Listing All Active Directory Groups
65,948
Solution 1
If you're on .NET 3.5 or newer, you can use a PrincipalSearcher
and a "query-by-example" principal to do your searching:
// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// define a "query-by-example" principal - here, we search for a GroupPrincipal
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
// find all matches
foreach(var found in srch.FindAll())
{
// do whatever here - "found" is of type "Principal" - it could be user, group, computer.....
}
If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement
Solution 2
Try filter "(objectcategory=group)" Found solution here
Solution 3
DirectoryEntry entry = new DirectoryEntry("ldap://ldap.gaurangjadia.com", "scott", "tiger");
DirectorySearcher dSearch = new DirectorySearcher(entry);
dSearch.Filter = "(&(objectClass=group))";
dSearch.SearchScope = SearchScope.Subtree;
SearchResultCollection results = dSearch.FindAll();
for (int i = 0; i < results.Count; i++) {
DirectoryEntry de = results[i].GetDirectoryEntry();
//TODO with "de"
}
Related videos on Youtube
Comments
-
cymorg over 4 years
The following code lists some, but not all, Active Directory Groups. Why?
I am trying to list all security groups, distribution groups, computer groups etc. Have I specified the wrong
objectClass
?private static void ListGroups() { DirectoryEntry objADAM = default(DirectoryEntry); DirectoryEntry objGroupEntry = default(DirectoryEntry); DirectorySearcher objSearchADAM = default(DirectorySearcher); SearchResultCollection objSearchResults = default(SearchResultCollection); SearchResult myResult=null; objADAM = new DirectoryEntry(LDAP); objADAM.RefreshCache(); objSearchADAM = new DirectorySearcher(objADAM); objSearchADAM.Filter = "(&(objectClass=group))"; objSearchADAM.SearchScope = SearchScope.Subtree; objSearchResults = objSearchADAM.FindAll(); // Enumerate groups try { fileGroups.AutoFlush = true; if (objSearchResults.Count != 0) { foreach (SearchResult objResult in objSearchResults) { myResult = objResult; objGroupEntry = objResult.GetDirectoryEntry(); Console.WriteLine(objGroupEntry.Name); fileGroups.WriteLine(objGroupEntry.Name.Substring(3)); } } else { throw new Exception("No groups found"); } } catch (PrincipalException e) { fileErrorLog.AutoFlush = true; fileErrorLog.WriteLine(e.Message + " " + myResult.Path); } catch (Exception e) { throw new Exception(e.Message); } }
-
cymorg over 12 yearsSorry Sergey, same result, not all groups listed. Answer from marc_s seems to work (provided you are on .NET 3.5 or higher).
-
El Asiduo over 7 yearsThe link is broken
-
VAAA almost 7 yearsHi What is GetRootDirectoryEntry?
-
David Bentley over 6 yearsI would encapsulate
PrincipalContext
,GroupPrincipal
, andPrincipalSearcher
in using blocks since they are disposable. -
JohnB over 5 yearsThis did not give me the right results, but marc_s solution did.
-
JohannesB about 4 yearsBe careful with this as stated in this blogpost, the
GetDirectoryEntry()
will load ALL properties, including the ones you don't need