List Active Directory Users and Groups

[evad4682]

I am looking for a way to do something in .Net 2003 that I was able to do in vbscript. I need to be able to list AD groups and users. This was fairly simple in vbscript but I am having difficulty doing this in .Net.

In vbscript for groups:

colgroups = GetObject(WinNT://mydomain,domain")
colgroups.Filter = Array("group")
  For Each objgroup In colgroups
      name = objgroup.Name
      descript = objgroup.Description
  Next

I would do the same thing for users except change the filter to "User". How do I do this in .Net 2003?

Thanks everyone

 

[hauptra]

You could use similar code in .net using the Script Runtime library, but I wouldn't recommend it. Instead a better solution would be to use DirectoryServices. You can use the DirectorySearcher function. This site has one example. I'd write you one myself, except I don't have access to AD right now to test my code.

 

[evad4682]

That sample is working great for me, thanks! Would you happen to know what the column name for the lan id would be? Or even what all the different columns I could pull from?

Thanks for the help

 

[hauptra]

You can get a list of all the properties (Schema) using Adsiedit.msc. Use this from a Domain Controller. You may have to download it from Microsoft.

 

[evad4682]

Unfortunately I do not have the ability to run any utility on the domain controller. This is what I am running to list my user accounts.

Try
            Dim enTry As DirectoryEntry = New DirectoryEntry("LDAP://domainController1/OU=User_Accounts,OU=Group3,OU=Group2,OU=Group1,DC=Mydomain")


            Dim mySearcher As DirectorySearcher = New DirectorySearcher(enTry)
            mySearcher.Filter = "((objectClass=user))"
            Dim resEnt As SearchResult
            Dim rowcomputer As DataRow
            Try
                For Each resEnt In mySearcher.FindAll()

                    ListBox1.Items.Add("*******************************************************")
                    ListBox1.Items.Add(resEnt.GetDirectoryEntry.Properties.Item("name").Value)
                    ListBox1.Items.Add(resEnt.GetDirectoryEntry.Properties.Item("description").Value)
                Next
            Catch f As Exception
                ListBox1.Items.Add(f.Message)
            End Try
        Catch f As Exception
            ListBox1.Items.Add(f.Message)
        End Try

The "name" property sometimes produces the LAN id and sometimes not. It must be our how some of our AD accounts are entered. What I really need is the User Logon Name. Any ideas?

 

[hauptra]

You probably want the sAMAccountName attribute.

Adsiedit is the easiest way to look at the schema. Alternatively you can look at this site. This shows the attributes for the user class. Take care to notice that the names listed aren't how you should call it through LDAP. Take a look at SAM-Account-Name. It is really called sAMAccountName.

Just keep that in mind.

 

[evad4682]

Thanks again hauprta. Now I am really confused. I finally have the data elements that I want, now why is my search only returning 1000 rows? A different 1000 rows each time I run my app. Is there a size limit I have to set?

 

[hauptra]

This article should clear things up.