Active Directory and DirectorySearcher Filter

G

Guest

I am using DirectoryServices to get all groups and all users from active
directory. Now I want to use the filter to limit the groups and users. I
would like to remove the builtin groups. I use the code below but the built
in groups are still there. The main question is how do I construct the filter
strings. The code gives me the properties and their values. Do I use these
properties and values in the filter or is there other information I am
missing.

Code:
Dim strDomPath As String =
"LDAP://cd2k3domtest/DC=CDTESTDOM,DC=adwaresystems,DC=com"
Dim dirEnt As New DirectoryEntry(strDomPath)
Dim dsgroups As New DirectorySearcher(dirEnt)
dsgroups.SearchScope = SearchScope.Subtree
dsgroups.Filter =
"(&(objectCategory=group)(!distinguishedname=Builtin))"
Dim srGroupsCol As SearchResultCollection
Try
srGroupsCol = dsGroups.FindAll()
Catch domE As Exception
Dim str As String
str = domE.Message
End Try
Dim objarray() As String
ReDim objarray(35)
Dim arrGroup As New ArrayList

Dim srGroups As SearchResult
For Each srGroups In srGroupsCol
'will get all property names that are available
srGroups.Properties.PropertyNames.CopyTo(objarray, 0)
Dim i As Integer
For i = 0 To objarray.Length - 1
Try
Dim strPro As String = CType(objarray(i).ToString, String)
Response.Write(strPro & "  " &
srGroups.Properties(strPro).Item(0).ToString & "<br />")
Catch
End Try
Next

Response.Write("*************************************************************<br />")
Next
 
M

Marc Scheuner

I am using DirectoryServices to get all groups and all users from active
directory. Now I want to use the filter to limit the groups and users. I
would like to remove the builtin groups. I use the code below but the built
in groups are still there.
Click to expand...

As far as I know, you cannot easily remove the "built-in" groups -
there's no single attribute to identify them. All you could do is
enumerate the list of groups, and compare those to a specific fixed
list of built-in groups, and remove any of those from your
enumeration.

Also, if you could narrow your search to a subtree in your AD tree,
e.g. something like "OU=MyDepartment", then you'd definitely not find
any built-in groups under that subtree.

Marc
 
G

Guest

mark,

Thanks for your reply. I did find some attributes to work with.

In the distinguishedname attribute I looked for Builtin. Code snip below.
InStr(ccGroupResult.Properties("distinguishedname").Item(0).ToString,
"Builtin") = 0

and the attribute iscriticalsystemobject = True
UserGroupResult.Properties("iscriticalsystemobject").Item(0).ToString = "True"

but this did not find all the groups or users I wanted to get rid of so your
suggestion of a list looks like the answer.

Thank you,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

connecting problem in vb.net with ldap to active directory 4
Problem retrieving Active Directory users 1
Active Directory VB.NET 1
Properly using directorysearcher to find a user in an AD Group 3
Accessing properties in Active Directory 1
Specified cast is not valid. 6
DirectorySearcher works locally in VS2005 but not on webserver 4
searching for a user in active directory by username 1

Top