My previous post [Click Link] shows how to enumerate members of an AD group using an LDAP query written in VBscript.
Here I am showing you how to do the same using C#. Although, this function is not recursive (i.e doesn’t list members of a group that may be nested within the group you have specified)
DirectoryEntry group = new DirectoryEntry(LDAP://CN=GroupXXX,OU=Groups, OU=Company,DC=ww,DC=xx,DC=yy,DC=zz);
object members = group.Invoke("Members", null);
String s = "";
foreach (object member in (IEnumerable)members)
DirectoryEntry x = new DirectoryEntry(member);
s+= x.Properties["displayName"].Value + "\n";
I know, after reading this you are thinking, “I hate these code examples where they conveniently show you a long LDAP string, and tell you to figure out the DN of the group yourself”. To figure out what you need to put in the long LDAP:// string..you can use this piece of vbscript code.
Group = "GroupXXX" rs = CreateObject("ADODB.RecordSet") rs.Open(";(sAMAccountName=" & Group & ");adspath", "provider=ADsDSOObject") If Not rs.EOF Then s = rs(0).Value End If MsgBox(s)
NOTE: If you are so LDAP /Active Directory challenged that you cannot figure out what to put in the ww, xx, yy, zz. Then you can go to Start–>Adminstrative Tools–>Active Directory Users and Computer and you will see your domain name in the format ww.xx.yy.zz……..