.NET Active Directory - Get a list of users in a specific Active Directory Group

Question

I have a list of Group names using the Ldap query... I have bound the list names to a data-grid in a WinForms app. When the user selects one of the group-names, an event is fired and the group name is passed to the method below:-

    // Get a list of group specific users //
    private List<Users> GetUsers(string groupName)
    {
        List<Users> groupSpecificUsers = new List<Users>();
        DirectorySearcher ds = null;
        DirectoryEntry de = new DirectoryEntry(domainPath);
        ds = new DirectorySearcher(de);

        ds.PropertiesToLoad.Add("SAMAccountName");
        ds.PropertiesToLoad.Add("member");
        ds.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))";
        SearchResult sr = ds.FindOne();

        if (sr != null)
        {
                // do whatever you need to do with the entry
        }

.... return list of users that belong to the specific GroupName ....

When I put a breakpoint at the if statement... sr is listed as null... I am not understanding why its null...even though the selected group clearly has members in it...

I feel like, I dont quite understand how the specific group name is to be used in the ldap query... can anyone point me in the right direction?

I think sr might be empty because you are searching on the SAMAccountName but in place of the account name you are providing a group name. SAMAccountName should be the name used to log into AD. So the ds.filter line would only ever get 1 item returned(assuming someone has an account name that is identical to the group name) — Aaron Thomas, Jan 05 '16 at 00:01

score 1 · Accepted Answer · answered Jan 05 '16 at 01:15

1

You have the DirectoryEntry object taking a parameter of domainPath, which I presume is a field in your code somewhere(?). If you can try just searching from the root, you might try this code to see if you are getting better results:

// Get a list of group specific users //
private List<Users> GetUsers(string groupName)
{
    List<Users> groupSpecificUsers = new List<Users>();
// MAKE SURE THE NEXT LINE REFLECTS YOUR DOMAIN
    DirectorySearcher ds = (new DirectoryEntry("LDAP://dc=yourdomain,dc=tld"));
    ds.PropertiesToLoad.Add("samaccountname");
    ds.PropertiesToLoad.Add("member");
    ds.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))";
    SearchResult sr = ds.FindOne();

    if (sr != null)
    {
            // do whatever you need to do with the entry
    }

See if those changes fix your issue.

answered Jan 05 '16 at 01:15

Sam

507
2
11

Thanks Sam, I get the error... cannot implicitly convert from Directory Entry to directory searcher. on the LDAP:// dc=yourdomain statement. – Philo Jan 05 '16 at 19:12
I changed it to Directory Searcher and fixed the syntactical error. But still getting null as a result for sr.... – Philo Jan 05 '16 at 19:22
Apologies for the syntax error. I tested it too but am getting results. Are you positive the LDAP:// parameter to DirectoryEntry is correct and that the group does, in fact, of members? – Sam Jan 05 '16 at 19:25
yep. Ok I solved it. Thank you for the root directory idea. – Philo Jan 05 '16 at 19:30
Hey Sam, I have another question, let me know if you are willing to look at it? – Philo Jan 06 '16 at 22:40
@Philo - sure, fire away. – Sam Jan 06 '16 at 23:56
http://stackoverflow.com/questions/34643665/ldap-query-for-all-members-specific-to-a-group – Philo Jan 07 '16 at 17:16

score 0 · Answer 2 · answered Jan 05 '16 at 00:09

0

I think the below line:

ds.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))";

needs to be changed to:

ds.Filter = "(&(objectClass=group)(Group=" + groupName + "))";

answered Jan 05 '16 at 00:09

Aaron Thomas

1,770
2
13
14

You may need to add "ds.PropertiesToLoad.Add("Group");" before you run the filter. – Aaron Thomas Jan 05 '16 at 00:36
still no go. //ds.PropertiesToLoad.Add("SAMAccountName"); //ds.PropertiesToLoad.Add("member"); ds.PropertiesToLoad.Add("Group"); ds.Filter = "(&(objectClass=group)(Group=" + groupName + "))"; – Philo Jan 05 '16 at 00:55

Philo · Answer 3 · 2016-01-05T19:38:11.190

This is how I solved it (it is pretty much what Sam said, I tweaked it a little more for illustrative purposes):-

            List<Users> groupSpecificUsers = new List<Users>();
            DirectoryEntry ROOT = new DirectoryEntry("LDAP://DC=xxx,DC=net");
            DirectoryEntry de = ROOT;

            var sr = new DirectorySearcher(de);
            sr.PropertiesToLoad.Add("SAMAccountName");
            sr.PropertiesToLoad.Add("member");
            sr.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))";



            if (sr != null)
            {...whatever...}

.NET Active Directory - Get a list of users in a specific Active Directory Group

3 Answers3