LDAP Gettling a list of logon names
I have the need in my program to get the list of user logon names in a group.
This is what I have so far but it only returns all the users...which I need cut down to those in a group, of which i have the name of.
Opt开发者_StackOverflow中文版ion Explicit On
Imports System.DirectoryServices
Imports System.DirectoryServices.ActiveDirectory
Module Module1
Sub Main()
Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://OU=Users,OU=Irvine,OU=KNS,DC=corp,DC=kns,DC=com")
Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)
Dim oResults As DirectoryServices.SearchResultCollection
Dim oResult As DirectoryServices.SearchResult
' THIS DOESNT WORK
' objSearch.Filter = "department = engineering"
oResults = objSearch.FindAll
For Each oResult In oResults
Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value)
Next
End Sub
End Module
Try changing the filer to
objSearch.Filter = "(&(objectCategory=user)(memberOf=CN=Employees,OU=Security Groups,DC=yourdomain,DC=com))"
The group is Employees.
Source : How to write a LDAP search filter
Note: I couldn't test this. Let me know if it works or not.
If you want all members of a group, try this:
1) bind to the group:
DirectoryEntry theGroup =
new DirectoryEntry("LDAP://cn=YourGroupname,ou=SomeOU,dc=YourCompany,dc=com");
2) Then, enumerate its members - it's the "member" property of the group's DirectoryEntry:
foreach(object dn in theGroup.Properties["member"])
{
Console.WriteLine(dn);
}
Each entry in the group's "member" property should be the full DN (distinguished name) of its members - users or other groups.
Your question says you're trying to enumerate the members of a group - yet your code looks more like you're trying to enumerate everything inside an OU (organizational unit) - those two tasks are quite different! Which do you really need?
You can find a Quick List for Visual Basic.NET Code Samples on the MSDN library, or you can learn more about How to do almost everything in Active Directory on CodeProject (with C# samples).
Marc
Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://ou=users,ou=irvine,ou=kns,dc=corp,dc=kns,dc=com")
Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)
Dim oResults As DirectoryServices.SearchResultCollection
Dim oResult As DirectoryServices.SearchResult
objSearch.Filter = "(&(objectCategory=person)(objectClass=user)(department=Engineering)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
oResults = objSearch.FindAll
For Each oResult In oResults
Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value)
Next
this worked!!
A number of years ago I built a AD component that we use often just for this task. Try this.
Public Function GetUsersInGroup(ByVal GroupName As String) As String()
If GroupName = String.Empty Then Return Nothing
Dim Users() As String = Nothing
Dim S As String = "LDAP://DC=YourCompany,DC=com"
Dim Parent As New DirectoryServices.DirectoryEntry(S)
Dim Search As New DirectoryServices.DirectorySearcher(Parent)
Search.SearchScope = DirectoryServices.SearchScope.Subtree
Search.Filter = "(CN=" & GroupName & ")"
Search.PropertiesToLoad.Add("member")
Dim Result As DirectoryServices.SearchResult = Search.FindOne
Dim prop_value As String, i As Integer = 0
If Result IsNot Nothing Then
If Result.Properties("member").Count > 0 Then
ReDim Users(Result.Properties("member").Count - 1)
For Each prop_value In Result.Properties("member")
Dim S2 As New DirectoryServices.DirectorySearcher(Parent)
S2.SearchScope = DirectoryServices.SearchScope.Subtree
S2.Filter = "(" & prop_value.Substring(0, prop_value.IndexOf(","c)) & ")"
S2.PropertiesToLoad.Add("SAMAccountName")
Dim R2 As DirectoryServices.SearchResult = S2.FindOne
For Each Prop As String In R2.Properties("SAMAccountName")
Users(i) = Prop.ToUpper
i = i + 1
Next
Next
Exit For
End If
End If
End Function
Lots of information can be pulled from AD if you know where to look for it.
加载中,请稍侯......
精彩评论