Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » How to enumerate a domain group using LDAP?
How to enumerate a domain group using LDAP? [message #337651] Mon, 07 December 2009 14:38 Go to next message
Xiao  is currently offline Xiao
Messages: 565
Registered: July 2009
Senior Member
I am trying to use LDAP to list the members of a domain local group.
MSDN has an example:
http://msdn.microsoft.com/en-us/library/ms180906%28VS.80%29. aspx

I have converted the C# example to VB.NET. When I use VB.NET 2005 and
try to run the example I get the error "There is no such object on the
server.". If I look at the returned object "objgroup",(while in the
debugger) it appears to not contain any data. I have tried several
different LDAP queries shown below and get the same results. Can someone
tell me what I am doing wrong?

Dim objgroup As DirectoryEntry = New DirectoryEntry
(" LDAP://borg2.chem.xxx.edu/CN=grpUGSShareReadWrite,DC=chem,DC =xxx,DC=ed
u", <username>, <password>, AuthenticationTypes.Secure)

For Each dn As Object In objgroup.Properties("member")
MsgBox("Value = " & dn)
Next

Where "grpUGSShareReadWrite" is the name of the group. The group is
located in a nested OU ChemDepartment->ChemUsers. I have also tried the
following LDAP string:

LDAP://borg2.chem.xxx.edu/CN=grpUGSShareReadWrite,OU=ChemDep artment,OU=C
hemUsers,DC=chem,DC=xxx,DC=edu

The username and password I am using is a normal user that is a member
of the group. I have also tried using the administrator password. The
server is a Windows 2003 Server. I am running the LDAP code on a Windows
XP computer.
Thank you.

John
Re: How to enumerate a domain group using LDAP? [message #337858 is a reply to message #337651] Mon, 07 December 2009 18:24 Go to previous message
Joe Kaplan  is currently offline Joe Kaplan  United States
Messages: 88
Registered: July 2009
Member
If you are going to use that type of path syntax that uses the full DN, you
have to know the actual DN of the group. Guessing won't help. It is
generally a better idea to find the group via a search first and then once
you've found it, you find the full path from that.

You might be better served using the
System.DirectoryServices.AccountManagement namespace in .NET 3.5. You can
easily find objects by known identifiers like their names and then use the
API to enumerate the members of the group very easily. Having strongly typed
objects for things like GroupPrincipal makes this much easier than with
S.DS. You end up needing to know much less about how the directory works and
is laid out.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"John Peterson" <nospam@nospam.com> wrote in message
news:MPG.258715b435e8419f98968a@news.giganews.com...
>I am trying to use LDAP to list the members of a domain local group.
> MSDN has an example:
> http://msdn.microsoft.com/en-us/library/ms180906%28VS.80%29. aspx
>
> I have converted the C# example to VB.NET. When I use VB.NET 2005 and
> try to run the example I get the error "There is no such object on the
> server.". If I look at the returned object "objgroup",(while in the
> debugger) it appears to not contain any data. I have tried several
> different LDAP queries shown below and get the same results. Can someone
> tell me what I am doing wrong?
>
> Dim objgroup As DirectoryEntry = New DirectoryEntry
> (" LDAP://borg2.chem.xxx.edu/CN=grpUGSShareReadWrite,DC=chem,DC =xxx,DC=ed
> u", <username>, <password>, AuthenticationTypes.Secure)
>
> For Each dn As Object In objgroup.Properties("member")
> MsgBox("Value = " & dn)
> Next
>
> Where "grpUGSShareReadWrite" is the name of the group. The group is
> located in a nested OU ChemDepartment->ChemUsers. I have also tried the
> following LDAP string:
>
> LDAP://borg2.chem.xxx.edu/CN=grpUGSShareReadWrite,OU=ChemDep artment,OU=C
> hemUsers,DC=chem,DC=xxx,DC=edu
>
> The username and password I am using is a normal user that is a member
> of the group. I have also tried using the administrator password. The
> server is a Windows 2003 Server. I am running the LDAP code on a Windows
> XP computer.
> Thank you.
>
> John
>
Previous Topic:Permissions on Shared Folders
Next Topic:Assigning software using GPO
Goto Forum:
  


Current Time: Sat Jan 20 08:29:11 MST 2018

Total time taken to generate the page: 0.04037 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software