
    i : Integer;
    Res : NET_API_STATUS;
    dwRead, dwTotal : DWord;
    hRes : DWord;

begin
    Assert (sGroup <> '');
    Assert (sLogonServer <> '');
    Assert (UserList <> NIL);

    UserList.Clear;
    Result := true;
    hRes := 0;

    repeat
        Res := NetGroupGetUsers (PWideChar (sLogonServer), PWideChar (sGroup),
                                 0, pBuffer, PREF_LEN, dwRead, dwTotal,
                                 PDWord (@hRes));

        if (Res = Error_Success) or (Res = ERROR_MORE_DATA) then
        begin
            if (dwRead > 0) then
                for i := 0 to dwRead - 1 do
                    with TaUserGroup (pBuffer) [i] do
                        UserList.Add (grui0_name);

            NetApiBufferFree (pBuffer);
        end { if }
        else Result := false;
    until (Res <> ERROR_MORE_DATA);
end; { DomainGroupGetUsers }


var
    UserList : TStringList;
    iIndex : Integer;

begin
    UserList := TStringList.Create;

    try
        DomainGroupGetUsers ('Domain Users', UserList,
                             GetEnvironmentVariable ('LOGONSERVER'));

        for iIndex := 0 to UserList.Count - 1 do
            WriteLn (UserList [iIndex]);

    finally
        UserList.Free;
    end; { try / finally }

    if (DebugHook <> 0) then
    begin
        WriteLn;
        Write ('Press [Enter] to continue ...');
        ReadLn;
    end; { if }
end.