Re: Get SAMAccountNames for all users in an active directory group
- From: "psychrodraconic@xxxxxxxxx" <psychrodraconic@xxxxxxxxx>
- Date: Mon, 21 Jan 2008 07:57:44 -0800 (PST)
I began looking at your sample and adapting it to work for my page and
found myself running across an obscure error that I'm not certain that
I understand the meaning of.
A referral was returned from the server. 0000202B: RefErr:
DSID-031006E0, data 0, 1 access points ref 1: 'someDomain.com'
This error is thrown when the src = ds.FindAll() line is fired. Any
ideas as to what may be causing this or what I could do to resolve it?
Below is the modified procedure utilizing your sample.
Public Shared Function getGroupMembersSAMAccountName(ByVal
group As String) As ArrayList
Dim arrListSAMAccounts As New ArrayList
Dim searchRoot As DirectoryEntry = Nothing
Dim ds As DirectorySearcher = Nothing
Dim src As SearchResultCollection = Nothing
Dim adsPath As String = "LDAP://CN="; & group &
",OU=Groups,dc=" & LDAPdomain & ",dc=com"
'------ Start Impersonation ------
Dim ImpersonateContext As WindowsImpersonationContext =
Utilities.Impersonate(LDAPuser, LDAPpassword, LDAPdomain)
searchRoot = New DirectoryEntry( _
adsPath, _
LDAPdomain + "\" + LDAPuser, LDAPpassword, _
AuthenticationTypes.ServerBind _
)
Dim attribs() As String = New String()
{"distinguishedName", "sAMAccountName", "name", "mail"}
ds = New DirectorySearcher( _
searchRoot, _
"(&(objectClass=user)(objectCategory=person))", _
attribs _
)
'must be SearchScope.Base
ds.SearchScope = SearchScope.Base
'we choose any DN-type attribute
ds.AttributeScopeQuery = "member"
src = ds.FindAll()
For Each sr As SearchResult In src
For Each s As String In attribs
If sr.Properties.Contains(s) Then
arrListSAMAccounts.Add(s & ": " &
sr.Properties(s)(0))
End If
Next
Next
'------ End Impersonation ------
ImpersonateContext.Undo()
Return arrListSAMAccounts
End Function
On Jan 20, 10:59 pm, "Joe Kaplan"
<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Yep, this is a good use for attribute scope query. There is a .NET code
sample from ch. 5 of our book which can be downloaded from our book's
website (see link below).
Most of the time, in situations where you could to an ASQ, you can simply do
the search "backwards". For example, you can search forallobjects that
have memberOf = the DN of thegroupin question and return the
sAMAccountName and this will do the same basic thing as an ASQ would.
Joe K.
--
Joe Kaplan-MS MVPDirectoryServices Programming
Co-author of "The .NET Developer's Guide toDirectoryServices Programming"http://www.directoryprogramming.net
--
"Dean Wells (MVP)" <dwe...@xxxxxxxxxxxxxxxxxxxxx> wrote in messagenews:%23H2SWgsWIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
Do some digging on an LDAP control/feature called 'attribute scoped
queries' ... this will do as you ask in a single (from the client-side at
least) query.
--
Dean Wells [MVP /DirectoryServices]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R a m o v e t h e m a s k t o s e n d e m a i l
<psychrodraco...@xxxxxxxxx> wrote in message
news:c8a43f19-50d0-48ee-b655-58f14e1f5e98@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am trying togeta list of NT Login Names (SAMAccountNames) for the
usersthat belong to anactivedirectorygroup. I have a function
that is used for receiving a list of the members of agroup. This
works perfectly for getting the members. However, not so much for
getting theSAMAccountNames. Could anyone give me any guidance on how
togetthe account names for agroupinactivedirectory?
Below is a sample method for getting the members for thatgroup.
Public Shared Function getGroupMembers(ByValgroupAs String)
As ArrayList
Dim Members As ArrayList = New ArrayList()
Dim _path As String =
ConfigurationManager.AppSettings("ADConnectionString")
'------ Start Impersonation ------
Dim ImpersonateContext As WindowsImpersonationContext =
Utilities.Impersonate(LDAPuser, LDAPpassword, LDAPdomain)
'------ Start running code -------
Dim entry As DirectoryEntry = New DirectoryEntry(_path,
LDAPdomain + "\" + LDAPuser, LDAPpassword,
AuthenticationTypes.ServerBind)
Dim search As DirectorySearcher = New
DirectorySearcher(entry)
search.Filter = "(cn=" &group& ")"
search.PropertiesToLoad.Add("member")
Dim result As SearchResult = search.FindOne()
If Not (result Is Nothing) Then
Dim propertyCount As Integer =
result.Properties("member").Count
Dim equalsIndex, commaIndex As Integer
Dim user As String
For counter As Integer = 0 To propertyCount - 1
user = result.Properties("member")
(counter).ToString
equalsIndex = user.IndexOf("=", 1)
commaIndex = user.IndexOf(",", 1)
If Not (equalsIndex = -1) Then
Members.Add(user.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1))
End If
Next
End If
'------ End Impersonation ------
ImpersonateContext.Undo()
Members.Sort()
Return Members
End Function
.
- Follow-Ups:
- Re: Get SAMAccountNames for all users in an active directory group
- From: Joe Kaplan
- Re: Get SAMAccountNames for all users in an active directory group
- References:
- Get SAMAccountNames for all users in an active directory group
- From: psychrodraconic@xxxxxxxxx
- Re: Get SAMAccountNames for all users in an active directory group
- From: Dean Wells \(MVP\)
- Re: Get SAMAccountNames for all users in an active directory group
- From: Joe Kaplan
- Get SAMAccountNames for all users in an active directory group
- Prev by Date: Complex passwords
- Next by Date: Re: Uupgrade to Server 2003 R2 AD
- Previous by thread: Re: Get SAMAccountNames for all users in an active directory group
- Next by thread: Re: Get SAMAccountNames for all users in an active directory group
- Index(es):
Relevant Pages
|
Loading
