Getting local admin groups and users on a windows server using ADSI

[shashank kadge]

hi all,
i am trying to get local admin users and groups on a windows server.
here is the C# code that i am using
***************************************************************************************************
DirectoryEntry AD = new DirectoryEntry("WinNT://" + sServerName +
",Computer",UserName,Password);
DirectoryEntry admGroup = AD.Children.Find("Administrators", "Group");
object members = admGroup.Invoke("Members", null);

foreach(object member in (System.Collections.IEnumerable)members)
{
DirectoryEntry user_groups = new DirectoryEntry(member);
// do some work.
}
******************************************************************************************************

I have 2 issues here.
1. Its not getting all the local users and groups from the
Administrators group on the box.
2. How does it know which domain to look for with just "WinNT://" +
servername.... i have 2 domains, test and production and both domains
have same server names. i.e there is a AppServer in each of the test
and production domain.
3. Is there a different syntax to tell the DirectoryEntry object to
look at a particular server on a particular domain?

thanks,
shashank kadge

 

[Willy Denoyette [MVP]]

hi all,
i am trying to get local admin users and groups on a windows server.
here is the C# code that i am using
***************************************************************************************************
DirectoryEntry AD = new DirectoryEntry("WinNT://" + sServerName +
",Computer",UserName,Password);
DirectoryEntry admGroup = AD.Children.Find("Administrators", "Group");
object members = admGroup.Invoke("Members", null);

foreach(object member in (System.Collections.IEnumerable)members)
{
DirectoryEntry user_groups = new DirectoryEntry(member);
// do some work.
}
******************************************************************************************************

I have 2 issues here.
1. Its not getting all the local users and groups from the
Administrators group on the box.
2. How does it know which domain to look for with just "WinNT://" +
servername.... i have 2 domains, test and production and both domains
have same server names. i.e there is a AppServer in each of the test
and production domain.
3. Is there a different syntax to tell the DirectoryEntry object to
look at a particular server on a particular domain?

All your questions are pretty well explained in the DirectoryEntry description in the MSDN
docs, search for "DirectoryEntry" and follow the "Path" property description.

Willy.

 

[shashank kadge]

All your questions are pretty well explained in the DirectoryEntry description in the MSDN
docs, search for "DirectoryEntry" and follow the "Path" property description.

Willy.- Hide quoted text -

- Show quoted text -

thanks for the link.
i tried using the syntax on msdn but no luck.
i would appreciate if some1 can get some code or suggest a
modification on my code.

thanks,
shashank kadge

 

[Willy Denoyette [MVP]]

All your questions are pretty well explained in the DirectoryEntry description in the MSDN
docs, search for "DirectoryEntry" and follow the "Path" property description.

Willy.- Hide quoted text -

- Show quoted text -

thanks for the link.
i tried using the syntax on msdn but no luck.
i would appreciate if some1 can get some code or suggest a
modification on my code.

thanks,
shashank kadge

Because you have the same machine names in both domains, you'll have to set the IP address
instead of the machine name in the path.
And because you are binding using the WinNT provider, you'll have to set a reference to
activeds.tlb (%Windir%system32)
Here's a small sample...

...
string groupName = "administrators";
IADsMembers MembersCollection = null;
using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://xxx.xxx.xxx.xxx/" +
groupName + ",group","Administrator", "pwd",
AuthenticationTypes.Secure))
{
// invoke native method "members"
MembersCollection = groupEntry.Invoke("Members") as IADsMembers;
object[] filter = {"User", "Group"};
MembersCollection.Filter = filter;
foreach (object obj in MembersCollection)
{
IADsGroup group = obj as IADsGroup;
if(group != null)
Console.WriteLine("group Name: {0}", group.Name);
//this is a group, so recurse to get the members of this group....
else
{
IADsUser user = obj as IADsUser;
Console.WriteLine("User Name: {0}", user.Name );
}
}
}


Willy.

 

[shashank kadge]

All your questions are pretty well explained in the DirectoryEntry description in the MSDN
docs, search for "DirectoryEntry" and follow the "Path" property description.

Willy.- Hide quoted text -

- Show quoted text -

thanks for the link.
i tried using the syntax on msdn but no luck.
i would appreciate if some1 can get some code or suggest a
modification on my code.

thanks,
shashank kadge

Because you have the same machine names in both domains, you'll have to set the IP address
instead of the machine name in the path.
And because you are binding using the WinNT provider, you'll have to set a reference to
activeds.tlb (%Windir%system32)
Here's a small sample...

..
string groupName = "administrators";
IADsMembers MembersCollection = null;
using(DirectoryEntry groupEntry = new DirectoryEntry("WinNT://xxx.xxx..xxx.xxx/" +
groupName + ",group","Administrator", "pwd",
AuthenticationTypes.Secure))
{
// invoke native method "members"
MembersCollection = groupEntry.Invoke("Members") as IADsMembers;
object[] filter = {"User", "Group"};
MembersCollection.Filter = filter;
foreach (object obj in MembersCollection)
{
IADsGroup group = obj as IADsGroup;
if(group != null)
Console.WriteLine("group Name: {0}", group.Name);
//this is a group, so recurse to get the members of this group....
else
{
IADsUser user = obj as IADsUser;
Console.WriteLine("User Name: {0}", user.Name );
}
}
}

Willy.- Hide quoted text -

- Show quoted text -

Yeah, that helps.
Thanks for all the help Willy.

-
shashank kadge