Enumerate members of Administrators Group (AD)

B

BH Jodo Kast

Hi,

I found this handy script and I'm trying to convert it to VB.NET. It
pops up a list of members in the Administrators/Builtin group. Can't
seem to get DirectorySearcher or DirectoryEntry working similar to
this. Run this as a VBS script to see:

Option Explicit
Dim strUser, strMember, strDNSDomain, strContainer
Dim objGroup, objUser, objRootDSE
Dim arrMemberOf

' Bind to Active Directory'
strContainer = "cn=Administrators,cn=Builtin, "
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

' Get the Builtin Administrators group
Set objGroup = GetObject ("LDAP://"& strContainer & strDNSDomain)
objGroup.getInfo

arrMemberOf = objGroup.GetEx("member")

' Loop = For Each .... Next
WScript.Echo "Members of Group " & strContainer
For Each strMember in arrMemberOf
WScript.echo strMember
Next

Wscript.Quit

Thanks for your help!
 
V

vbnetdev

Imports System.DirectoryServices
Imports System.Diagnostics
Imports System.Runtime.InteropServices
Imports ActiveDs

Private Sub cmdQuery_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles cmdQuery.Click
Dim objMembers As Object = Nothing
Dim collMembers As IADsMembers = Nothing
Dim iadsMember As IADsUser
Dim strServerName As String

Dim de As New DirectoryEntry()
Try
strServerName = "SERVER"
de.Username = "Username"
de.Password = "Password"
de.AuthenticationType = AuthenticationTypes.Secure
de.Path = "LDAP://" & strServerName & "/CN=Domain
Admins,CN=Users,DC=DomainName,DC=local"

' Invoke native method "members"
objMembers = de.Invoke("Members")
collMembers = CType(objMembers, IADsMembers)
collMembers.Filter = "user"
For Each iadsMember In collMembers
Debug.WriteLine("Name = " & iadsMember.Name)
Next

Catch ex As COMException
Debug.WriteLine("**Exception**" & vbCrLf & ex.ToString)
End Try
End Sub
 
B

BH Jodo Kast

Namespace or Type 'ActiveDs' for Imports ActiveDs cannot be found
Type IADsMembers not defined
Type IADsUsers not defined

What's ActiveDs?
 
B

BH Jodo Kast

Interop.ActiveDs

I added this COM reference. It's the "Active DS IIS Namespace
Provider" in Visual Studio.
 
V

vbnetdev

your local domain name....

your local extension.

So if your active directory is called

TEST.DS

DC=TEST
DC=DS
 
B

BH Jodo Kast

Tried various server names. Not working for me.

LDAP://" & strServerName & "/CN=Domain
Admins,CN=Users,DC=DomainName,DC=local"

The script above references RootDSE. It references a domain, not a
server:
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

where I get: DC=website,DC=corp,DC=websiteusa,DC=com

Thanks for your response anyway!
 
B

BH Jodo Kast

DC=website,DC=corp,DC=websiteusa,DC=com

does not work. This is the domain used in the VBS script above, but
when I use it for .NET it raises an exception.

(names changed to protect the innocent :)
 
B

BH Jodo Kast

"LDAP://DC=website,DC=corp,DC=websiteusa,DC=com/CN=Domain
Admins,CN=Users,DC=DomainName,DC=local"

Path used. Works fine in the script... strange!
 
B

BH Jodo Kast

BTW This works fine:

Dim oDirent As DirectoryEntry = New
DirectoryEntry("LDAP://DC=website,DC=corp,DC=websiteusa,DC=com")
Dim oent As DirectoryEntry
For Each oent In oDirent.Children
Response.Write(oent.Name & ":" & oent.SchemaClassName &
"<BR>")
Next

The LDAP specified is a valid domain. I'm not working with servers at
this point.

This code works, but I'm looking for the members of the Administrator
group, not a list of all groups.

Thanks for your time!
 
V

vbnetdev

"LDAP://" & strServerName & "/CN=Domain
Admins,CN=Users,DC=DomainName,DC=local"

Note the "Domain Admins" name.
 
B

BH Jodo Kast

This is the line it stops at:

objMembers = de.Invoke("Members")

Error Msg:
**Exception** System.Runtime.InteropServices.COMException (0x80005000):
Unknown error (0x80005000) at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_NativeObject() at
System.DirectoryServices.DirectoryEntry.Invoke(String methodName,
Object[] args) at pgSrvrBuild.LDAPtest.Page_Load(Object sender,
EventArgs e) in
\\webserver.com\wwwroot$\web\Test2\LDAPtest.aspx.vb:line 53
 
V

vbnetdev

Try this....

Dim myOU As DirectoryEnTry = New DirectoryEnTry(LDAP://ou=Domain
Admins,dc=DOMAIN,dc=EXT)

Dim dsUsers As DirectorySearcher = New DirectorySearcher(myOU)

dsUsers.SearchScope = SearchScope.Subtree
dsUsers.Filter = "(objectCategory=Person)"

dsUsers.PropertiesToLoad.Add("displayName")
dsUsers.PropertiesToLoad.Add("givenName")
dsUsers.PropertiesToLoad.Add("sn")

Dim oSR As SearchResult
For Each oSR In dsUsers.FindAll()
Debug.Writeline(oSR.Properties("displayName"¨)(0).ToString()
Next
 
B

BH Jodo Kast

Tested your new script. Added quotes around the LDAP directory name.
Results are:
"TEST**Exception** System.Runtime.InteropServices.COMException
(0x80072030): There is no such object on the server at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_AdsObject() at
System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne) at
System.DirectoryServices.DirectorySearcher.FindAll() at "

Right now not looking for "ou=Domain Admins" I am looking for
"cn=Administrators,cn=Builtin," I changed your code to:
"LDAP://cn=Administrators,cn=Builtin,dc=DOMAIN,dc=EXT" ... no Error,
but no results.

