22

There are a couple of questions similar to this on stack overflow but not quite the same.

I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an exception.

So far I started using the DirectoryEntry object with the WinNT:// provider. This is going ok but I'm stuck on how to get a list of members of a group?

Anyone know how to do this? Or provide a better solution than using DirectoryEntry?

ekad
  • 14,436
  • 26
  • 44
  • 46
Kepboy
  • 3,733
  • 2
  • 30
  • 43

3 Answers3

33

Okay, it's taken a while, messing around with different solutions but the one that fits best with my original question is given below. I can't get the DirectoryEntry object to access the members of a local group using the 'standard' methods, the only way I could get it to enumerate the members was by using the Invoke method to call the native objects Members method.

using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
    foreach(object member in (IEnumerable) groupEntry.Invoke("Members"))
    {
        using(DirectoryEntry memberEntry = new DirectoryEntry(member))
        {
            Console.WriteLine(memberEntry.Path);
        }
    }
}

I also used a similar technique to add and remove members from the local group.

Hopefully this helps someone else as well. Keith.

EDIT by Tim: added VB.Net version

Public Function MembersOfGroup(ByVal GroupName As String) As List(Of DirectoryEntry)
    Dim members As New List(Of DirectoryEntry)
    Try
        Using search As New DirectoryEntry("WinNT://./" & GroupName & ",group")
            For Each member As Object In DirectCast(search.Invoke("Members"), IEnumerable)
                Dim memberEntry As New DirectoryEntry(member)
                members.Add(memberEntry)
            Next
        End Using
    Catch ex As Exception
        MessageBox.Show(ex.ToString)
    End Try
    Return members
End Function
Tim Schmelter
  • 450,073
  • 74
  • 686
  • 939
Kepboy
  • 3,733
  • 2
  • 30
  • 43
  • Its NOT working showing this error : Error 4 Using the generic type 'System.Collections.Generic.IEnumerable' requires '1' type arguments C:\Documents and Settings\pratikj\My Documents\Visual Studio 2008\Projects\ConsoleApplication1\ConsoleApplication1\Program.cs 112 44 ConsoleApplication1 Can you please help me out ?? – Pratik Nov 22 '10 at 12:47
  • 1
    I know its a little late but you need to use System.Collections.IEnumerable – Ammer Aug 02 '16 at 18:32
7

Microsoft .NET Framework provides a standard library for working with Active Directory: System.DirectoryServices namespace in the System.DirectoryServices.dll.

Microsoft recommends using two main classes from the System.DirectoryServices namespace: DirectoryEntry and DirectorySearcher. In most cases, it is enough to use DirectorySearcher class only.

UPDATE: I tested it on my machine - it works. But maybe I've misunderstood your question.

Here is an example from an excellent CodeProject article:

Get a list of users belonging to a particular AD group

using System.DirectoryServices;

ArrayList GetADGroupUsers(string groupName)
{    
   SearchResult result;
   DirectorySearcher search = new DirectorySearcher();
   search.Filter = String.Format("(cn={0})", groupName);
   search.PropertiesToLoad.Add("member");
   result = search.FindOne();

   ArrayList userNames = new ArrayList();
   if (result != null)
   {
       for (int counter = 0; counter < 
          result.Properties["member"].Count; counter++)
       {
           string user = (string)result.Properties["member"][counter];
               userNames.Add(user);
       }
   }
   return userNames;
}
splattne
  • 102,760
  • 52
  • 202
  • 249
  • I think your code only works for active directory groups. I need to get the members of a 'local' group. Like the local Adminstrators group that is setup on all Windows installations, maybe not Vista. – Kepboy Nov 02 '08 at 22:09
  • I tried both of these to get the members of a local group. The accepted answer worked for me, and the answer you gave did not. I'm sure that it works just fine for an AD group, but I got an error saying that searches weren't supported for WinNT:// objects. – ristonj Jan 04 '11 at 20:18
1

You should be able to find this information inside the "member" attribute on the DirectoryEntry that represents the group.

Tim Robinson
  • 53,480
  • 10
  • 121
  • 138