There are a couple of questions similar to this on stack overflow but not quite the same.
I want to open, or create, a local group on a win xp computer and add members to it, domain, local and well known accounts. I also want to check whether a user is already a member so that I don't add the same account twice, and presumably get an exception.
So far I started using the DirectoryEntry object with the WinNT://
provider. This is going ok but I'm stuck on how to get a list of members of a group?
Anyone know how to do this? Or provide a better solution than using DirectoryEntry?
Okay, it's taken a while, messing around with different solutions but the one that fits best with my original question is given below. I can't get the DirectoryEntry object to access the members of a local group using the 'standard' methods, the only way I could get it to enumerate the members was by using the Invoke method to call the native objects Members method.
using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://./Administrators,group"))
{
foreach(object member in (IEnumerable) groupEntry.Invoke("Members"))
{
using(DirectoryEntry memberEntry = new DirectoryEntry(member))
{
Console.WriteLine(memberEntry.Path);
}
}
}
I also used a similar technique to add and remove members from the local group.
Hopefully this helps someone else as well.
Keith.
EDIT by Tim: added VB.Net version
Public Function MembersOfGroup(ByVal GroupName As String) As List(Of DirectoryEntry)
Dim members As New List(Of DirectoryEntry)
Try
Using search As New DirectoryEntry("WinNT://./" & GroupName & ",group")
For Each member As Object In DirectCast(search.Invoke("Members"), IEnumerable)
Dim memberEntry As New DirectoryEntry(member)
members.Add(memberEntry)
Next
End Using
Catch ex As Exception
MessageBox.Show(ex.ToString)
End Try
Return members
End Function
Microsoft .NET Framework provides a standard library for working with Active Directory: System.DirectoryServices namespace in the System.DirectoryServices.dll.
Microsoft recommends using two main classes from the System.DirectoryServices namespace: DirectoryEntry and DirectorySearcher. In most cases, it is enough to use DirectorySearcher class only.
UPDATE: I tested it on my machine - it works. But maybe I've misunderstood
your question.
Here is an example from an excellent CodeProject article:
Get a list of users belonging to a particular AD group
using System.DirectoryServices;
ArrayList GetADGroupUsers(string groupName)
{
SearchResult result;
DirectorySearcher search = new DirectorySearcher();
search.Filter = String.Format("(cn={0})", groupName);
search.PropertiesToLoad.Add("member");
result = search.FindOne();
ArrayList userNames = new ArrayList();
if (result != null)
{
for (int counter = 0; counter <
result.Properties["member"].Count; counter++)
{
string user = (string)result.Properties["member"][counter];
userNames.Add(user);
}
}
return userNames;
}
You should be able to find this information inside the "member"
attribute on the DirectoryEntry
that represents the group.