Retrieve list of roles and users from Active Directory...

  • Thread starter Thread starter Sharon McCarty
  • Start date Start date
S

Sharon McCarty

Hi There,

I'm a complete newbie. I'm wondering if it's possible in C# to
retrieve the complete list of roles in Active Directory and also a
complete list of all users from active directory. I've looked in the
Enterprise Library of Security Block but couldn't find any code that
does this (it just gets the list of roles of a specified user).. Can
someone point me into the right direction?

Thanks

Sharon
 
I'm a complete newbie. I'm wondering if it's possible in C# to
retrieve the complete list of roles in Active Directory and also a
complete list of all users from active directory. I've looked in the
Enterprise Library of Security Block but couldn't find any code that
does this (it just gets the list of roles of a specified user).. Can
someone point me into the right direction?
Click to expand...

Users, sure, no problem - but what do you mean by "roles" ?? Are you
talking about the Windows groups ? Or if not, what else? There's no
such things as a "role" per se, neither in Windows API's, nor in
Active Directory, as far as I know.

As for users: you'll need to add a reference to the
System.DirectoryServices dll to your project, and a "uses
System.DirectoryServices" statement to your .cs file. Then use a
DirectorySearcher something like this:

DirectorySearcher dsUsers = new
DirectorySearcher("LDAP://dc=yourDomain,dc=com");

dsUsers.Filter = "(&(objectClass=user)(objectCategory=user))";

dsUsers.PropertiesToLoad.Add("name");
dsUsers.PropertiesToLoad.Add("mail");
// add whatever other properties you need to have loaded

foreach(SearchResult srUser in dsUsers.FindAll())
{
Console.WriteLine("User " + srUser.Properties["name"].ToString() + "
has e-mail address " + srUser.Properties["mail"].ToString());
}

HTH
Marc
================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
Thanks for the response Marc,

I'm referring to the list of windows groups (sorry for the confusion).
Marc, is there a way to also obtain a list of users that belong to a
certain group?
I'm curious if this is within the security block of the Enterprise
Library. The thing that I managed to find within the Enterprise
Library is code retrieving the list of groups that a specified user
belongs to...

Thank you in advance

Sharon





Marc Scheuner said:
I'm a complete newbie. I'm wondering if it's possible in C# to
retrieve the complete list of roles in Active Directory and also a
complete list of all users from active directory. I've looked in the
Enterprise Library of Security Block but couldn't find any code that
does this (it just gets the list of roles of a specified user).. Can
someone point me into the right direction?
Click to expand...

Users, sure, no problem - but what do you mean by "roles" ?? Are you
talking about the Windows groups ? Or if not, what else? There's no
such things as a "role" per se, neither in Windows API's, nor in
Active Directory, as far as I know.

As for users: you'll need to add a reference to the
System.DirectoryServices dll to your project, and a "uses
System.DirectoryServices" statement to your .cs file. Then use a
DirectorySearcher something like this:

DirectorySearcher dsUsers = new
DirectorySearcher("LDAP://dc=yourDomain,dc=com");

dsUsers.Filter = "(&(objectClass=user)(objectCategory=user))";

dsUsers.PropertiesToLoad.Add("name");
dsUsers.PropertiesToLoad.Add("mail");
// add whatever other properties you need to have loaded

foreach(SearchResult srUser in dsUsers.FindAll())
{
Console.WriteLine("User " + srUser.Properties["name"].ToString() + "
has e-mail address " + srUser.Properties["mail"].ToString());
}

HTH
Marc
================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
Click to expand...
 
I'm referring to the list of windows groups (sorry for the confusion).

Okay, use the same approach, just a different filter:

dsUsers.Filter = "(&(objectClass=group)(objectCategory=Group))";
Marc, is there a way to also obtain a list of users that belong to a
certain group?
Click to expand...

Sure - bind to the group and then look at its "member" property:

DirectoryEntry deGroup = new
DirectoryEntry("LDAP://cn=yourgroup,dc=yourcompany,dc=com");

foreach(object oMember in deGroup.Properties["member"])
{
Console.WriteLine(oMember.ToString());
}

Marc
================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
Back
Top