CODEWITHSUNDEEP
c#active-directory
user1231793
user1231793

Reputation: 31

Iterate a group in active directory using C Sharp

I need to be able to execute a program from any server that could iterate through a group in active directory and check certain properties of the users in that group. This is what I have so far:

public static bool searchUser(string domain, string userName, string password, string objectDN)
{
    DirectoryEntry obj = new DirectoryEntry("LDAP://" + domain + "/" + objectDN, userName, password);
    if (obj.Properties["objectCategory"].ToString().Equals("group"))
    {
        object users = obj.Invoke("Members", null);
        foreach (object members in users) 
        { }
    }
}

Upvotes: 1

Views: 2921

Answers (2)

JPBlanc
JPBlanc

Reputation: 72640

Here is a way to do it recursively using DirectotyEntry and Microsoft LDAP_MATCHING_RULE_IN_CHAIN. I works on Framework 2.0 in an ActiveDirectory 2003 and 2008 R2

using System.DirectoryServices;
using System.Security.Principal;   

static void Main(string[] args) 

{ 
  //Connection to Active Directory 
  string sFromWhere = "LDAP://SRVENTR2:389/dc=societe,dc=fr"; 
  DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "societe\\administrateur", "test.2011"); 

  // To find all the users member of groups "Grp1"  : 
  // Set the base to the groups container DN; for example root DN (dc=societe,dc=fr)  
  // Set the scope to subtree 
  // Use the following filter : 
  // (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X) 
  // 
  DirectorySearcher dsLookFor = new DirectorySearcher(deBase); 
  dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=societe,DC=fr)(objectCategory=user))"; 
  dsLookFor.SearchScope = SearchScope.Subtree; 
  dsLookFor.PropertiesToLoad.Add("cn"); 

  SearchResultCollection srcUsers = dsLookFor.FindAll(); 

  // To check user properties
  foreach (SearchResult srcUser in srcUsers) 
  { 
    Console.WriteLine("{0}", srcUser.Path); 

  } 
  Console.ReadLine(); 
}

Starting Framework 3.5 You can use Directory Security Principals and do it like this :

/* Retreiving a principal context
 */
PrincipalContext context = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "root.123");

DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "WM2008R2ENT:389");
Domain dn = Domain.GetDomain(dc);
//Console.WriteLine("Le nom : {0}", dn.PdcRoleOwner.Domain);

/* Retreive a users from group
 */
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, @"MonGrpSec"))
{ 
  if (group != null)
  {
    foreach (var p in group.GetMembers(false))
    {
      Console.WriteLine(p.SamAccountName);
    } 
  } 
}

Upvotes: 0

enamrik
enamrik

Reputation: 2312

The following code needs to be refactored terribly but it's been working right for a month last time I checked

    private List<DirectoryUser> GetUsersInGroup(string groupName)
    {
        List<DirectoryUser> directoryUsers = new List<DirectoryUser>();

        try
        {
            ResultPropertyValueCollection members = null;

            using (var entry = new DirectoryEntry(_server))
            {
                entry.Path = "LDAP://" + _usersRoot;
                entry.Username = _domain + @"\" + _serviceAccountUsername;
                entry.Password = _serviceAccountPassword;
                entry.AuthenticationType = AuthenticationTypes.Secure;

                using (DirectorySearcher searcher = new DirectorySearcher(entry))
                {
                    searcher.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
                    searcher.PropertiesToLoad.Add("member");

                    SearchResult result = searcher.FindOne();

                    if (result == null)
                        return directoryUsers;

                    members = result.Properties["member"];
                }
            }

            if (members == null || members.Count == 0)
                return directoryUsers;

            foreach (var member in members)
            {
                using (var entry = new DirectoryEntry(_server))
                {
                    entry.Path = "LDAP://" + member;
                    entry.Username = _domain + @"\" + _serviceAccountUsername;
                    entry.Password = _serviceAccountPassword;
                    entry.AuthenticationType = AuthenticationTypes.Secure;

                    using (DirectorySearcher searcher = new DirectorySearcher(entry))
                    {
                        searcher.Filter = "(objectClass=user)";
                        searcher.SearchScope = SearchScope.Base;

                        searcher.PropertiesToLoad.Add("mail");
                        searcher.PropertiesToLoad.Add("givenName");
                        searcher.PropertiesToLoad.Add("sn");
                        searcher.PropertiesToLoad.Add("sAMAccountName");
                        searcher.PropertiesToLoad.Add("telephoneNumber");

                        SearchResult result = searcher.FindOne();

                        if (result == null)
                            continue;

                        var dirUser = new DirectoryUser();
                        dirUser.Username = Convert.ToString(result.Properties["sAMAccountName"][0]);
                        dirUser.FirstName = Convert.ToString(result.Properties["givenName"][0]);
                        dirUser.LastName = Convert.ToString(result.Properties["sn"][0]);
                        dirUser.Email = Convert.ToString(result.Properties["mail"][0]);
                        dirUser.Phone = Convert.ToString(result.Properties["telephoneNumber"][0]);

                        directoryUsers.Add(dirUser);


                    }

                }
            }


        }
        catch { }

        return directoryUsers;

    }

Upvotes: 1

Related Questions