Enumerating Users and Groups
To enumerate members of a group, search Active Directory Lightweight Directory Services (AD LDS) using a filter to limit the type of object selected and then use the appropriate techniques shown in the following example code.
For more information about filtering a query, see Creating a Query Filter.
The following Visual Basic Scripting Edition code example uses the GetObject function to bind to an organizationalUnit object, uses the Filter property to select group objects, outputs the name of each group present, and uses the Members method to output each member of each group.
' Enumerate AD LDS groups and group members.
Option Explicit
Dim objADAM ' Binding object.
Dim objGroup ' Group object.
Dim objMember ' Member object.
Dim strPath ' Binding path.
' Construct the binding string.
strPath = "LDAP://localhost:389/OU=TestOU,O=Fabrikam,C=US"
WScript.Echo "Bind to: " & strPath
WScript.Echo "Enum: Groups and members"
On Error Resume Next
' Bind to object.
Set objADAM = GetObject(strPath)
' Output error if bind fails.
If Err.Number <> vbEmpty Then
WScript.Echo "Error: Bind failed."
WScript.Quit
End If
' Enumerate groups and members.
objADAM.Filter = Array("group")
For Each objGroup in objADAM
WScript.Echo "Group: " & objGroup.Name
For Each objMember in objGroup.Members
WScript.Echo " Member: " & objMember.Name
Next
Next
' Output success or error.
If Err.Number <> vbEmpty Then
WScript.Echo "Error: Enumeration failed."
Else
WScript.Echo "Success: Enumeration complete."
End If
The following Visual Basic .NET code example uses the DirectoryEntry constructor to bind to an organizationalUnit object, uses the Filter property of a DirectorySearcher object to select group objects, outputs the name of each group present, and uses the member property to output each member of each group.
Imports System
Imports System.DirectoryServices
Namespace ADAM_Examples
Class EnumMembers
'/ <summary>
'/ Enumerate AD LDS groups and group members.
'/ </summary>
<STAThread()> Shared Sub Main()
Dim objADAM As DirectoryEntry ' Binding object.
Dim objGroupEntry As DirectoryEntry ' Group Results.
Dim objSearchADAM As DirectorySearcher ' Search object.
Dim objSearchResults As SearchResultCollection ' Results collection.
Dim strPath As String ' Binding path.
' Construct the binding string.
strPath = "LDAP://localhost:389/OU=TestOU,O=Fabrikam,C=US"
Console.WriteLine("Bind to: {0}", strPath)
Console.WriteLine("Enum: Groups and members.")
' Get the AD LDS object.
Try
objADAM = New DirectoryEntry(strPath)
objADAM.RefreshCache()
Catch e As Exception
Console.WriteLine("Error: Bind failed.")
Console.WriteLine(" {0}", e.Message)
Return
End Try
' Get search object, specify filter and scope,
' perform search.
Try
objSearchADAM = New DirectorySearcher(objADAM)
objSearchADAM.Filter = "(&(objectClass=group))"
objSearchADAM.SearchScope = SearchScope.Subtree
objSearchResults = objSearchADAM.FindAll()
Catch e As Exception
Console.WriteLine("Error: Search failed.")
Console.WriteLine(" {0}", e.Message)
Return
End Try
' Enumerate groups and members.
Try
If objSearchResults.Count <> 0 Then
Dim objResult As SearchResult
For Each objResult In objSearchResults
objGroupEntry = objResult.GetDirectoryEntry()
Console.WriteLine("Group {0}", objGroupEntry.Name)
Dim objMember As Object
For Each objMember _
In objGroupEntry.Properties("member")
Console.WriteLine(" Member: {0}", _
objMember.ToString())
Next objMember
Next objResult
Else
Console.WriteLine("Results: No groups found.")
End If
Catch e As Exception
Console.WriteLine("Error: Enumerate failed.")
Console.WriteLine(" {0}", e.Message)
Return
End Try
Console.WriteLine("Success: Enumeration complete.")
Return
End Sub 'Main
End Class 'EnumMembers
End Namespace 'ADAM_Examples
The following C# code example uses the DirectoryEntry constructor to bind to an organizationalUnit object, uses the Filter property of a DirectorySearcher object to select group objects, outputs the name of each group present, and uses the member property to output each member of each group.
using System;
using System.DirectoryServices;
namespace ADAM_Examples
{
class EnumMembers
{
/// <summary>
/// Enumerate AD LDS groups and group members.
/// </summary>
[STAThread]
static void Main()
{
DirectoryEntry objADAM; // Binding object.
DirectoryEntry objGroupEntry; // Group Results.
DirectorySearcher objSearchADAM; // Search object.
SearchResultCollection objSearchResults; // Results collection.
string strPath; // Binding path.
// Construct the binding string.
strPath = "LDAP://localhost:389/OU=TestOU,O=Fabrikam,C=US";
Console.WriteLine("Bind to: {0}", strPath);
Console.WriteLine("Enum: Groups and members.");
// Get the AD LDS object.
try
{
objADAM = new DirectoryEntry(strPath);
objADAM.RefreshCache();
}
catch (Exception e)
{
Console.WriteLine("Error: Bind failed.");
Console.WriteLine(" {0}", e.Message);
return;
}
// Get search object, specify filter and scope,
// perform search.
try
{
objSearchADAM = new DirectorySearcher(objADAM);
objSearchADAM.Filter = "(&(objectClass=group))";
objSearchADAM.SearchScope = SearchScope.Subtree;
objSearchResults = objSearchADAM.FindAll();
}
catch (Exception e)
{
Console.WriteLine("Error: Search failed.");
Console.WriteLine(" {0}", e.Message);
return;
}
// Enumerate groups and members.
try
{
if (objSearchResults.Count != 0)
{
foreach(SearchResult objResult in objSearchResults)
{
objGroupEntry = objResult.GetDirectoryEntry();
Console.WriteLine("Group {0}",
objGroupEntry.Name);
foreach(object objMember
in objGroupEntry.Properties["member"])
{
Console.WriteLine(" Member: {0}",
objMember.ToString());
}
}
}
else
{
Console.WriteLine("Results: No groups found.");
}
}
catch (Exception e)
{
Console.WriteLine("Error: Enumerate failed.");
Console.WriteLine(" {0}", e.Message);
return;
}
Console.WriteLine("Success: Enumeration complete.");
return;
}
}
}
The Active Directory Service Interfaces (ADSI) has three enumerator helper functions that you can use from C++ to enumerate objects in AD LDS. For more information, see Enumeration Helper Functions.