After debugging, looks like the filter is removing all the results?
Removed the filter. Still removing results. Commented out the
"PropertiesToLoad"... no luck.

Using the VBS script above, I get 4 admins for Administrators/Builtin.
 
V

vbnetdev

Dim myOU As DirectoryServices.DirectoryEntry = New
DirectoryServices.DirectoryEntry("LDAP://cn=Domain
Admins,cn=Users,dc=DOMAIN,dc=EXT")
Dim dsUsers As DirectoryServices.DirectorySearcher = New
DirectoryServices.DirectorySearcher(myOU)
dsUsers.SearchScope = DirectoryServices.SearchScope.Subtree
dsUsers.Filter = "(objectCategory=Person)"
dsUsers.PropertiesToLoad.Add("displayName")
dsUsers.PropertiesToLoad.Add("givenName")
dsUsers.PropertiesToLoad.Add("sn")
Dim oSR As DirectoryServices.SearchResult
For Each oSR In dsUsers.FindAll()
Debug.WriteLine(oSR.Properties("displayName")(0).ToString())
Next
 
B

BH Jodo Kast

Same error as before. Here's what I'm trying to do:

strContainer = "cn=Administrators,cn=Builtin, "
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
'This gives me the DC=, DC=, etc.
'This is important because sometimes my domain controller for Active
Directory changes.

Set objGroup = GetObject ("LDAP://"& strContainer & strDNSDomain)
objGroup.getInfo

arrMemberOf = objGroup.GetEx("member")
'Each member is added to the array...

' Loop = For Each .... Next
WScript.Echo "Members of Group " & strContainer
For Each strMember in arrMemberOf
WScript.echo strMember
'This shows all 4 members in the array.

Re: your code, I appreciate your help. What does this refer to?
"cn=Domain Admins,cn=Users" Does not correlate with my VBS script.

Also, this:
dsUsers.PropertiesToLoad.Add("displayName")
dsUsers.PropertiesToLoad.Add("givenName")
dsUsers.PropertiesToLoad.Add("sn")
Not sure what this does.
 
V

vbnetdev

Try This. In ou put the organizationunit you put your people in.dc is the
name of your local server domain. dc is the extension.

If you don't have any organizational units (if not we need to talk some
more) then this path changes to cn=users.

e.g. My server domain is JJP and its extension is ds thus its name is JJP.ds

domain = JJP

dc=ext

So your line roughly translated is
Dim myOU As DirectoryServices.DirectoryEntry = New
DirectoryServices.DirectoryEntry("LDAP://ou=" & organizaionalunit & ",dc=" &
domain & ",dc=" & ext)



Dim myOU As DirectoryServices.DirectoryEntry = New
DirectoryServices.DirectoryEntry("LDAP://ou=organizaionalunit,dc=domain,dc=ds")
Dim dsUsers As DirectoryServices.DirectorySearcher = New
DirectoryServices.DirectorySearcher(myOU)
dsUsers.SearchScope = DirectoryServices.SearchScope.Subtree
dsUsers.Filter = "(objectCategory=Person)"
dsUsers.PropertiesToLoad.Add("displayName")
dsUsers.PropertiesToLoad.Add("givenName")
dsUsers.PropertiesToLoad.Add("sn")
dsUsers.PropertiesToLoad.Add("memberof")

Dim oSR As DirectoryServices.SearchResult

For Each oSR In dsUsers.FindAll()

If oSR.Properties.Item("memberof").Count > -1 Then
Dim i As Integer
For i = 0 To oSR.Properties.Item("memberof").Count - 1
If
oSR.Properties.Item("memberof").Item(i).ToString.IndexOf("Administrator")
-1 Then
Click to expand...
MsgBox(oSR.Properties.Item("displayName").Item(0))
Exit For
End If
Next
End If

Next
 
B

BH Jodo Kast

Ok, the first lines I have translated are:

Dim strDomain As String
Dim rootds As New DirectoryEntry("LDAP://rootDSE")
strDomain = rootds.Properties("DefaultNamingContext")(0) 'get the name
of the domain
Dim root As New System.DirectoryServices.DirectoryEntry("LDAP://" &
strDomain)

So far so good!

Re your code, what does this mean?
dsUsers.PropertiesToLoad.Add("displayName")
dsUsers.PropertiesToLoad.Add("givenName")
dsUsers.PropertiesToLoad.Add("sn")
dsUsers.PropertiesToLoad.Add("memberof")
This code is unwarranted.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Listing sAMAccountName when listing Group Membership 2
Scripting against AD 2
Please proof this script for me 2
createtimestamp 4
Array Limit 2
Script to create Computer Accounts 2
0x80070005 (E_ACCESSDENIED)) when i add a user to a group 1
Array again limit 7

Top