Listing All Active Directory Groups

Asked 12/12, 2011 at 13:1 Answered 9/1, 2019 at 12:8

Solved c#active-directory ldap active-directory-group

The following code lists some, but not all, Active Directory Groups. Why?

I am trying to list all security groups, distribution groups, computer groups etc. Have I specified the wrong objectClass?

private static void ListGroups()
{
    DirectoryEntry objADAM = default(DirectoryEntry);
    DirectoryEntry objGroupEntry = default(DirectoryEntry);
    DirectorySearcher objSearchADAM = default(DirectorySearcher);
    SearchResultCollection objSearchResults = default(SearchResultCollection);
    SearchResult myResult=null;

    objADAM = new DirectoryEntry(LDAP);
    objADAM.RefreshCache();
    objSearchADAM = new DirectorySearcher(objADAM);
    objSearchADAM.Filter = "(&(objectClass=group))";
    objSearchADAM.SearchScope = SearchScope.Subtree;
    objSearchResults = objSearchADAM.FindAll();

    // Enumerate groups 
    try
    {
        fileGroups.AutoFlush = true;
        if (objSearchResults.Count != 0)
        {
            foreach (SearchResult objResult in objSearchResults)
            {
                myResult = objResult;
                objGroupEntry = objResult.GetDirectoryEntry();
                Console.WriteLine(objGroupEntry.Name);
                fileGroups.WriteLine(objGroupEntry.Name.Substring(3));
            }
        }
        else
        {
            throw new Exception("No groups found");
        }  
    } 
    catch (PrincipalException e)
    {
        fileErrorLog.AutoFlush = true;
        fileErrorLog.WriteLine(e.Message + " " + myResult.Path);
    }
    catch (Exception e)
    {
        throw new Exception(e.Message);
    }
}

Swingle answered 12/12, 2011 at 13:1 Comment(0)

If you're on .NET 3.5 or newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a GroupPrincipal 
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

Sharasharai answered 12/12, 2011 at 13:39 Comment(1)

I would encapsulate PrincipalContext, GroupPrincipal, and PrincipalSearcher in using blocks since they are disposable. – Delanie 22/9, 2017 at 14:7

Try filter "(objectcategory=group)" Found solution here

Bowles answered 12/12, 2011 at 13:4 Comment(2)

Sorry Sergey, same result, not all groups listed. Answer from marc_s seems to work (provided you are on .NET 3.5 or higher). – Swingle 12/12, 2011 at 14:15

The link is broken – Morava 23/11, 2016 at 16:6

DirectoryEntry entry = new DirectoryEntry("ldap://ldap.gaurangjadia.com", "scott", "tiger");

DirectorySearcher dSearch = new DirectorySearcher(entry);
dSearch.Filter = "(&(objectClass=group))";
dSearch.SearchScope = SearchScope.Subtree;

SearchResultCollection results = dSearch.FindAll();

for (int i = 0; i < results.Count; i++) {
    DirectoryEntry de = results[i].GetDirectoryEntry();

    //TODO with "de"
}

Lattice answered 5/2, 2014 at 21:45 Comment(2)

This did not give me the right results, but marc_s solution did. – Synaeresis 11/10, 2018 at 22:31

Be careful with this as stated in this blogpost, the GetDirectoryEntry() will load ALL properties, including the ones you don't need – Achromatize 4/3, 2020 at 14:51

I tried this and it worked

    public ArrayList GetAllGroupNames(string ipAddress, string ouPath)
    {
        DirectorySearcher deSearch = new DirectorySearcher();
        deSearch.SearchRoot = GetRootDirectoryEntry(ipAddress, ouPath);
        deSearch.Filter = "(&(objectClass=group))";
        SearchResultCollection results = deSearch.FindAll();
        if (results.Count > 0)
        {
            ArrayList groupNames = new ArrayList();

            foreach (SearchResult group in results)
            {
                var entry = new DirectoryEntry(group.Path, UserName, Password);
                string shortName = entry.Name.Substring(3, entry.Name.Length - 3);
                groupNames.Add(shortName);
            }

            return groupNames;
        }
        else
        {
            return new ArrayList();
        }
    }

    private DirectoryEntry GetRootDirectoryEntry(string ipAddress, string domainPath, string username, string password)
    {
        var ldapPath = "LDAP://" + ipAddress + "/" + domainPath;
        return new DirectoryEntry(ldapPath, username, password, AuthenticationTypes.Secure);
    }

Civism answered 23/2, 2015 at 11:58 Comment(1)

Hi What is GetRootDirectoryEntry? – Dacca 19/7, 2017 at 23:28

To retrieve a set of results that is larger than 1000 items, you must set SizeLimit to its default value (zero) and set PageSize to a value that is less than or equal to 1000.

objSearchADAM.PageSize = 1000;

Stepchild answered 27/12, 2018 at 13:10 Comment(0)

you can get the all ad group details by the below powershell and if you want particular Name against of AD Group then write filter instead of *

Get-ADGroup -Filter * -properties * | Export-csv c:\csv\new.csv

Matias answered 9/1, 2019 at 12:8 Comment(0)

Recommended topics

Hot tags