Listing, adding, and removing users to a local or domain group
- From: jasonrawlins@xxxxxxxxx
- Date: 2 Jan 2007 08:36:29 -0800
List local users
Purpose: This code will list the users on the local machine using the
WinNT protocol.
Dim localDirectory As New DirectoryEntry("WinNT://"+
Environment.MachineName)
Dim group As New DirectoryEntry("WinNT://" + Environment.MachineName +
"/" + [group name])
For Each localUser As DirectoryEntry In localDirectory.Children
If (localUser.SchemaClassName.ToLower() = "user") Then
Dim isMember As Boolean =
Convert.ToBoolean(group.Invoke("IsMember", localUser.Path))
If isMember = True Then
ICollection.Items.Add(New ListItem(localUser.Name,
localUser.Path))
End If
End If
Next localUser
List domain users
Purpose: This will list the users in a domain.
Considerations: This could take a really long time if the user
directory is large because it searches through the whole domain. This
is an example that would need to be optimized (or not used at all) and
should really be used only as an example.
Dim domainName As String = "[Domain to search]"
Dim domainDirectory As New DirectoryEntry(domainName)
' DirectorySearcher objects can only be used for LDAP compliant
directories
Dim directorySearcher As New DirectorySearcher(domainName)
' You have to tell the searcher which properties to load explicitly.
These properties
' can be found in the Active Directory Schema. Refer to
http://msdn2.microsoft.com/en-us/library/ms675085.aspx
directorySearcher.PropertiesToLoad.AddRange(New String() {"givenName",
"sn", "userPrincipalName"})
' The filter criteria uses a LISP style syntax. Refer to
http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/ldapquery.mspx
directorySearcher.Filter =
"(&(objectCategory=person)(objectClass=user))"
Dim domainUsers As SearchResultCollection = directorySearcher.FindAll()
For Each domainUser As SearchResult In domainUsers
Dim firstName As String = ""
Dim lastName As String = ""
Dim userPrincipalName As String = ""
' These properties were added explicitly above.
If (domainUser.Properties("givenName").Count > 0) Then firstName =
domainUser.Properties("givenName")(0).ToString()
If (domainUser.Properties("sn").Count > 0) Then lastName =
domainUser.Properties("sn")(0).ToString()
If (domainUser.Properties("userPrincipalName").Count > 0) Then
userPrincipalName =
domainUser.Properties("userPrincipalName")(0).ToString()
ICollection.Items.Add(New ListItem(firstName, userPrincipalName))
Next domainUser
Add or remove a user from a local group
Purpose: This will add a user to the local directory
Considerations: 1. The user being added must be a user already on the
local machine or on a domain. However, if the user is on adomain, this
call will fail if the domain cannot be searched (i.e. the current
logged on account does not have permission to view the domain
directory)
2. To add a user to the group, you have to use a "/" instead of a "\"
' The local machine
Dim computer As New DirectoryEntry("WinNT://" +
Environment.MachineName)
Dim group As DirectoryEntry = computer.Children.Find("[group to add
to], group")
Dim user As New DirectoryEntry("WinNT://" + Username.Replace("\", "/"))
' This is likely to throw a com exception. Look at the inner exception
to find
' out which one. Most likely the user name or group you are trying to
use
'does not exists
Try
group.Invoke("Add", user.Path) [or group.Invoke("Remove", user.Path)]
Catch ex As Exception
End Try
.
- Prev by Date: Re: AD DNS design question
- Next by Date: Re: Can't find domain at logon with New DC up and original down
- Previous by thread: ADAM and IIFP
- Next by thread: Tie AD Deleted Objects to User Who Deleted Them
- Index(es):
Relevant Pages
|
